├── .github └── ISSUE_TEMPLATE │ ├── bug_report.md │ └── feature_request.md ├── files ├── sshd_config ├── profile └── sysctl.conf ├── LICENSE ├── README.md ├── linux-optimizer.sh └── scripts ├── fedora-optimizer.sh ├── centos-optimizer.sh ├── debian-optimizer.sh └── ubuntu-optimizer.sh /.github/ISSUE_TEMPLATE/bug_report.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: Bug report 3 | about: Create a report to help us improve 4 | title: "[BUG]" 5 | labels: bug 6 | assignees: hawshemi 7 | 8 | --- 9 | 10 | **Describe the bug** 11 | A clear and concise description of what the bug is. 12 | 13 | 14 | **Expected behaviour** 15 | A clear and concise description of what you expected to happen. 16 | 17 | 18 | **Logs** 19 | If applicable, could you add a log to help explain your problem? 20 | 21 | 22 | **Linux (please complete the following information):** 23 | - OS: 24 | - Version: 25 | 26 | 27 | **Additional context** 28 | Please feel free to add any other context about the problem here. 29 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/feature_request.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: Feature request 3 | about: Suggest an idea for this project 4 | title: "[SUGGESTION]" 5 | labels: enhancement 6 | assignees: '' 7 | 8 | --- 9 | 10 | **Is your feature request related to a problem? Please describe.** 11 | A clear and concise description of what the problem is. Ex. I'm always frustrated when [...] 12 | 13 | **Describe the solution you'd like** 14 | A clear and concise description of what you want to happen. 15 | 16 | **Describe alternatives you've considered** 17 | A clear and concise description of any alternative solutions or features you've considered. 18 | 19 | **Additional context** 20 | Add any other context or screenshots about the feature request here. 21 | -------------------------------------------------------------------------------- /files/sshd_config: -------------------------------------------------------------------------------- 1 | # /etc/ssh/sshd_config 2 | # The parameters in this file will be added/updated to the sshd_config file. 3 | 4 | 5 | # Allow TCP forwarding (needed for tunneling) 6 | AllowTcpForwarding yes 7 | 8 | # Maximum number of client alive messages which may be sent without receiving any messages back from the client 9 | ClientAliveCountMax 100 10 | 11 | # Sets a timeout interval in seconds (3000 secs = 50 minutes) after which if no data has been received from the client, 12 | # sshd will send a message through the encrypted channel to request a response from the client 13 | ClientAliveInterval 3000 14 | 15 | # Allow remote hosts to connect to local forwarded ports 16 | GatewayPorts yes 17 | 18 | # Allow tun device forwarding for VPN tunnelling 19 | PermitTunnel yes 20 | 21 | # Send keepalive messages to maintain session 22 | TCPKeepAlive yes 23 | 24 | # Enable X11 graphical interface forwarding 25 | X11Forwarding yes 26 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2023 Hawshemi 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /files/profile: -------------------------------------------------------------------------------- 1 | # /etc/profile 2 | # The parameters in this file will be added/updated to the profile file. 3 | 4 | 5 | # The maximum size of core files created. 6 | ulimit -c unlimited 7 | 8 | # The maximum size of a process's data segment. 9 | ulimit -d unlimited 10 | 11 | # The maximum size of files created by the shell (default option) 12 | ulimit -f unlimited 13 | 14 | # The maximum number of pending signals 15 | ulimit -i unlimited 16 | 17 | # The maximum size that may be locked into memory. 18 | ulimit -l unlimited 19 | 20 | # The maximum memory size 21 | ulimit -m unlimited 22 | 23 | # The maximum number of open file descriptors. 24 | ulimit -n 1048576 25 | 26 | # The maximum POSIX message queue size 27 | ulimit -q unlimited 28 | 29 | # The maximum stack size 30 | ulimit -s -H 65536 31 | ulimit -s 32768 32 | 33 | # The maximum number of seconds to be used by each process. 34 | ulimit -t unlimited 35 | 36 | # The maximum number of processes available to a single user. 37 | ulimit -u unlimited 38 | 39 | # The maximum amount of virtual memory available to the process. 40 | ulimit -v unlimited 41 | 42 | # The maximum number of file locks. 43 | ulimit -x unlimited 44 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Linux Optimizer 2 | 3 | ## This Bash script automates the optimization of your Linux server. 4 | #### Notes: 5 | 1. This script is designed for execution on Linux server environments, including VPS, VDS, Dedicated, and Bare Metal systems. It is not recommended for use on Linux desktop environments. 6 | 2. Modifying the kernel (options 1 and 2) may result in removing or resetting some GPU drivers. 7 | 3. Some VMs do not support kernel changes (options 1 and 2). Installing XanMod could cause the VM to break. Please be cautious and test beforehand. 8 | 9 | ### It performs the following tasks: 10 | 11 | 0. Fix `hosts` file and DNS _(temporarily)_: 12 | - Check and add 127.0.1.1 and server hostname to `/etc/hosts`. 13 | 14 | *Original `hosts` file is backed up at `/etc/hosts.bak`.* 15 | - Add `Cloudflare-Security` DNS servers _`(1.1.1.2, 1.0.0.2)`_ nameservers to `/etc/resolv.conf`. 16 | 17 | *Original `dns` file is backed up at `/etc/resolv.conf.bak`.* 18 | 19 | 20 | 1. Update, Upgrade, and Clean the server: 21 | - _Update_ 22 | - _Upgrade_ 23 | - _Full-Upgrade_ 24 | - _AutoRemove_ 25 | - _AutoClean_ 26 | - _Clean_ 27 | 28 | 29 | 2. Disable Terminal Ads _(Only on Ubuntu)_. 30 | 31 | 32 | 3. Install XanMod Kernel _(Only on Ubuntu & Debian)_: 33 | - Enable BBRv3. 34 | - CloudFlare TCP Optimizations. 35 | - More Details: https://xanmod.org 36 | 37 | 4. Install Useful Packages: 38 | 39 | _`apt-transport-https`_ _`apt-utils`_ _`autoconf`_ _`automake`_ _`bash-completion`_ _`bc`_ _`binutils`_ _`binutils-common`_ _`binutils-x86-64-linux-gnu`_ _`build-essential`_ _`busybox`_ _`ca-certificates`_ _`cron`_ _`curl`_ _`dialog`_ _`epel-release`_ _`gnupg2`_ _`git`_ _`haveged`_ _`htop`_ _`jq`_ _`keyring`_ _`libssl-dev`_ _`libsqlite3-dev`_ _`libtool`_ _`locales`_ _`lsb-release`_ _`make`_ _`nano`_ _`net-tools`_ _`packagekit`_ _`preload`_ _`python3`_ _`python3-pip`_ _`qrencode`_ _`socat`_ _`screen`_ _`software-properties-common`_ _`ufw`_ _`unzip`_ _`vim`_ _`wget`_ _`zip`_ 40 | 41 | 42 | 5. Enable Packages at Server Boot. 43 | 44 | 45 | 6. Set the server TimeZone to the VPS IP address location. 46 | 47 | 48 | 7. Create & Enable `SWAP` File: 49 | - Swap Path: `"/swapfile"` 50 | - Swap Size: `2Gb` 51 | 52 | 53 | 8. Optimize the [SYSCTL](https://github.com/hawshemi/Linux-Optimizer/blob/main/files/sysctl.conf) Configs: 54 | - Optimize File System Settings. 55 | - Optimize Network Core Settings. 56 | - Optimize `SWAP`. 57 | - Optimize `TCP` and `UDP` Settings. 58 | - Optimize `UNIX` Domain Sockets Settings. 59 | - Optimize `Virtual memory (VM)` Settings. 60 | - Optimize Network Configuration Settings. 61 | - Optimize the Kernel. 62 | - Activate `BBR` _(`BBRv3` with XanMod)_. 63 | 64 | *Original file is backed up at `/etc/sysctl.conf.bak`.* 65 | 66 | 67 | 9. Optimize [SSH](https://github.com/hawshemi/Linux-Optimizer/blob/main/files/sshd_config): 68 | - Disable DNS lookups for connecting clients. 69 | - Remove less efficient encryption ciphers. 70 | - Enable and Configure TCP keep-alive messages. 71 | - Allow TCP forwarding. 72 | - Enable gateway ports, Tunneling and compression. 73 | - Enable X11 Forwarding. 74 | 75 | *Original file is backed up at `/etc/ssh/sshd_config.bak`.* 76 | 77 | 78 | 10. Optimize the [System Limits](https://github.com/hawshemi/Linux-Optimizer/blob/main/files/profile): 79 | - Soft and Hard *ulimit* `-c -d -f -i -l -n -q -s -u -v -x` optimizations. 80 | 81 | 82 | 11. Optimize `UFW` and open Common Ports: 83 | - Open Ports `SSH`, `80`, `443`. 84 | - With `IPv6`, `TCP` & `UDP`. 85 | 86 | 87 | **Reboot at the end is recommended.** 88 | 89 | 90 | ## Prerequisites 91 | 92 | ### Ensure that the `sudo` and `wget` packages are installed on your system: 93 | 94 | - Ubuntu & Debian: 95 | ``` 96 | sudo apt update -q && sudo apt install -y sudo wget 97 | ``` 98 | - CentOS & Fedora: 99 | ``` 100 | sudo dnf up -y && sudo dnf install -y sudo wget 101 | ``` 102 | 103 | 104 | ## Run 105 | #### **Tested on:** Ubuntu 20+, Debian 11+, CentOS Stream 8+, AlmaLinux 8+, Fedora 37+ 106 | 107 | #### Root Access is Required. If the user is not root, first run: 108 | ``` 109 | sudo -i 110 | ``` 111 | #### Then: 112 | ``` 113 | wget "https://raw.githubusercontent.com/hawshemi/Linux-Optimizer/main/linux-optimizer.sh" -O linux-optimizer.sh && chmod +x linux-optimizer.sh && bash linux-optimizer.sh 114 | ``` 115 | 116 | 117 | ## Menu Image 118 | ### Debian & Ubuntu: 119 | ![debian-based-menu](https://github.com/hawshemi/Linux-Optimizer/assets/16742123/3604470e-48ed-403d-a753-143dc934f6fd) 120 | 121 | ### CentOS, AlmaLinux & Fedora: 122 | ![rhel-based-menu](https://github.com/hawshemi/Linux-Optimizer/assets/16742123/07099e64-3864-425f-83e2-cda1e57d5b62) 123 | 124 | 125 | 126 | ## Disclaimer 127 | This script is provided as-is, without any warranty or guarantee. Use it at your own risk. 128 | 129 | 130 | ## License 131 | This script is licensed under the MIT License. 132 | 133 | -------------------------------------------------------------------------------- /files/sysctl.conf: -------------------------------------------------------------------------------- 1 | 2 | 3 | ################################################################ 4 | ################################################################ 5 | 6 | 7 | # /etc/sysctl.conf 8 | # These parameters in this file will be added/updated to the sysctl.conf file. 9 | # Read More: https://github.com/hawshemi/Linux-Optimizer/blob/main/files/sysctl.conf 10 | 11 | 12 | ## File system settings 13 | ## ---------------------------------------------------------------- 14 | 15 | # Set the maximum number of open file descriptors 16 | fs.file-max = 67108864 17 | 18 | 19 | ## Network core settings 20 | ## ---------------------------------------------------------------- 21 | 22 | # Specify default queuing discipline for network devices 23 | net.core.default_qdisc = fq 24 | 25 | # Configure maximum network device backlog 26 | net.core.netdev_max_backlog = 32768 27 | 28 | # Set maximum socket receive buffer 29 | net.core.optmem_max = 262144 30 | 31 | # Define maximum backlog of pending connections 32 | net.core.somaxconn = 65536 33 | 34 | # Configure maximum TCP receive buffer size 35 | net.core.rmem_max = 33554432 36 | 37 | # Set default TCP receive buffer size 38 | net.core.rmem_default = 1048576 39 | 40 | # Configure maximum TCP send buffer size 41 | net.core.wmem_max = 33554432 42 | 43 | # Set default TCP send buffer size 44 | net.core.wmem_default = 1048576 45 | 46 | 47 | ## TCP settings 48 | ## ---------------------------------------------------------------- 49 | 50 | # Define socket receive buffer sizes 51 | net.ipv4.tcp_rmem = 16384 1048576 33554432 52 | 53 | # Specify socket send buffer sizes 54 | net.ipv4.tcp_wmem = 16384 1048576 33554432 55 | 56 | # Set TCP congestion control algorithm to BBR 57 | net.ipv4.tcp_congestion_control = bbr 58 | 59 | # Configure TCP FIN timeout period 60 | net.ipv4.tcp_fin_timeout = 25 61 | 62 | # Set keepalive time (seconds) 63 | net.ipv4.tcp_keepalive_time = 1200 64 | 65 | # Configure keepalive probes count and interval 66 | net.ipv4.tcp_keepalive_probes = 7 67 | net.ipv4.tcp_keepalive_intvl = 30 68 | 69 | # Define maximum orphaned TCP sockets 70 | net.ipv4.tcp_max_orphans = 819200 71 | 72 | # Set maximum TCP SYN backlog 73 | net.ipv4.tcp_max_syn_backlog = 20480 74 | 75 | # Configure maximum TCP Time Wait buckets 76 | net.ipv4.tcp_max_tw_buckets = 1440000 77 | 78 | # Define TCP memory limits 79 | net.ipv4.tcp_mem = 65536 1048576 33554432 80 | 81 | # Enable TCP MTU probing 82 | net.ipv4.tcp_mtu_probing = 1 83 | 84 | # Define minimum amount of data in the send buffer before TCP starts sending 85 | net.ipv4.tcp_notsent_lowat = 32768 86 | 87 | # Specify retries for TCP socket to establish connection 88 | net.ipv4.tcp_retries2 = 8 89 | 90 | # Enable TCP SACK and DSACK 91 | net.ipv4.tcp_sack = 1 92 | net.ipv4.tcp_dsack = 1 93 | 94 | # Disable TCP slow start after idle 95 | net.ipv4.tcp_slow_start_after_idle = 0 96 | 97 | # Enable TCP window scaling 98 | net.ipv4.tcp_window_scaling = 1 99 | net.ipv4.tcp_adv_win_scale = -2 100 | 101 | # Enable TCP ECN 102 | net.ipv4.tcp_ecn = 1 103 | net.ipv4.tcp_ecn_fallback = 1 104 | 105 | # Enable the use of TCP SYN cookies to help protect against SYN flood attacks 106 | net.ipv4.tcp_syncookies = 1 107 | 108 | 109 | ## UDP settings 110 | ## ---------------------------------------------------------------- 111 | 112 | # Define UDP memory limits 113 | net.ipv4.udp_mem = 65536 1048576 33554432 114 | 115 | 116 | ## IPv6 settings 117 | ## ---------------------------------------------------------------- 118 | 119 | # Enable IPv6 120 | #net.ipv6.conf.all.disable_ipv6 = 0 121 | 122 | # Enable IPv6 by default 123 | #net.ipv6.conf.default.disable_ipv6 = 0 124 | 125 | # Enable IPv6 on the loopback interface (lo) 126 | #net.ipv6.conf.lo.disable_ipv6 = 0 127 | 128 | 129 | ## UNIX domain sockets 130 | ## ---------------------------------------------------------------- 131 | 132 | # Set maximum queue length of UNIX domain sockets 133 | net.unix.max_dgram_qlen = 256 134 | 135 | 136 | ## Virtual memory (VM) settings 137 | ## ---------------------------------------------------------------- 138 | 139 | # Specify minimum free Kbytes at which VM pressure happens 140 | vm.min_free_kbytes = 65536 141 | 142 | # Define how aggressively swap memory pages are used 143 | vm.swappiness = 10 144 | 145 | # Set the tendency of the kernel to reclaim memory used for caching of directory and inode objects 146 | vm.vfs_cache_pressure = 250 147 | 148 | # Strictly limits memory allocation to physical RAM + swap, preventing overcommit and reducing OOM risks. 149 | vm.overcommit_memory = 2 150 | 151 | # Sets overcommit to 100% of RAM when enabled, but ignored here since overcommit_memory = 2 disables it. 152 | vm.overcommit_ratio = 100 153 | 154 | 155 | ## Network Configuration 156 | ## ---------------------------------------------------------------- 157 | 158 | # Configure reverse path filtering 159 | net.ipv4.conf.default.rp_filter = 2 160 | net.ipv4.conf.all.rp_filter = 2 161 | 162 | # Disable source route acceptance 163 | net.ipv4.conf.all.accept_source_route = 0 164 | net.ipv4.conf.default.accept_source_route = 0 165 | 166 | # Neighbor table settings 167 | net.ipv4.neigh.default.gc_thresh1 = 512 168 | net.ipv4.neigh.default.gc_thresh2 = 2048 169 | net.ipv4.neigh.default.gc_thresh3 = 16384 170 | net.ipv4.neigh.default.gc_stale_time = 60 171 | 172 | # ARP settings 173 | net.ipv4.conf.default.arp_announce = 2 174 | net.ipv4.conf.lo.arp_announce = 2 175 | net.ipv4.conf.all.arp_announce = 2 176 | 177 | # Kernel panic timeout 178 | kernel.panic = 1 179 | 180 | # Set dirty page ratio for virtual memory 181 | vm.dirty_ratio = 20 182 | 183 | 184 | ################################################################ 185 | ################################################################ 186 | 187 | -------------------------------------------------------------------------------- /linux-optimizer.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | 4 | clear 5 | 6 | 7 | # Green, Yellow & Red Messages. 8 | green_msg() { 9 | tput setaf 2 10 | echo "[*] ----- $1" 11 | tput sgr0 12 | } 13 | 14 | yellow_msg() { 15 | tput setaf 3 16 | echo "[*] ----- $1" 17 | tput sgr0 18 | } 19 | 20 | red_msg() { 21 | tput setaf 1 22 | echo "[*] ----- $1" 23 | tput sgr0 24 | } 25 | 26 | 27 | # Paths 28 | HOST_PATH="/etc/hosts" 29 | DNS_PATH="/etc/resolv.conf" 30 | 31 | 32 | # Intro 33 | echo 34 | green_msg '=================================================================' 35 | green_msg 'This script will automatically Optimize your Linux Server.' 36 | green_msg 'Tested on: Ubuntu 20+, Debian 11+, CentOS stream 8+, AlmaLinux 8+, Fedora 37+' 37 | green_msg 'Root access is required.' 38 | green_msg 'Source is @ https://github.com/hawshemi/linux-optimizer' 39 | green_msg '=================================================================' 40 | echo 41 | 42 | 43 | # Check Root Function 44 | check_if_running_as_root() { 45 | # If you want to run as another user, please modify $EUID to be owned by this user 46 | if [[ "$EUID" -ne '0' ]]; then 47 | echo 48 | red_msg 'Error: You must run this script as root!' 49 | echo 50 | sleep 0.5 51 | exit 1 52 | fi 53 | } 54 | 55 | 56 | # Run Check Root 57 | check_if_running_as_root 58 | sleep 0.5 59 | 60 | 61 | # Install dependencies 62 | install_dependencies_debian_based() { 63 | echo 64 | yellow_msg 'Installing Dependencies...' 65 | echo 66 | sleep 0.5 67 | 68 | apt update -q 69 | apt install -yq wget curl sudo jq 70 | 71 | echo 72 | green_msg 'Dependencies Installed.' 73 | echo 74 | sleep 0.5 75 | } 76 | 77 | 78 | # Install dependencies 79 | install_dependencies_rhel_based() { 80 | echo 81 | yellow_msg 'Installing Dependencies...' 82 | echo 83 | sleep 0.5 84 | 85 | # dnf up -y 86 | dnf install -y wget curl sudo jq 87 | 88 | echo 89 | green_msg 'Dependencies Installed.' 90 | echo 91 | sleep 0.5 92 | } 93 | 94 | 95 | # Fix Hosts file 96 | fix_etc_hosts(){ 97 | echo 98 | yellow_msg "Fixing Hosts file." 99 | sleep 0.5 100 | 101 | cp $HOST_PATH /etc/hosts.bak 102 | yellow_msg "Default hosts file saved. Directory: /etc/hosts.bak" 103 | sleep 0.5 104 | 105 | if ! grep -q $(hostname) $HOST_PATH; then 106 | echo "127.0.1.1 $(hostname)" | sudo tee -a $HOST_PATH > /dev/null 107 | green_msg "Hosts Fixed." 108 | echo 109 | sleep 0.5 110 | else 111 | green_msg "Hosts OK. No changes made." 112 | echo 113 | sleep 0.5 114 | fi 115 | } 116 | 117 | 118 | # Fix DNS Temporarily 119 | fix_dns(){ 120 | echo 121 | yellow_msg "Fixing DNS Temporarily." 122 | sleep 0.5 123 | 124 | cp $DNS_PATH /etc/resolv.conf.bak 125 | yellow_msg "Default resolv.conf file saved. Directory: /etc/resolv.conf.bak" 126 | sleep 0.5 127 | 128 | sed -i '/nameserver/d' $DNS_PATH 129 | 130 | echo "nameserver 1.1.1.2" >> $DNS_PATH 131 | echo "nameserver 1.0.0.2" >> $DNS_PATH 132 | echo "nameserver 127.0.0.53" >> $DNS_PATH 133 | 134 | green_msg "DNS Fixed Temporarily." 135 | echo 136 | sleep 0.5 137 | } 138 | 139 | 140 | # Set the server TimeZone to the VPS IP address location. 141 | set_timezone() { 142 | echo 143 | yellow_msg 'Setting TimeZone based on VPS IP address...' 144 | sleep 0.5 145 | 146 | get_location_info() { 147 | local ip_sources=("https://ipv4.icanhazip.com" "https://api.ipify.org" "https://ipv4.ident.me/") 148 | local location_info 149 | 150 | for source in "${ip_sources[@]}"; do 151 | local ip=$(curl -s "$source") 152 | if [ -n "$ip" ]; then 153 | location_info=$(curl -s "http://ip-api.com/json/$ip") 154 | if [ -n "$location_info" ]; then 155 | echo "$location_info" 156 | return 0 157 | fi 158 | fi 159 | done 160 | 161 | red_msg "Error: Failed to fetch location information from known sources. Setting timezone to UTC." 162 | sudo timedatectl set-timezone "UTC" 163 | return 1 164 | } 165 | 166 | # Fetch location information from three sources 167 | location_info_1=$(get_location_info) 168 | location_info_2=$(get_location_info) 169 | location_info_3=$(get_location_info) 170 | 171 | # Extract timezones from the location information 172 | timezones=($(echo "$location_info_1 $location_info_2 $location_info_3" | jq -r '.timezone')) 173 | 174 | # Check if at least two timezones are equal 175 | if [[ "${timezones[0]}" == "${timezones[1]}" || "${timezones[0]}" == "${timezones[2]}" || "${timezones[1]}" == "${timezones[2]}" ]]; then 176 | # Set the timezone based on the first matching pair 177 | timezone="${timezones[0]}" 178 | sudo timedatectl set-timezone "$timezone" 179 | green_msg "Timezone set to $timezone" 180 | else 181 | red_msg "Error: Failed to fetch consistent location information from known sources. Setting timezone to UTC." 182 | sudo timedatectl set-timezone "UTC" 183 | fi 184 | 185 | echo 186 | sleep 0.5 187 | } 188 | 189 | 190 | # OS Detection 191 | if [[ $(grep -oP '(?<=^NAME=").*(?=")' /etc/os-release) == "Ubuntu" ]]; then 192 | OS="ubuntu" 193 | echo 194 | sleep 0.5 195 | yellow_msg "OS: Ubuntu" 196 | echo 197 | sleep 0.5 198 | elif [[ $(grep -oP '(?<=^NAME=").*(?=")' /etc/os-release) == "Debian GNU/Linux" ]]; then 199 | OS="debian" 200 | echo 201 | sleep 0.5 202 | yellow_msg "OS: Debian" 203 | echo 204 | sleep 0.5 205 | elif [[ $(grep -oP '(?<=^NAME=").*(?=")' /etc/os-release) == "CentOS Stream" ]]; then 206 | OS="centos" 207 | echo 208 | sleep 0.5 209 | yellow_msg "OS: Centos Stream" 210 | echo 211 | sleep 0.5 212 | elif [[ $(grep -oP '(?<=^NAME=").*(?=")' /etc/os-release) == "AlmaLinux" ]]; then 213 | OS="almalinux" 214 | echo 215 | sleep 0.5 216 | yellow_msg "OS: AlmaLinux" 217 | echo 218 | sleep 0.5 219 | elif [[ $(grep -oP '(?<=^NAME=").*(?=")' /etc/os-release) == "Fedora Linux" ]]; then 220 | OS="fedora" 221 | echo 222 | sleep 0.5 223 | yellow_msg "OS: Fedora" 224 | echo 225 | sleep 0.5 226 | else 227 | echo 228 | sleep 0.5 229 | red_msg "Unknown OS, Create an issue here: https://github.com/hawshemi/Linux-Optimizer" 230 | OS="unknown" 231 | echo 232 | sleep 2 233 | fi 234 | 235 | 236 | ## Run 237 | 238 | # Install dependencies 239 | if [[ "$OS" == "ubuntu" || "$OS" == "debian" ]]; then 240 | install_dependencies_debian_based 241 | elif [[ "$OS" == "centos" || "$OS" == "fedora" || "$OS" == "almalinux" ]]; then 242 | install_dependencies_rhel_based 243 | fi 244 | 245 | 246 | # Fix Hosts file 247 | fix_etc_hosts 248 | sleep 0.5 249 | 250 | # Fix DNS 251 | fix_dns 252 | sleep 0.5 253 | 254 | # Timezone 255 | set_timezone 256 | sleep 0.5 257 | 258 | 259 | # Run Script based on Distros 260 | case $OS in 261 | ubuntu) 262 | # Ubuntu 263 | wget "https://raw.githubusercontent.com/hawshemi/Linux-Optimizer/main/scripts/ubuntu-optimizer.sh" -q -O ubuntu-optimizer.sh && chmod +x ubuntu-optimizer.sh && bash ubuntu-optimizer.sh 264 | ;; 265 | debian) 266 | # Debian 267 | wget "https://raw.githubusercontent.com/hawshemi/Linux-Optimizer/main/scripts/debian-optimizer.sh" -q -O debian-optimizer.sh && chmod +x debian-optimizer.sh && bash debian-optimizer.sh 268 | ;; 269 | centos) 270 | # CentOS 271 | wget "https://raw.githubusercontent.com/hawshemi/Linux-Optimizer/main/scripts/centos-optimizer.sh" -q -O centos-optimizer.sh && chmod +x centos-optimizer.sh && bash centos-optimizer.sh 272 | ;; 273 | almalinux) 274 | # AlmaLinux 275 | wget "https://raw.githubusercontent.com/hawshemi/Linux-Optimizer/main/scripts/centos-optimizer.sh" -q -O almalinux-optimizer.sh && chmod +x almalinux-optimizer.sh && bash almalinux-optimizer.sh 276 | ;; 277 | fedora) 278 | # Fedora 279 | wget "https://raw.githubusercontent.com/hawshemi/Linux-Optimizer/main/scripts/fedora-optimizer.sh" -q -O fedora-optimizer.sh && chmod +x fedora-optimizer.sh && bash fedora-optimizer.sh 280 | ;; 281 | unknown) 282 | # Unknown 283 | exit 284 | ;; 285 | esac 286 | 287 | -------------------------------------------------------------------------------- /scripts/fedora-optimizer.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # https://github.com/hawshemi/Linux-Optimizer 3 | 4 | 5 | # Green, Yellow & Red Messages. 6 | green_msg() { 7 | tput setaf 2 8 | echo "[*] ----- $1" 9 | tput sgr0 10 | } 11 | 12 | yellow_msg() { 13 | tput setaf 3 14 | echo "[*] ----- $1" 15 | tput sgr0 16 | } 17 | 18 | red_msg() { 19 | tput setaf 1 20 | echo "[*] ----- $1" 21 | tput sgr0 22 | } 23 | 24 | 25 | # Declare Paths & Settings. 26 | SYS_PATH="/etc/sysctl.conf" 27 | PROF_PATH="/etc/profile" 28 | SSH_PORT="" 29 | SSH_PATH="/etc/ssh/sshd_config" 30 | SWAP_PATH="/swapfile" 31 | SWAP_SIZE=2G 32 | 33 | 34 | # Root 35 | check_if_running_as_root() { 36 | ## If you want to run as another user, please modify $EUID to be owned by this user 37 | if [[ "$EUID" -ne '0' ]]; then 38 | echo 39 | red_msg 'Error: You must run this script as root!' 40 | echo 41 | sleep 0.5 42 | exit 1 43 | fi 44 | } 45 | 46 | 47 | # Check Root 48 | check_if_running_as_root 49 | sleep 0.5 50 | 51 | 52 | # Ask Reboot 53 | ask_reboot() { 54 | yellow_msg 'Reboot now? (RECOMMENDED) (y/n)' 55 | echo 56 | while true; do 57 | read choice 58 | echo 59 | if [[ "$choice" == 'y' || "$choice" == 'Y' ]]; then 60 | sleep 0.5 61 | reboot 62 | exit 0 63 | fi 64 | if [[ "$choice" == 'n' || "$choice" == 'N' ]]; then 65 | break 66 | fi 67 | done 68 | } 69 | 70 | 71 | # Update & Upgrade & Remove & Clean 72 | complete_update() { 73 | echo 74 | yellow_msg 'Updating the System... (This can take a while.)' 75 | echo 76 | sleep 0.5 77 | 78 | sudo dnf -y up 79 | sudo dnf -y autoremove 80 | sudo dnf -y clean all 81 | sleep 0.5 82 | 83 | ## Again :D 84 | sudo dnf -y up 85 | sudo dnf -y autoremove 86 | 87 | echo 88 | green_msg 'System Updated & Cleaned Successfully.' 89 | echo 90 | sleep 0.5 91 | } 92 | 93 | 94 | # Install useful packages 95 | installations() { 96 | echo 97 | yellow_msg 'Installing Useful Packages... (This can take a while.)' 98 | echo 99 | sleep 0.5 100 | 101 | ## System utilities 102 | sudo dnf -y install bash-completion busybox crontabs ca-certificates curl dnf-plugins-core dnf-utils gnupg2 nano screen ufw unzip vim wget zip 103 | 104 | ## Programming and development tools 105 | sudo dnf -y install autoconf automake bash-completion git libtool make pkg-config python3 python3-pip 106 | 107 | ## Additional libraries and dependencies 108 | sudo dnf -y install bc binutils haveged jq libsodium libsodium-devel PackageKit qrencode socat 109 | 110 | ## Miscellaneous 111 | sudo dnf -y install dialog htop net-tools 112 | 113 | echo 114 | green_msg 'Useful Packages Installed Succesfully.' 115 | echo 116 | sleep 0.5 117 | } 118 | 119 | 120 | # Enable packages at server boot 121 | enable_packages() { 122 | sudo systemctl enable crond.service haveged 123 | echo 124 | green_msg 'Packages Enabled Successfully.' 125 | echo 126 | sleep 0.5 127 | } 128 | 129 | 130 | # Swap Maker 131 | swap_maker() { 132 | echo 133 | yellow_msg 'Making SWAP Space...' 134 | echo 135 | sleep 0.5 136 | 137 | ## Make Swap 138 | sudo fallocate -l $SWAP_SIZE $SWAP_PATH ## Allocate size 139 | sudo chmod 600 $SWAP_PATH ## Set proper permission 140 | sudo mkswap $SWAP_PATH ## Setup swap 141 | sudo swapon $SWAP_PATH ## Enable swap 142 | echo "$SWAP_PATH none swap sw 0 0" >> /etc/fstab ## Add to fstab 143 | echo 144 | green_msg 'SWAP Created Successfully.' 145 | echo 146 | sleep 0.5 147 | } 148 | 149 | 150 | # SYSCTL Optimization 151 | sysctl_optimizations() { 152 | ## Make a backup of the original sysctl.conf file 153 | cp $SYS_PATH /etc/sysctl.conf.bak 154 | 155 | echo 156 | yellow_msg 'Default sysctl.conf file Saved. Directory: /etc/sysctl.conf.bak' 157 | echo 158 | sleep 1 159 | 160 | echo 161 | yellow_msg 'Optimizing the Network...' 162 | echo 163 | sleep 0.5 164 | 165 | sed -i -e '/fs.file-max/d' \ 166 | -e '/net.core.default_qdisc/d' \ 167 | -e '/net.core.netdev_max_backlog/d' \ 168 | -e '/net.core.optmem_max/d' \ 169 | -e '/net.core.somaxconn/d' \ 170 | -e '/net.core.rmem_max/d' \ 171 | -e '/net.core.wmem_max/d' \ 172 | -e '/net.core.rmem_default/d' \ 173 | -e '/net.core.wmem_default/d' \ 174 | -e '/net.ipv4.tcp_rmem/d' \ 175 | -e '/net.ipv4.tcp_wmem/d' \ 176 | -e '/net.ipv4.tcp_congestion_control/d' \ 177 | -e '/net.ipv4.tcp_fastopen/d' \ 178 | -e '/net.ipv4.tcp_fin_timeout/d' \ 179 | -e '/net.ipv4.tcp_keepalive_time/d' \ 180 | -e '/net.ipv4.tcp_keepalive_probes/d' \ 181 | -e '/net.ipv4.tcp_keepalive_intvl/d' \ 182 | -e '/net.ipv4.tcp_max_orphans/d' \ 183 | -e '/net.ipv4.tcp_max_syn_backlog/d' \ 184 | -e '/net.ipv4.tcp_max_tw_buckets/d' \ 185 | -e '/net.ipv4.tcp_mem/d' \ 186 | -e '/net.ipv4.tcp_mtu_probing/d' \ 187 | -e '/net.ipv4.tcp_notsent_lowat/d' \ 188 | -e '/net.ipv4.tcp_retries2/d' \ 189 | -e '/net.ipv4.tcp_sack/d' \ 190 | -e '/net.ipv4.tcp_dsack/d' \ 191 | -e '/net.ipv4.tcp_slow_start_after_idle/d' \ 192 | -e '/net.ipv4.tcp_window_scaling/d' \ 193 | -e '/net.ipv4.tcp_adv_win_scale/d' \ 194 | -e '/net.ipv4.tcp_ecn/d' \ 195 | -e '/net.ipv4.tcp_ecn_fallback/d' \ 196 | -e '/net.ipv4.tcp_syncookies/d' \ 197 | -e '/net.ipv4.udp_mem/d' \ 198 | -e '/net.ipv6.conf.all.disable_ipv6/d' \ 199 | -e '/net.ipv6.conf.default.disable_ipv6/d' \ 200 | -e '/net.ipv6.conf.lo.disable_ipv6/d' \ 201 | -e '/net.unix.max_dgram_qlen/d' \ 202 | -e '/vm.min_free_kbytes/d' \ 203 | -e '/vm.swappiness/d' \ 204 | -e '/vm.vfs_cache_pressure/d' \ 205 | -e '/net.ipv4.conf.default.rp_filter/d' \ 206 | -e '/net.ipv4.conf.all.rp_filter/d' \ 207 | -e '/net.ipv4.conf.all.accept_source_route/d' \ 208 | -e '/net.ipv4.conf.default.accept_source_route/d' \ 209 | -e '/net.ipv4.neigh.default.gc_thresh1/d' \ 210 | -e '/net.ipv4.neigh.default.gc_thresh2/d' \ 211 | -e '/net.ipv4.neigh.default.gc_thresh3/d' \ 212 | -e '/net.ipv4.neigh.default.gc_stale_time/d' \ 213 | -e '/net.ipv4.conf.default.arp_announce/d' \ 214 | -e '/net.ipv4.conf.lo.arp_announce/d' \ 215 | -e '/net.ipv4.conf.all.arp_announce/d' \ 216 | -e '/kernel.panic/d' \ 217 | -e '/vm.dirty_ratio/d' \ 218 | -e '/vm.overcommit_memory/d' \ 219 | -e '/vm.overcommit_ratio/d' \ 220 | -e '/^#/d' \ 221 | -e '/^$/d' \ 222 | "$SYS_PATH" 223 | 224 | 225 | ## Add new parameters. Read More: https://github.com/hawshemi/Linux-Optimizer/blob/main/files/sysctl.conf 226 | 227 | cat <> "$SYS_PATH" 228 | 229 | 230 | ################################################################ 231 | ################################################################ 232 | 233 | 234 | # /etc/sysctl.conf 235 | # These parameters in this file will be added/updated to the sysctl.conf file. 236 | # Read More: https://github.com/hawshemi/Linux-Optimizer/blob/main/files/sysctl.conf 237 | 238 | 239 | ## File system settings 240 | ## ---------------------------------------------------------------- 241 | 242 | # Set the maximum number of open file descriptors 243 | fs.file-max = 67108864 244 | 245 | 246 | ## Network core settings 247 | ## ---------------------------------------------------------------- 248 | 249 | # Specify default queuing discipline for network devices 250 | net.core.default_qdisc = fq 251 | 252 | # Configure maximum network device backlog 253 | net.core.netdev_max_backlog = 32768 254 | 255 | # Set maximum socket receive buffer 256 | net.core.optmem_max = 262144 257 | 258 | # Define maximum backlog of pending connections 259 | net.core.somaxconn = 65536 260 | 261 | # Configure maximum TCP receive buffer size 262 | net.core.rmem_max = 33554432 263 | 264 | # Set default TCP receive buffer size 265 | net.core.rmem_default = 1048576 266 | 267 | # Configure maximum TCP send buffer size 268 | net.core.wmem_max = 33554432 269 | 270 | # Set default TCP send buffer size 271 | net.core.wmem_default = 1048576 272 | 273 | 274 | ## TCP settings 275 | ## ---------------------------------------------------------------- 276 | 277 | # Define socket receive buffer sizes 278 | net.ipv4.tcp_rmem = 16384 1048576 33554432 279 | 280 | # Specify socket send buffer sizes 281 | net.ipv4.tcp_wmem = 16384 1048576 33554432 282 | 283 | # Set TCP congestion control algorithm to BBR 284 | net.ipv4.tcp_congestion_control = bbr 285 | 286 | # Configure TCP FIN timeout period 287 | net.ipv4.tcp_fin_timeout = 25 288 | 289 | # Set keepalive time (seconds) 290 | net.ipv4.tcp_keepalive_time = 1200 291 | 292 | # Configure keepalive probes count and interval 293 | net.ipv4.tcp_keepalive_probes = 7 294 | net.ipv4.tcp_keepalive_intvl = 30 295 | 296 | # Define maximum orphaned TCP sockets 297 | net.ipv4.tcp_max_orphans = 819200 298 | 299 | # Set maximum TCP SYN backlog 300 | net.ipv4.tcp_max_syn_backlog = 20480 301 | 302 | # Configure maximum TCP Time Wait buckets 303 | net.ipv4.tcp_max_tw_buckets = 1440000 304 | 305 | # Define TCP memory limits 306 | net.ipv4.tcp_mem = 65536 1048576 33554432 307 | 308 | # Enable TCP MTU probing 309 | net.ipv4.tcp_mtu_probing = 1 310 | 311 | # Define minimum amount of data in the send buffer before TCP starts sending 312 | net.ipv4.tcp_notsent_lowat = 32768 313 | 314 | # Specify retries for TCP socket to establish connection 315 | net.ipv4.tcp_retries2 = 8 316 | 317 | # Enable TCP SACK and DSACK 318 | net.ipv4.tcp_sack = 1 319 | net.ipv4.tcp_dsack = 1 320 | 321 | # Disable TCP slow start after idle 322 | net.ipv4.tcp_slow_start_after_idle = 0 323 | 324 | # Enable TCP window scaling 325 | net.ipv4.tcp_window_scaling = 1 326 | net.ipv4.tcp_adv_win_scale = -2 327 | 328 | # Enable TCP ECN 329 | net.ipv4.tcp_ecn = 1 330 | net.ipv4.tcp_ecn_fallback = 1 331 | 332 | # Enable the use of TCP SYN cookies to help protect against SYN flood attacks 333 | net.ipv4.tcp_syncookies = 1 334 | 335 | 336 | ## UDP settings 337 | ## ---------------------------------------------------------------- 338 | 339 | # Define UDP memory limits 340 | net.ipv4.udp_mem = 65536 1048576 33554432 341 | 342 | 343 | ## IPv6 settings 344 | ## ---------------------------------------------------------------- 345 | 346 | # Enable IPv6 347 | #net.ipv6.conf.all.disable_ipv6 = 0 348 | 349 | # Enable IPv6 by default 350 | #net.ipv6.conf.default.disable_ipv6 = 0 351 | 352 | # Enable IPv6 on the loopback interface (lo) 353 | #net.ipv6.conf.lo.disable_ipv6 = 0 354 | 355 | 356 | ## UNIX domain sockets 357 | ## ---------------------------------------------------------------- 358 | 359 | # Set maximum queue length of UNIX domain sockets 360 | net.unix.max_dgram_qlen = 256 361 | 362 | 363 | ## Virtual memory (VM) settings 364 | ## ---------------------------------------------------------------- 365 | 366 | # Specify minimum free Kbytes at which VM pressure happens 367 | vm.min_free_kbytes = 65536 368 | 369 | # Define how aggressively swap memory pages are used 370 | vm.swappiness = 10 371 | 372 | # Set the tendency of the kernel to reclaim memory used for caching of directory and inode objects 373 | vm.vfs_cache_pressure = 250 374 | 375 | 376 | ## Network Configuration 377 | ## ---------------------------------------------------------------- 378 | 379 | # Configure reverse path filtering 380 | net.ipv4.conf.default.rp_filter = 2 381 | net.ipv4.conf.all.rp_filter = 2 382 | 383 | # Disable source route acceptance 384 | net.ipv4.conf.all.accept_source_route = 0 385 | net.ipv4.conf.default.accept_source_route = 0 386 | 387 | # Neighbor table settings 388 | net.ipv4.neigh.default.gc_thresh1 = 512 389 | net.ipv4.neigh.default.gc_thresh2 = 2048 390 | net.ipv4.neigh.default.gc_thresh3 = 16384 391 | net.ipv4.neigh.default.gc_stale_time = 60 392 | 393 | # ARP settings 394 | net.ipv4.conf.default.arp_announce = 2 395 | net.ipv4.conf.lo.arp_announce = 2 396 | net.ipv4.conf.all.arp_announce = 2 397 | 398 | # Kernel panic timeout 399 | kernel.panic = 1 400 | 401 | # Set dirty page ratio for virtual memory 402 | vm.dirty_ratio = 20 403 | 404 | # Strictly limits memory allocation to physical RAM + swap, preventing overcommit and reducing OOM risks. 405 | vm.overcommit_memory = 2 406 | 407 | # Sets overcommit to 100% of RAM when enabled, but ignored here since overcommit_memory = 2 disables it. 408 | vm.overcommit_ratio = 100 409 | 410 | 411 | ################################################################ 412 | ################################################################ 413 | 414 | 415 | EOF 416 | 417 | sudo sysctl -p 418 | 419 | echo 420 | green_msg 'Network is Optimized.' 421 | echo 422 | sleep 0.5 423 | } 424 | 425 | 426 | # Function to find the SSH port and set it in the SSH_PORT variable 427 | find_ssh_port() { 428 | echo 429 | yellow_msg "Finding SSH port..." 430 | echo 431 | 432 | ## Check if the SSH configuration file exists 433 | if [ -e "$SSH_PATH" ]; then 434 | ## Use grep to search for the 'Port' directive in the SSH configuration file 435 | SSH_PORT=$(grep -oP '^Port\s+\K\d+' "$SSH_PATH" 2>/dev/null) 436 | 437 | if [ -n "$SSH_PORT" ]; then 438 | echo 439 | green_msg "SSH port found: $SSH_PORT" 440 | echo 441 | sleep 0.5 442 | else 443 | echo 444 | green_msg "SSH port is default 22." 445 | echo 446 | SSH_PORT=22 447 | sleep 0.5 448 | fi 449 | else 450 | red_msg "SSH configuration file not found at $SSH_PATH" 451 | fi 452 | } 453 | 454 | 455 | # Remove old SSH config to prevent duplicates. 456 | remove_old_ssh_conf() { 457 | ## Make a backup of the original sshd_config file 458 | cp $SSH_PATH /etc/ssh/sshd_config.bak 459 | 460 | echo 461 | yellow_msg 'Default SSH Config file Saved. Directory: /etc/ssh/sshd_config.bak' 462 | echo 463 | sleep 1 464 | 465 | ## Remove these lines 466 | sed -i -e 's/#UseDNS yes/UseDNS no/' \ 467 | -e 's/#Compression no/Compression yes/' \ 468 | -e 's/Ciphers .*/Ciphers aes256-ctr,chacha20-poly1305@openssh.com/' \ 469 | -e '/MaxAuthTries/d' \ 470 | -e '/MaxSessions/d' \ 471 | -e '/TCPKeepAlive/d' \ 472 | -e '/ClientAliveInterval/d' \ 473 | -e '/ClientAliveCountMax/d' \ 474 | -e '/AllowAgentForwarding/d' \ 475 | -e '/AllowTcpForwarding/d' \ 476 | -e '/GatewayPorts/d' \ 477 | -e '/PermitTunnel/d' \ 478 | -e '/X11Forwarding/d' "$SSH_PATH" 479 | 480 | } 481 | 482 | 483 | # Update SSH config 484 | update_sshd_conf() { 485 | echo 486 | yellow_msg 'Optimizing SSH...' 487 | echo 488 | sleep 0.5 489 | 490 | ## Enable TCP keep-alive messages 491 | echo "TCPKeepAlive yes" | tee -a "$SSH_PATH" 492 | 493 | ## Configure client keep-alive messages 494 | echo "ClientAliveInterval 3000" | tee -a "$SSH_PATH" 495 | echo "ClientAliveCountMax 100" | tee -a "$SSH_PATH" 496 | 497 | ## Allow TCP forwarding 498 | echo "AllowTcpForwarding yes" | tee -a "$SSH_PATH" 499 | 500 | ## Enable gateway ports 501 | echo "GatewayPorts yes" | tee -a "$SSH_PATH" 502 | 503 | ## Enable tunneling 504 | echo "PermitTunnel yes" | tee -a "$SSH_PATH" 505 | 506 | ## Enable X11 graphical interface forwarding 507 | echo "X11Forwarding yes" | tee -a "$SSH_PATH" 508 | 509 | ## Restart the SSH service to apply the changes 510 | sudo systemctl restart sshd 511 | 512 | echo 513 | green_msg 'SSH is Optimized.' 514 | echo 515 | sleep 0.5 516 | } 517 | 518 | 519 | # System Limits Optimizations 520 | limits_optimizations() { 521 | echo 522 | yellow_msg 'Optimizing System Limits...' 523 | echo 524 | sleep 0.5 525 | 526 | ## Clear old ulimits 527 | sed -i '/ulimit -c/d' $PROF_PATH 528 | sed -i '/ulimit -d/d' $PROF_PATH 529 | sed -i '/ulimit -f/d' $PROF_PATH 530 | sed -i '/ulimit -i/d' $PROF_PATH 531 | sed -i '/ulimit -l/d' $PROF_PATH 532 | sed -i '/ulimit -m/d' $PROF_PATH 533 | sed -i '/ulimit -n/d' $PROF_PATH 534 | sed -i '/ulimit -q/d' $PROF_PATH 535 | sed -i '/ulimit -s/d' $PROF_PATH 536 | sed -i '/ulimit -t/d' $PROF_PATH 537 | sed -i '/ulimit -u/d' $PROF_PATH 538 | sed -i '/ulimit -v/d' $PROF_PATH 539 | sed -i '/ulimit -x/d' $PROF_PATH 540 | sed -i '/ulimit -s/d' $PROF_PATH 541 | 542 | 543 | ## Add new ulimits 544 | ## The maximum size of core files created. 545 | echo "ulimit -c unlimited" | tee -a $PROF_PATH 546 | 547 | ## The maximum size of a process's data segment 548 | echo "ulimit -d unlimited" | tee -a $PROF_PATH 549 | 550 | ## The maximum size of files created by the shell (default option) 551 | echo "ulimit -f unlimited" | tee -a $PROF_PATH 552 | 553 | ## The maximum number of pending signals 554 | echo "ulimit -i unlimited" | tee -a $PROF_PATH 555 | 556 | ## The maximum size that may be locked into memory 557 | echo "ulimit -l unlimited" | tee -a $PROF_PATH 558 | 559 | ## The maximum memory size 560 | echo "ulimit -m unlimited" | tee -a $PROF_PATH 561 | 562 | ## The maximum number of open file descriptors 563 | echo "ulimit -n 1048576" | tee -a $PROF_PATH 564 | 565 | ## The maximum POSIX message queue size 566 | echo "ulimit -q unlimited" | tee -a $PROF_PATH 567 | 568 | ## The maximum stack size 569 | echo "ulimit -s -H 65536" | tee -a $PROF_PATH 570 | echo "ulimit -s 32768" | tee -a $PROF_PATH 571 | 572 | ## The maximum number of seconds to be used by each process. 573 | echo "ulimit -t unlimited" | tee -a $PROF_PATH 574 | 575 | ## The maximum number of processes available to a single user 576 | echo "ulimit -u unlimited" | tee -a $PROF_PATH 577 | 578 | ## The maximum amount of virtual memory available to the process 579 | echo "ulimit -v unlimited" | tee -a $PROF_PATH 580 | 581 | ## The maximum number of file locks 582 | echo "ulimit -x unlimited" | tee -a $PROF_PATH 583 | 584 | 585 | echo 586 | green_msg 'System Limits are Optimized.' 587 | echo 588 | sleep 0.5 589 | } 590 | 591 | 592 | # UFW Optimizations 593 | ufw_optimizations() { 594 | echo 595 | yellow_msg 'Installing & Optimizing UFW...' 596 | echo 597 | sleep 0.5 598 | 599 | ## Purge firewalld to install UFW. 600 | sudo dnf -y remove firewalld 601 | 602 | ## Install UFW if not installed. 603 | dnf -y up 604 | dnf -y install ufw 605 | 606 | ## Disable UFW 607 | sudo ufw disable 608 | 609 | ## Open default ports. 610 | sudo ufw allow $SSH_PORT 611 | sudo ufw allow 80/tcp 612 | sudo ufw allow 80/udp 613 | sudo ufw allow 443/tcp 614 | sudo ufw allow 443/udp 615 | sleep 0.5 616 | 617 | ## Change the UFW config to use System config. 618 | sed -i 's+/etc/ufw/sysctl.conf+/etc/sysctl.conf+gI' /etc/default/ufw 619 | 620 | ## Enable & Reload 621 | echo "y" | sudo ufw enable 622 | sudo ufw reload 623 | echo 624 | green_msg 'UFW is Installed & Optimized. (Open your custom ports manually.)' 625 | echo 626 | sleep 0.5 627 | } 628 | 629 | 630 | # Show the Menu 631 | show_menu() { 632 | echo 633 | yellow_msg 'Choose One Option: ' 634 | echo 635 | green_msg '1 - Apply Everything. (RECOMMENDED)' 636 | echo 637 | green_msg '2 - Complete Update + Make SWAP + Optimize Network, SSH & System Limits + UFW' 638 | green_msg '3 - Complete Update + Make SWAP + Optimize Network, SSH & System Limits' 639 | echo 640 | green_msg '4 - Complete Update & Clean the OS.' 641 | green_msg '5 - Install Useful Packages.' 642 | green_msg '6 - Make SWAP (2Gb).' 643 | green_msg '7 - Optimize the Network, SSH & System Limits.' 644 | echo 645 | green_msg '8 - Optimize the Network settings.' 646 | green_msg '9 - Optimize the SSH settings.' 647 | green_msg '10 - Optimize the System Limits.' 648 | echo 649 | green_msg '11 - Install & Optimize UFW.' 650 | echo 651 | red_msg 'q - Exit.' 652 | echo 653 | } 654 | 655 | 656 | # Choosing Program 657 | main() { 658 | while true; do 659 | show_menu 660 | read -p 'Enter Your Choice: ' choice 661 | case $choice in 662 | 1) 663 | apply_everything 664 | 665 | echo 666 | green_msg '=========================' 667 | green_msg 'Done.' 668 | green_msg '=========================' 669 | 670 | ask_reboot 671 | ;; 672 | 2) 673 | complete_update 674 | sleep 0.5 675 | 676 | swap_maker 677 | sleep 0.5 678 | 679 | sysctl_optimizations 680 | sleep 0.5 681 | 682 | remove_old_ssh_conf 683 | sleep 0.5 684 | 685 | update_sshd_conf 686 | sleep 0.5 687 | 688 | limits_optimizations 689 | sleep 0.5 690 | 691 | find_ssh_port 692 | ufw_optimizations 693 | sleep 0.5 694 | 695 | echo 696 | green_msg '=========================' 697 | green_msg 'Done.' 698 | green_msg '=========================' 699 | 700 | ask_reboot 701 | ;; 702 | 3) 703 | complete_update 704 | sleep 0.5 705 | 706 | swap_maker 707 | sleep 0.5 708 | 709 | sysctl_optimizations 710 | sleep 0.5 711 | 712 | remove_old_ssh_conf 713 | sleep 0.5 714 | 715 | update_sshd_conf 716 | sleep 0.5 717 | 718 | limits_optimizations 719 | sleep 0.5 720 | 721 | echo 722 | green_msg '=========================' 723 | green_msg 'Done.' 724 | green_msg '=========================' 725 | 726 | ask_reboot 727 | ;; 728 | 4) 729 | complete_update 730 | sleep 0.5 731 | 732 | echo 733 | green_msg '=========================' 734 | green_msg 'Done.' 735 | green_msg '=========================' 736 | 737 | ask_reboot 738 | ;; 739 | 740 | 5) 741 | complete_update 742 | installations 743 | enable_packages 744 | sleep 0.5 745 | 746 | echo 747 | green_msg '=========================' 748 | green_msg 'Done.' 749 | green_msg '=========================' 750 | 751 | ask_reboot 752 | ;; 753 | 6) 754 | swap_maker 755 | sleep 0.5 756 | 757 | echo 758 | green_msg '=========================' 759 | green_msg 'Done.' 760 | green_msg '=========================' 761 | 762 | ask_reboot 763 | ;; 764 | 7) 765 | sysctl_optimizations 766 | sleep 0.5 767 | 768 | remove_old_ssh_conf 769 | sleep 0.5 770 | 771 | update_sshd_conf 772 | sleep 0.5 773 | 774 | limits_optimizations 775 | sleep 0.5 776 | 777 | echo 778 | green_msg '=========================' 779 | green_msg 'Done.' 780 | green_msg '=========================' 781 | 782 | ask_reboot 783 | ;; 784 | 8) 785 | sysctl_optimizations 786 | sleep 0.5 787 | 788 | echo 789 | green_msg '=========================' 790 | green_msg 'Done.' 791 | green_msg '=========================' 792 | 793 | ;; 794 | 9) 795 | remove_old_ssh_conf 796 | sleep 0.5 797 | 798 | update_sshd_conf 799 | sleep 0.5 800 | 801 | echo 802 | green_msg '=========================' 803 | green_msg 'Done.' 804 | green_msg '=========================' 805 | 806 | ;; 807 | 10) 808 | limits_optimizations 809 | sleep 0.5 810 | 811 | echo 812 | green_msg '=========================' 813 | green_msg 'Done.' 814 | green_msg '=========================' 815 | 816 | ask_reboot 817 | ;; 818 | 11) 819 | find_ssh_port 820 | ufw_optimizations 821 | sleep 0.5 822 | 823 | echo 824 | green_msg '=========================' 825 | green_msg 'Done.' 826 | green_msg '=========================' 827 | 828 | ask_reboot 829 | ;; 830 | q) 831 | exit 0 832 | ;; 833 | 834 | *) 835 | red_msg 'Wrong input!' 836 | ;; 837 | esac 838 | done 839 | } 840 | 841 | 842 | # Apply Everything 843 | apply_everything() { 844 | 845 | complete_update 846 | sleep 0.5 847 | 848 | installations 849 | sleep 0.5 850 | 851 | enable_packages 852 | sleep 0.5 853 | 854 | swap_maker 855 | sleep 0.5 856 | 857 | sysctl_optimizations 858 | sleep 0.5 859 | 860 | remove_old_ssh_conf 861 | sleep 0.5 862 | 863 | update_sshd_conf 864 | sleep 0.5 865 | 866 | limits_optimizations 867 | sleep 0.5 868 | 869 | find_ssh_port 870 | ufw_optimizations 871 | sleep 0.5 872 | } 873 | 874 | 875 | main 876 | -------------------------------------------------------------------------------- /scripts/centos-optimizer.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # https://github.com/hawshemi/Linux-Optimizer 3 | 4 | 5 | # Green, Yellow & Red Messages. 6 | green_msg() { 7 | tput setaf 2 8 | echo "[*] ----- $1" 9 | tput sgr0 10 | } 11 | 12 | yellow_msg() { 13 | tput setaf 3 14 | echo "[*] ----- $1" 15 | tput sgr0 16 | } 17 | 18 | red_msg() { 19 | tput setaf 1 20 | echo "[*] ----- $1" 21 | tput sgr0 22 | } 23 | 24 | 25 | # Declare Paths & Settings. 26 | SYS_PATH="/etc/sysctl.conf" 27 | PROF_PATH="/etc/profile" 28 | SSH_PORT="" 29 | SSH_PATH="/etc/ssh/sshd_config" 30 | SWAP_PATH="/swapfile" 31 | SWAP_SIZE=2G 32 | 33 | 34 | # Root 35 | check_if_running_as_root() { 36 | ## If you want to run as another user, please modify $EUID to be owned by this user 37 | if [[ "$EUID" -ne '0' ]]; then 38 | echo 39 | red_msg 'Error: You must run this script as root!' 40 | echo 41 | sleep 0.5 42 | exit 1 43 | fi 44 | } 45 | 46 | 47 | # Check Root 48 | check_if_running_as_root 49 | sleep 0.5 50 | 51 | 52 | # Ask Reboot 53 | ask_reboot() { 54 | yellow_msg 'Reboot now? (RECOMMENDED) (y/n)' 55 | echo 56 | while true; do 57 | read choice 58 | echo 59 | if [[ "$choice" == 'y' || "$choice" == 'Y' ]]; then 60 | sleep 0.5 61 | reboot 62 | exit 0 63 | fi 64 | if [[ "$choice" == 'n' || "$choice" == 'N' ]]; then 65 | break 66 | fi 67 | done 68 | } 69 | 70 | 71 | # Update & Upgrade & Remove & Clean 72 | complete_update() { 73 | echo 74 | yellow_msg 'Updating the System... (This can take a while.)' 75 | echo 76 | sleep 0.5 77 | 78 | sudo dnf -y up 79 | sudo dnf -y autoremove 80 | sudo dnf -y clean all 81 | sleep 0.5 82 | 83 | ## Again :D 84 | sudo dnf -y up 85 | sudo dnf -y autoremove 86 | 87 | echo 88 | green_msg 'System Updated & Cleaned Successfully.' 89 | echo 90 | sleep 0.5 91 | } 92 | 93 | 94 | # Install useful packages 95 | installations() { 96 | echo 97 | yellow_msg 'Installing Useful Packages... (This can take a while.)' 98 | echo 99 | sleep 0.5 100 | 101 | ## Install EPEL repository 102 | sudo dnf -y install epel-release 103 | 104 | ## Update for the EPEL 105 | sudo dnf -y up 106 | 107 | ## System utilities 108 | sudo dnf -y install bash-completion ca-certificates crontabs curl dnf-plugins-core dnf-utils gnupg2 nano screen ufw unzip vim wget zip 109 | 110 | ## Programming and development tools 111 | sudo dnf -y install autoconf automake bash-completion git libtool make pkg-config python3 python3-pip 112 | 113 | ## Additional libraries and dependencies 114 | sudo dnf -y install bc binutils haveged jq libsodium libsodium-devel PackageKit qrencode socat 115 | 116 | ## Miscellaneous 117 | sudo dnf -y install dialog htop net-tools 118 | 119 | echo 120 | green_msg 'Useful Packages Installed Succesfully.' 121 | echo 122 | sleep 0.5 123 | } 124 | 125 | 126 | # Enable packages at server boot 127 | enable_packages() { 128 | sudo systemctl enable crond.service haveged 129 | echo 130 | green_msg 'Packages Enabled Succesfully.' 131 | echo 132 | sleep 0.5 133 | } 134 | 135 | 136 | ## Swap Maker 137 | swap_maker() { 138 | echo 139 | yellow_msg 'Making SWAP Space...' 140 | echo 141 | sleep 0.5 142 | 143 | ## Make Swap 144 | sudo fallocate -l $SWAP_SIZE $SWAP_PATH ## Allocate size 145 | sudo chmod 600 $SWAP_PATH ## Set proper permission 146 | sudo mkswap $SWAP_PATH ## Setup swap 147 | sudo swapon $SWAP_PATH ## Enable swap 148 | echo "$SWAP_PATH none swap sw 0 0" >> /etc/fstab ## Add to fstab 149 | 150 | echo 151 | green_msg 'SWAP Created Successfully.' 152 | echo 153 | sleep 0.5 154 | } 155 | 156 | 157 | # SYSCTL Optimization 158 | sysctl_optimizations() { 159 | ## Make a backup of the original sysctl.conf file 160 | cp $SYS_PATH /etc/sysctl.conf.bak 161 | 162 | echo 163 | yellow_msg 'Default sysctl.conf file Saved. Directory: /etc/sysctl.conf.bak' 164 | echo 165 | sleep 1 166 | 167 | echo 168 | yellow_msg 'Optimizing the Network...' 169 | echo 170 | sleep 0.5 171 | 172 | sed -i -e '/fs.file-max/d' \ 173 | -e '/net.core.default_qdisc/d' \ 174 | -e '/net.core.netdev_max_backlog/d' \ 175 | -e '/net.core.optmem_max/d' \ 176 | -e '/net.core.somaxconn/d' \ 177 | -e '/net.core.rmem_max/d' \ 178 | -e '/net.core.wmem_max/d' \ 179 | -e '/net.core.rmem_default/d' \ 180 | -e '/net.core.wmem_default/d' \ 181 | -e '/net.ipv4.tcp_rmem/d' \ 182 | -e '/net.ipv4.tcp_wmem/d' \ 183 | -e '/net.ipv4.tcp_congestion_control/d' \ 184 | -e '/net.ipv4.tcp_fastopen/d' \ 185 | -e '/net.ipv4.tcp_fin_timeout/d' \ 186 | -e '/net.ipv4.tcp_keepalive_time/d' \ 187 | -e '/net.ipv4.tcp_keepalive_probes/d' \ 188 | -e '/net.ipv4.tcp_keepalive_intvl/d' \ 189 | -e '/net.ipv4.tcp_max_orphans/d' \ 190 | -e '/net.ipv4.tcp_max_syn_backlog/d' \ 191 | -e '/net.ipv4.tcp_max_tw_buckets/d' \ 192 | -e '/net.ipv4.tcp_mem/d' \ 193 | -e '/net.ipv4.tcp_mtu_probing/d' \ 194 | -e '/net.ipv4.tcp_notsent_lowat/d' \ 195 | -e '/net.ipv4.tcp_retries2/d' \ 196 | -e '/net.ipv4.tcp_sack/d' \ 197 | -e '/net.ipv4.tcp_dsack/d' \ 198 | -e '/net.ipv4.tcp_slow_start_after_idle/d' \ 199 | -e '/net.ipv4.tcp_window_scaling/d' \ 200 | -e '/net.ipv4.tcp_adv_win_scale/d' \ 201 | -e '/net.ipv4.tcp_ecn/d' \ 202 | -e '/net.ipv4.tcp_ecn_fallback/d' \ 203 | -e '/net.ipv4.tcp_syncookies/d' \ 204 | -e '/net.ipv4.udp_mem/d' \ 205 | -e '/net.ipv6.conf.all.disable_ipv6/d' \ 206 | -e '/net.ipv6.conf.default.disable_ipv6/d' \ 207 | -e '/net.ipv6.conf.lo.disable_ipv6/d' \ 208 | -e '/net.unix.max_dgram_qlen/d' \ 209 | -e '/vm.min_free_kbytes/d' \ 210 | -e '/vm.swappiness/d' \ 211 | -e '/vm.vfs_cache_pressure/d' \ 212 | -e '/net.ipv4.conf.default.rp_filter/d' \ 213 | -e '/net.ipv4.conf.all.rp_filter/d' \ 214 | -e '/net.ipv4.conf.all.accept_source_route/d' \ 215 | -e '/net.ipv4.conf.default.accept_source_route/d' \ 216 | -e '/net.ipv4.neigh.default.gc_thresh1/d' \ 217 | -e '/net.ipv4.neigh.default.gc_thresh2/d' \ 218 | -e '/net.ipv4.neigh.default.gc_thresh3/d' \ 219 | -e '/net.ipv4.neigh.default.gc_stale_time/d' \ 220 | -e '/net.ipv4.conf.default.arp_announce/d' \ 221 | -e '/net.ipv4.conf.lo.arp_announce/d' \ 222 | -e '/net.ipv4.conf.all.arp_announce/d' \ 223 | -e '/kernel.panic/d' \ 224 | -e '/vm.dirty_ratio/d' \ 225 | -e '/vm.overcommit_memory/d' \ 226 | -e '/vm.overcommit_ratio/d' \ 227 | -e '/^#/d' \ 228 | -e '/^$/d' \ 229 | "$SYS_PATH" 230 | 231 | 232 | ## Add new parameteres. Read More: https://github.com/hawshemi/Linux-Optimizer/blob/main/files/sysctl.conf 233 | 234 | cat <> "$SYS_PATH" 235 | 236 | 237 | ################################################################ 238 | ################################################################ 239 | 240 | 241 | # /etc/sysctl.conf 242 | # These parameters in this file will be added/updated to the sysctl.conf file. 243 | # Read More: https://github.com/hawshemi/Linux-Optimizer/blob/main/files/sysctl.conf 244 | 245 | 246 | ## File system settings 247 | ## ---------------------------------------------------------------- 248 | 249 | # Set the maximum number of open file descriptors 250 | fs.file-max = 67108864 251 | 252 | 253 | ## Network core settings 254 | ## ---------------------------------------------------------------- 255 | 256 | # Specify default queuing discipline for network devices 257 | net.core.default_qdisc = fq 258 | 259 | # Configure maximum network device backlog 260 | net.core.netdev_max_backlog = 32768 261 | 262 | # Set maximum socket receive buffer 263 | net.core.optmem_max = 262144 264 | 265 | # Define maximum backlog of pending connections 266 | net.core.somaxconn = 65536 267 | 268 | # Configure maximum TCP receive buffer size 269 | net.core.rmem_max = 33554432 270 | 271 | # Set default TCP receive buffer size 272 | net.core.rmem_default = 1048576 273 | 274 | # Configure maximum TCP send buffer size 275 | net.core.wmem_max = 33554432 276 | 277 | # Set default TCP send buffer size 278 | net.core.wmem_default = 1048576 279 | 280 | 281 | ## TCP settings 282 | ## ---------------------------------------------------------------- 283 | 284 | # Define socket receive buffer sizes 285 | net.ipv4.tcp_rmem = 16384 1048576 33554432 286 | 287 | # Specify socket send buffer sizes 288 | net.ipv4.tcp_wmem = 16384 1048576 33554432 289 | 290 | # Set TCP congestion control algorithm to BBR 291 | net.ipv4.tcp_congestion_control = bbr 292 | 293 | # Configure TCP FIN timeout period 294 | net.ipv4.tcp_fin_timeout = 25 295 | 296 | # Set keepalive time (seconds) 297 | net.ipv4.tcp_keepalive_time = 1200 298 | 299 | # Configure keepalive probes count and interval 300 | net.ipv4.tcp_keepalive_probes = 7 301 | net.ipv4.tcp_keepalive_intvl = 30 302 | 303 | # Define maximum orphaned TCP sockets 304 | net.ipv4.tcp_max_orphans = 819200 305 | 306 | # Set maximum TCP SYN backlog 307 | net.ipv4.tcp_max_syn_backlog = 20480 308 | 309 | # Configure maximum TCP Time Wait buckets 310 | net.ipv4.tcp_max_tw_buckets = 1440000 311 | 312 | # Define TCP memory limits 313 | net.ipv4.tcp_mem = 65536 1048576 33554432 314 | 315 | # Enable TCP MTU probing 316 | net.ipv4.tcp_mtu_probing = 1 317 | 318 | # Define the minimum amount of data in the send buffer before TCP starts sending 319 | net.ipv4.tcp_notsent_lowat = 32768 320 | 321 | # Specify retries for TCP socket to establish connection 322 | net.ipv4.tcp_retries2 = 8 323 | 324 | # Enable TCP SACK and DSACK 325 | net.ipv4.tcp_sack = 1 326 | net.ipv4.tcp_dsack = 1 327 | 328 | # Disable TCP slow start after idle 329 | net.ipv4.tcp_slow_start_after_idle = 0 330 | 331 | # Enable TCP window scaling 332 | net.ipv4.tcp_window_scaling = 1 333 | net.ipv4.tcp_adv_win_scale = -2 334 | 335 | # Enable TCP ECN 336 | net.ipv4.tcp_ecn = 1 337 | net.ipv4.tcp_ecn_fallback = 1 338 | 339 | # Enable the use of TCP SYN cookies to help protect against SYN flood attacks 340 | net.ipv4.tcp_syncookies = 1 341 | 342 | 343 | ## UDP settings 344 | ## ---------------------------------------------------------------- 345 | 346 | # Define UDP memory limits 347 | net.ipv4.udp_mem = 65536 1048576 33554432 348 | 349 | 350 | ## IPv6 settings 351 | ## ---------------------------------------------------------------- 352 | 353 | # Enable IPv6 354 | #net.ipv6.conf.all.disable_ipv6 = 0 355 | 356 | # Enable IPv6 by default 357 | #net.ipv6.conf.default.disable_ipv6 = 0 358 | 359 | # Enable IPv6 on the loopback interface (lo) 360 | #net.ipv6.conf.lo.disable_ipv6 = 0 361 | 362 | 363 | ## UNIX domain sockets 364 | ## ---------------------------------------------------------------- 365 | 366 | # Set maximum queue length of UNIX domain sockets 367 | net.unix.max_dgram_qlen = 256 368 | 369 | 370 | ## Virtual memory (VM) settings 371 | ## ---------------------------------------------------------------- 372 | 373 | # Specify minimum free Kbytes at which VM pressure happens 374 | vm.min_free_kbytes = 65536 375 | 376 | # Define how aggressively swap memory pages are used 377 | vm.swappiness = 10 378 | 379 | # Set the tendency of the kernel to reclaim memory used for caching of directory and inode objects 380 | vm.vfs_cache_pressure = 250 381 | 382 | 383 | ## Network Configuration 384 | ## ---------------------------------------------------------------- 385 | 386 | # Configure reverse path filtering 387 | net.ipv4.conf.default.rp_filter = 2 388 | net.ipv4.conf.all.rp_filter = 2 389 | 390 | # Disable source route acceptance 391 | net.ipv4.conf.all.accept_source_route = 0 392 | net.ipv4.conf.default.accept_source_route = 0 393 | 394 | # Neighbor table settings 395 | net.ipv4.neigh.default.gc_thresh1 = 512 396 | net.ipv4.neigh.default.gc_thresh2 = 2048 397 | net.ipv4.neigh.default.gc_thresh3 = 16384 398 | net.ipv4.neigh.default.gc_stale_time = 60 399 | 400 | # ARP settings 401 | net.ipv4.conf.default.arp_announce = 2 402 | net.ipv4.conf.lo.arp_announce = 2 403 | net.ipv4.conf.all.arp_announce = 2 404 | 405 | # Kernel panic timeout 406 | kernel.panic = 1 407 | 408 | # Set dirty page ratio for virtual memory 409 | vm.dirty_ratio = 20 410 | 411 | # Strictly limits memory allocation to physical RAM + swap, preventing overcommit and reducing OOM risks. 412 | vm.overcommit_memory = 2 413 | 414 | # Sets overcommit to 100% of RAM when enabled, but ignored here since overcommit_memory = 2 disables it. 415 | vm.overcommit_ratio = 100 416 | 417 | ################################################################ 418 | ################################################################ 419 | 420 | 421 | EOF 422 | 423 | sudo sysctl -p 424 | 425 | echo 426 | green_msg 'Network is Optimized.' 427 | echo 428 | sleep 0.5 429 | } 430 | 431 | 432 | # Function to find the SSH port and set it in the SSH_PORT variable 433 | find_ssh_port() { 434 | echo 435 | yellow_msg "Finding SSH port..." 436 | echo 437 | 438 | ## Check if the SSH configuration file exists 439 | if [ -e "$SSH_PATH" ]; then 440 | ## Use grep to search for the 'Port' directive in the SSH configuration file 441 | SSH_PORT=$(grep -oP '^Port\s+\K\d+' "$SSH_PATH" 2>/dev/null) 442 | 443 | if [ -n "$SSH_PORT" ]; then 444 | echo 445 | green_msg "SSH port found: $SSH_PORT" 446 | echo 447 | sleep 0.5 448 | else 449 | echo 450 | green_msg "SSH port is default 22." 451 | echo 452 | SSH_PORT=22 453 | sleep 0.5 454 | fi 455 | else 456 | red_msg "SSH configuration file not found at $SSH_PATH" 457 | fi 458 | } 459 | 460 | 461 | # Remove old SSH config to prevent duplicates. 462 | remove_old_ssh_conf() { 463 | ## Make a backup of the original sshd_config file 464 | cp $SSH_PATH /etc/ssh/sshd_config.bak 465 | 466 | echo 467 | yellow_msg 'Default SSH Config file Saved. Directory: /etc/ssh/sshd_config.bak' 468 | echo 469 | sleep 1 470 | 471 | ## Remove these lines 472 | sed -i -e 's/#UseDNS yes/UseDNS no/' \ 473 | -e 's/#Compression no/Compression yes/' \ 474 | -e 's/Ciphers .*/Ciphers aes256-ctr,chacha20-poly1305@openssh.com/' \ 475 | -e '/MaxAuthTries/d' \ 476 | -e '/MaxSessions/d' \ 477 | -e '/TCPKeepAlive/d' \ 478 | -e '/ClientAliveInterval/d' \ 479 | -e '/ClientAliveCountMax/d' \ 480 | -e '/AllowAgentForwarding/d' \ 481 | -e '/AllowTcpForwarding/d' \ 482 | -e '/GatewayPorts/d' \ 483 | -e '/PermitTunnel/d' \ 484 | -e '/X11Forwarding/d' "$SSH_PATH" 485 | 486 | } 487 | 488 | 489 | # Update SSH config 490 | update_sshd_conf() { 491 | echo 492 | yellow_msg 'Optimizing SSH...' 493 | echo 494 | sleep 0.5 495 | 496 | ## Enable TCP keep-alive messages 497 | echo "TCPKeepAlive yes" | tee -a "$SSH_PATH" 498 | 499 | ## Configure client keep-alive messages 500 | echo "ClientAliveInterval 3000" | tee -a "$SSH_PATH" 501 | echo "ClientAliveCountMax 100" | tee -a "$SSH_PATH" 502 | 503 | ## Allow TCP forwarding 504 | echo "AllowTcpForwarding yes" | tee -a "$SSH_PATH" 505 | 506 | ## Enable gateway ports 507 | echo "GatewayPorts yes" | tee -a "$SSH_PATH" 508 | 509 | ## Enable tunneling 510 | echo "PermitTunnel yes" | tee -a "$SSH_PATH" 511 | 512 | ## Enable X11 graphical interface forwarding 513 | echo "X11Forwarding yes" | tee -a "$SSH_PATH" 514 | 515 | ## Restart the SSH service to apply the changes 516 | sudo systemctl restart sshd 517 | 518 | echo 519 | green_msg 'SSH is Optimized.' 520 | echo 521 | sleep 0.5 522 | } 523 | 524 | 525 | # System Limits Optimizations 526 | limits_optimizations() { 527 | echo 528 | yellow_msg 'Optimizing System Limits...' 529 | echo 530 | sleep 0.5 531 | 532 | ## Clear old ulimits 533 | sed -i '/ulimit -c/d' $PROF_PATH 534 | sed -i '/ulimit -d/d' $PROF_PATH 535 | sed -i '/ulimit -f/d' $PROF_PATH 536 | sed -i '/ulimit -i/d' $PROF_PATH 537 | sed -i '/ulimit -l/d' $PROF_PATH 538 | sed -i '/ulimit -m/d' $PROF_PATH 539 | sed -i '/ulimit -n/d' $PROF_PATH 540 | sed -i '/ulimit -q/d' $PROF_PATH 541 | sed -i '/ulimit -s/d' $PROF_PATH 542 | sed -i '/ulimit -t/d' $PROF_PATH 543 | sed -i '/ulimit -u/d' $PROF_PATH 544 | sed -i '/ulimit -v/d' $PROF_PATH 545 | sed -i '/ulimit -x/d' $PROF_PATH 546 | sed -i '/ulimit -s/d' $PROF_PATH 547 | 548 | 549 | ## Add new ulimits 550 | ## The maximum size of core files created. 551 | echo "ulimit -c unlimited" | tee -a $PROF_PATH 552 | 553 | ## The maximum size of a process's data segment 554 | echo "ulimit -d unlimited" | tee -a $PROF_PATH 555 | 556 | ## The maximum size of files created by the shell (default option) 557 | echo "ulimit -f unlimited" | tee -a $PROF_PATH 558 | 559 | ## The maximum number of pending signals 560 | echo "ulimit -i unlimited" | tee -a $PROF_PATH 561 | 562 | ## The maximum size that may be locked into memory 563 | echo "ulimit -l unlimited" | tee -a $PROF_PATH 564 | 565 | ## The maximum memory size 566 | echo "ulimit -m unlimited" | tee -a $PROF_PATH 567 | 568 | ## The maximum number of open file descriptors 569 | echo "ulimit -n 1048576" | tee -a $PROF_PATH 570 | 571 | ## The maximum POSIX message queue size 572 | echo "ulimit -q unlimited" | tee -a $PROF_PATH 573 | 574 | ## The maximum stack size 575 | echo "ulimit -s -H 65536" | tee -a $PROF_PATH 576 | echo "ulimit -s 32768" | tee -a $PROF_PATH 577 | 578 | ## The maximum number of seconds to be used by each process. 579 | echo "ulimit -t unlimited" | tee -a $PROF_PATH 580 | 581 | ## The maximum number of processes available to a single user 582 | echo "ulimit -u unlimited" | tee -a $PROF_PATH 583 | 584 | ## The maximum amount of virtual memory available to the process 585 | echo "ulimit -v unlimited" | tee -a $PROF_PATH 586 | 587 | ## The maximum number of file locks 588 | echo "ulimit -x unlimited" | tee -a $PROF_PATH 589 | 590 | 591 | echo 592 | green_msg 'System Limits are Optimized.' 593 | echo 594 | sleep 0.5 595 | } 596 | 597 | 598 | # UFW Optimizations 599 | ufw_optimizations() { 600 | echo 601 | yellow_msg 'Installing & Optimizing UFW...' 602 | echo 603 | sleep 0.5 604 | 605 | ## Purge firewalld to install UFW. 606 | sudo dnf -y remove firewalld 607 | 608 | ## Install UFW if not installed. 609 | dnf -y install epel-release 610 | dnf -y up 611 | dnf -y install ufw 612 | 613 | ## Disable UFW 614 | sudo ufw disable 615 | 616 | ## Open default ports. 617 | sudo ufw allow $SSH_PORT 618 | sudo ufw allow 80/tcp 619 | sudo ufw allow 80/udp 620 | sudo ufw allow 443/tcp 621 | sudo ufw allow 443/udp 622 | sleep 0.5 623 | 624 | ## Change the UFW config to use System config. 625 | sed -i 's+/etc/ufw/sysctl.conf+/etc/sysctl.conf+gI' /etc/default/ufw 626 | 627 | ## Enable & Reload 628 | echo "y" | sudo ufw enable 629 | sudo ufw reload 630 | echo 631 | green_msg 'UFW is Installed & Optimized. (Open your custom ports manually.)' 632 | echo 633 | sleep 0.5 634 | } 635 | 636 | 637 | # Show the Menu 638 | show_menu() { 639 | echo 640 | yellow_msg 'Choose One Option: ' 641 | echo 642 | green_msg '1 - Apply Everything. (RECOMMENDED)' 643 | echo 644 | green_msg '2 - Complete Update + Make SWAP + Optimize Network, SSH & System Limits + UFW' 645 | green_msg '3 - Complete Update + Make SWAP + Optimize Network, SSH & System Limits' 646 | echo 647 | green_msg '4 - Complete Update & Clean the OS.' 648 | green_msg '5 - Install Useful Packages.' 649 | green_msg '6 - Make SWAP (2Gb).' 650 | green_msg '7 - Optimize the Network, SSH & System Limits.' 651 | echo 652 | green_msg '8 - Optimize the Network settings.' 653 | green_msg '9 - Optimize the SSH settings.' 654 | green_msg '10 - Optimize the System Limits.' 655 | echo 656 | green_msg '11 - Install & Optimize UFW.' 657 | echo 658 | red_msg 'q - Exit.' 659 | echo 660 | } 661 | 662 | 663 | # Choosing Program 664 | main() { 665 | while true; do 666 | show_menu 667 | read -p 'Enter Your Choice: ' choice 668 | case $choice in 669 | 1) 670 | apply_everything 671 | 672 | echo 673 | green_msg '=========================' 674 | green_msg 'Done.' 675 | green_msg '=========================' 676 | 677 | ask_reboot 678 | ;; 679 | 2) 680 | complete_update 681 | sleep 0.5 682 | 683 | swap_maker 684 | sleep 0.5 685 | 686 | sysctl_optimizations 687 | sleep 0.5 688 | 689 | remove_old_ssh_conf 690 | sleep 0.5 691 | 692 | update_sshd_conf 693 | sleep 0.5 694 | 695 | limits_optimizations 696 | sleep 0.5 697 | 698 | find_ssh_port 699 | ufw_optimizations 700 | sleep 0.5 701 | 702 | echo 703 | green_msg '=========================' 704 | green_msg 'Done.' 705 | green_msg '=========================' 706 | 707 | ask_reboot 708 | ;; 709 | 3) 710 | complete_update 711 | sleep 0.5 712 | 713 | swap_maker 714 | sleep 0.5 715 | 716 | sysctl_optimizations 717 | sleep 0.5 718 | 719 | remove_old_ssh_conf 720 | sleep 0.5 721 | 722 | update_sshd_conf 723 | sleep 0.5 724 | 725 | limits_optimizations 726 | sleep 0.5 727 | 728 | echo 729 | green_msg '=========================' 730 | green_msg 'Done.' 731 | green_msg '=========================' 732 | 733 | ask_reboot 734 | ;; 735 | 4) 736 | complete_update 737 | sleep 0.5 738 | 739 | echo 740 | green_msg '=========================' 741 | green_msg 'Done.' 742 | green_msg '=========================' 743 | 744 | ask_reboot 745 | ;; 746 | 747 | 5) 748 | complete_update 749 | installations 750 | enable_packages 751 | sleep 0.5 752 | 753 | echo 754 | green_msg '=========================' 755 | green_msg 'Done.' 756 | green_msg '=========================' 757 | 758 | ask_reboot 759 | ;; 760 | 6) 761 | swap_maker 762 | sleep 0.5 763 | 764 | echo 765 | green_msg '=========================' 766 | green_msg 'Done.' 767 | green_msg '=========================' 768 | 769 | ask_reboot 770 | ;; 771 | 7) 772 | sysctl_optimizations 773 | sleep 0.5 774 | 775 | remove_old_ssh_conf 776 | sleep 0.5 777 | 778 | update_sshd_conf 779 | sleep 0.5 780 | 781 | limits_optimizations 782 | sleep 0.5 783 | 784 | echo 785 | green_msg '=========================' 786 | green_msg 'Done.' 787 | green_msg '=========================' 788 | 789 | ask_reboot 790 | ;; 791 | 8) 792 | sysctl_optimizations 793 | sleep 0.5 794 | 795 | echo 796 | green_msg '=========================' 797 | green_msg 'Done.' 798 | green_msg '=========================' 799 | 800 | ;; 801 | 9) 802 | remove_old_ssh_conf 803 | sleep 0.5 804 | 805 | update_sshd_conf 806 | sleep 0.5 807 | 808 | echo 809 | green_msg '=========================' 810 | green_msg 'Done.' 811 | green_msg '=========================' 812 | 813 | ;; 814 | 10) 815 | limits_optimizations 816 | sleep 0.5 817 | 818 | echo 819 | green_msg '=========================' 820 | green_msg 'Done.' 821 | green_msg '=========================' 822 | 823 | ask_reboot 824 | ;; 825 | 11) 826 | find_ssh_port 827 | ufw_optimizations 828 | sleep 0.5 829 | 830 | echo 831 | green_msg '=========================' 832 | green_msg 'Done.' 833 | green_msg '=========================' 834 | 835 | ask_reboot 836 | ;; 837 | q) 838 | exit 0 839 | ;; 840 | 841 | *) 842 | red_msg 'Wrong input!' 843 | ;; 844 | esac 845 | done 846 | } 847 | 848 | 849 | # Apply Everything 850 | apply_everything() { 851 | 852 | complete_update 853 | sleep 0.5 854 | 855 | installations 856 | sleep 0.5 857 | 858 | enable_packages 859 | sleep 0.5 860 | 861 | swap_maker 862 | sleep 0.5 863 | 864 | sysctl_optimizations 865 | sleep 0.5 866 | 867 | remove_old_ssh_conf 868 | sleep 0.5 869 | 870 | update_sshd_conf 871 | sleep 0.5 872 | 873 | limits_optimizations 874 | sleep 0.5 875 | 876 | find_ssh_port 877 | ufw_optimizations 878 | sleep 0.5 879 | } 880 | 881 | 882 | main 883 | -------------------------------------------------------------------------------- /scripts/debian-optimizer.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # https://github.com/hawshemi/Linux-Optimizer 3 | 4 | 5 | # Green, Yellow & Red Messages. 6 | green_msg() { 7 | tput setaf 2 8 | echo "[*] ----- $1" 9 | tput sgr0 10 | } 11 | 12 | yellow_msg() { 13 | tput setaf 3 14 | echo "[*] ----- $1" 15 | tput sgr0 16 | } 17 | 18 | red_msg() { 19 | tput setaf 1 20 | echo "[*] ----- $1" 21 | tput sgr0 22 | } 23 | 24 | 25 | # Declare Paths & Settings. 26 | SYS_PATH="/etc/sysctl.conf" 27 | PROF_PATH="/etc/profile" 28 | SSH_PORT="" 29 | SSH_PATH="/etc/ssh/sshd_config" 30 | SWAP_PATH="/swapfile" 31 | SWAP_SIZE=2G 32 | 33 | 34 | # Root 35 | check_if_running_as_root() { 36 | ## If you want to run as another user, please modify $EUID to be owned by this user 37 | if [[ "$EUID" -ne '0' ]]; then 38 | echo 39 | red_msg 'Error: You must run this script as root!' 40 | echo 41 | sleep 0.5 42 | exit 1 43 | fi 44 | } 45 | 46 | 47 | # Check Root 48 | check_if_running_as_root 49 | sleep 0.5 50 | 51 | 52 | # Ask Reboot 53 | ask_reboot() { 54 | yellow_msg 'Reboot now? (RECOMMENDED) (y/n)' 55 | echo 56 | while true; do 57 | read choice 58 | echo 59 | if [[ "$choice" == 'y' || "$choice" == 'Y' ]]; then 60 | sleep 0.5 61 | reboot 62 | exit 0 63 | fi 64 | if [[ "$choice" == 'n' || "$choice" == 'N' ]]; then 65 | break 66 | fi 67 | done 68 | } 69 | 70 | 71 | # Update & Upgrade & Remove & Clean 72 | complete_update() { 73 | echo 74 | yellow_msg 'Updating the System... (This can take a while.)' 75 | echo 76 | sleep 0.5 77 | 78 | sudo apt -q update 79 | sudo apt -y upgrade 80 | sudo apt -y full-upgrade 81 | sudo apt -y autoremove 82 | sleep 0.5 83 | 84 | ## Again :D 85 | sudo apt -y -q autoclean 86 | sudo apt -y clean 87 | sudo apt -q update 88 | sudo apt -y upgrade 89 | sudo apt -y full-upgrade 90 | sudo apt -y autoremove --purge 91 | 92 | echo 93 | green_msg 'System Updated & Cleaned Successfully.' 94 | echo 95 | sleep 0.5 96 | } 97 | 98 | 99 | # Install XanMod Kernel 100 | install_xanmod() { 101 | echo 102 | yellow_msg 'Checking XanMod...' 103 | echo 104 | sleep 0.5 105 | 106 | if uname -r | grep -q 'xanmod'; then 107 | green_msg 'XanMod is already installed.' 108 | echo 109 | sleep 0.5 110 | else 111 | echo 112 | yellow_msg 'XanMod not found. Installing XanMod Kernel...' 113 | echo 114 | sleep 0.5 115 | 116 | ## Update, Upgrade & Install dependencies 117 | sudo apt update -q 118 | sudo apt upgrade -y 119 | sudo apt install wget curl gpg -y 120 | 121 | ## Check the CPU level 122 | cpu_level=$(awk -f - < 0) { print level; exit level + 1 } 130 | exit 1 131 | } 132 | EOF 133 | ) 134 | 135 | if [ "$cpu_level" -ge 1 ] && [ "$cpu_level" -le 4 ]; then 136 | echo 137 | yellow_msg "CPU Level: v$cpu_level" 138 | echo 139 | 140 | ## Add the XanMod repository key 141 | # Define a temporary file for the GPG key 142 | tmp_keyring="/tmp/xanmod-archive-keyring.gpg" 143 | 144 | # Try downloading the GPG key from the XanMod link first 145 | if ! wget -qO $tmp_keyring https://dl.xanmod.org/archive.key || ! [ -s $tmp_keyring ]; then 146 | # If the first attempt fails, try the GitLab link 147 | if ! wget -qO $tmp_keyring https://gitlab.com/afrd.gpg || ! [ -s $tmp_keyring ]; then 148 | echo "Both attempts to download the GPG key failed or the file was empty. Exiting." 149 | exit 1 150 | fi 151 | fi 152 | 153 | # If we reach this point, it means we have a non-empty GPG file 154 | # Now dearmor the GPG key and move to the final location 155 | sudo gpg --dearmor -o /usr/share/keyrings/xanmod-archive-keyring.gpg $tmp_keyring 156 | 157 | # Clean up the temporary file 158 | rm -f $tmp_keyring 159 | 160 | ## Add the XanMod repository 161 | echo 'deb [signed-by=/usr/share/keyrings/xanmod-archive-keyring.gpg] http://deb.xanmod.org releases main' | sudo tee /etc/apt/sources.list.d/xanmod-release.list 162 | 163 | ## Install XanMod 164 | sudo apt update -q && sudo apt install "linux-xanmod-x64v$cpu_level" -y 165 | 166 | ## Clean up 167 | sudo apt update -q 168 | sudo apt autoremove --purge -y 169 | 170 | echo 171 | green_msg "XanMod Kernel Installed. Reboot to Apply the new Kernel." 172 | echo 173 | sleep 1 174 | else 175 | echo 176 | red_msg "Unsupported CPU. (Check the supported CPUs at xanmod.org)" 177 | echo 178 | sleep 2 179 | fi 180 | 181 | fi 182 | } 183 | 184 | 185 | # Install useful packages 186 | installations() { 187 | echo 188 | yellow_msg 'Installing Useful Packages...' 189 | echo 190 | sleep 0.5 191 | 192 | ## Networking packages 193 | sudo apt -q -y install apt-transport-https 194 | 195 | ## System utilities 196 | sudo apt -q -y install apt-utils bash-completion busybox ca-certificates cron curl gnupg2 locales lsb-release nano preload screen software-properties-common ufw unzip vim wget xxd zip 197 | 198 | ## Programming and development tools 199 | sudo apt -q -y install autoconf automake bash-completion build-essential git libtool make pkg-config python3 python3-pip 200 | 201 | ## Additional libraries and dependencies 202 | sudo apt -q -y install bc binutils binutils-common binutils-x86-64-linux-gnu debian-keyring haveged jq libsodium-dev libsqlite3-dev libssl-dev packagekit qrencode socat 203 | 204 | ## Miscellaneous 205 | sudo apt -q -y install dialog htop net-tools 206 | 207 | echo 208 | green_msg 'Useful Packages Installed Succesfully.' 209 | echo 210 | sleep 0.5 211 | } 212 | 213 | 214 | # Enable packages at server boot 215 | enable_packages() { 216 | sudo systemctl enable cron haveged preload 217 | echo 218 | green_msg 'Packages Enabled Successfully.' 219 | echo 220 | sleep 0.5 221 | } 222 | 223 | 224 | # Swap Maker 225 | swap_maker() { 226 | echo 227 | yellow_msg 'Making SWAP Space...' 228 | echo 229 | sleep 0.5 230 | 231 | ## Make Swap 232 | sudo fallocate -l $SWAP_SIZE $SWAP_PATH ### Allocate size 233 | sudo chmod 600 $SWAP_PATH ### Set proper permission 234 | sudo mkswap $SWAP_PATH ### Setup swap 235 | sudo swapon $SWAP_PATH ### Enable swap 236 | echo "$SWAP_PATH none swap sw 0 0" >> /etc/fstab ### Add to fstab 237 | echo 238 | green_msg 'SWAP Created Successfully.' 239 | echo 240 | sleep 0.5 241 | } 242 | 243 | 244 | # SYSCTL Optimization 245 | sysctl_optimizations() { 246 | ## Make a backup of the original sysctl.conf file 247 | cp $SYS_PATH /etc/sysctl.conf.bak 248 | 249 | echo 250 | yellow_msg 'Default sysctl.conf file Saved. Directory: /etc/sysctl.conf.bak' 251 | echo 252 | sleep 1 253 | 254 | echo 255 | yellow_msg 'Optimizing the Network...' 256 | echo 257 | sleep 0.5 258 | 259 | sed -i -e '/fs.file-max/d' \ 260 | -e '/net.core.default_qdisc/d' \ 261 | -e '/net.core.netdev_max_backlog/d' \ 262 | -e '/net.core.optmem_max/d' \ 263 | -e '/net.core.somaxconn/d' \ 264 | -e '/net.core.rmem_max/d' \ 265 | -e '/net.core.wmem_max/d' \ 266 | -e '/net.core.rmem_default/d' \ 267 | -e '/net.core.wmem_default/d' \ 268 | -e '/net.ipv4.tcp_rmem/d' \ 269 | -e '/net.ipv4.tcp_wmem/d' \ 270 | -e '/net.ipv4.tcp_congestion_control/d' \ 271 | -e '/net.ipv4.tcp_fastopen/d' \ 272 | -e '/net.ipv4.tcp_fin_timeout/d' \ 273 | -e '/net.ipv4.tcp_keepalive_time/d' \ 274 | -e '/net.ipv4.tcp_keepalive_probes/d' \ 275 | -e '/net.ipv4.tcp_keepalive_intvl/d' \ 276 | -e '/net.ipv4.tcp_max_orphans/d' \ 277 | -e '/net.ipv4.tcp_max_syn_backlog/d' \ 278 | -e '/net.ipv4.tcp_max_tw_buckets/d' \ 279 | -e '/net.ipv4.tcp_mem/d' \ 280 | -e '/net.ipv4.tcp_mtu_probing/d' \ 281 | -e '/net.ipv4.tcp_notsent_lowat/d' \ 282 | -e '/net.ipv4.tcp_retries2/d' \ 283 | -e '/net.ipv4.tcp_sack/d' \ 284 | -e '/net.ipv4.tcp_dsack/d' \ 285 | -e '/net.ipv4.tcp_slow_start_after_idle/d' \ 286 | -e '/net.ipv4.tcp_window_scaling/d' \ 287 | -e '/net.ipv4.tcp_adv_win_scale/d' \ 288 | -e '/net.ipv4.tcp_ecn/d' \ 289 | -e '/net.ipv4.tcp_ecn_fallback/d' \ 290 | -e '/net.ipv4.tcp_syncookies/d' \ 291 | -e '/net.ipv4.udp_mem/d' \ 292 | -e '/net.ipv6.conf.all.disable_ipv6/d' \ 293 | -e '/net.ipv6.conf.default.disable_ipv6/d' \ 294 | -e '/net.ipv6.conf.lo.disable_ipv6/d' \ 295 | -e '/net.unix.max_dgram_qlen/d' \ 296 | -e '/vm.min_free_kbytes/d' \ 297 | -e '/vm.swappiness/d' \ 298 | -e '/vm.vfs_cache_pressure/d' \ 299 | -e '/net.ipv4.conf.default.rp_filter/d' \ 300 | -e '/net.ipv4.conf.all.rp_filter/d' \ 301 | -e '/net.ipv4.conf.all.accept_source_route/d' \ 302 | -e '/net.ipv4.conf.default.accept_source_route/d' \ 303 | -e '/net.ipv4.neigh.default.gc_thresh1/d' \ 304 | -e '/net.ipv4.neigh.default.gc_thresh2/d' \ 305 | -e '/net.ipv4.neigh.default.gc_thresh3/d' \ 306 | -e '/net.ipv4.neigh.default.gc_stale_time/d' \ 307 | -e '/net.ipv4.conf.default.arp_announce/d' \ 308 | -e '/net.ipv4.conf.lo.arp_announce/d' \ 309 | -e '/net.ipv4.conf.all.arp_announce/d' \ 310 | -e '/kernel.panic/d' \ 311 | -e '/vm.dirty_ratio/d' \ 312 | -e '/vm.overcommit_memory/d' \ 313 | -e '/vm.overcommit_ratio/d' \ 314 | -e '/^#/d' \ 315 | -e '/^$/d' \ 316 | "$SYS_PATH" 317 | 318 | 319 | ## Add new parameteres. Read More: https://github.com/hawshemi/Linux-Optimizer/blob/main/files/sysctl.conf 320 | 321 | cat <> "$SYS_PATH" 322 | 323 | 324 | ################################################################ 325 | ################################################################ 326 | 327 | 328 | # /etc/sysctl.conf 329 | # These parameters in this file will be added/updated to the sysctl.conf file. 330 | # Read More: https://github.com/hawshemi/Linux-Optimizer/blob/main/files/sysctl.conf 331 | 332 | 333 | ## File system settings 334 | ## ---------------------------------------------------------------- 335 | 336 | # Set the maximum number of open file descriptors 337 | fs.file-max = 67108864 338 | 339 | 340 | ## Network core settings 341 | ## ---------------------------------------------------------------- 342 | 343 | # Specify default queuing discipline for network devices 344 | net.core.default_qdisc = fq 345 | 346 | # Configure maximum network device backlog 347 | net.core.netdev_max_backlog = 32768 348 | 349 | # Set maximum socket receive buffer 350 | net.core.optmem_max = 262144 351 | 352 | # Define maximum backlog of pending connections 353 | net.core.somaxconn = 65536 354 | 355 | # Configure maximum TCP receive buffer size 356 | net.core.rmem_max = 33554432 357 | 358 | # Set default TCP receive buffer size 359 | net.core.rmem_default = 1048576 360 | 361 | # Configure maximum TCP send buffer size 362 | net.core.wmem_max = 33554432 363 | 364 | # Set default TCP send buffer size 365 | net.core.wmem_default = 1048576 366 | 367 | 368 | ## TCP settings 369 | ## ---------------------------------------------------------------- 370 | 371 | # Define socket receive buffer sizes 372 | net.ipv4.tcp_rmem = 16384 1048576 33554432 373 | 374 | # Specify socket send buffer sizes 375 | net.ipv4.tcp_wmem = 16384 1048576 33554432 376 | 377 | # Set TCP congestion control algorithm to BBR 378 | net.ipv4.tcp_congestion_control = bbr 379 | 380 | # Configure TCP FIN timeout period 381 | net.ipv4.tcp_fin_timeout = 25 382 | 383 | # Set keepalive time (seconds) 384 | net.ipv4.tcp_keepalive_time = 1200 385 | 386 | # Configure keepalive probes count and interval 387 | net.ipv4.tcp_keepalive_probes = 7 388 | net.ipv4.tcp_keepalive_intvl = 30 389 | 390 | # Define maximum orphaned TCP sockets 391 | net.ipv4.tcp_max_orphans = 819200 392 | 393 | # Set maximum TCP SYN backlog 394 | net.ipv4.tcp_max_syn_backlog = 20480 395 | 396 | # Configure maximum TCP Time Wait buckets 397 | net.ipv4.tcp_max_tw_buckets = 1440000 398 | 399 | # Define TCP memory limits 400 | net.ipv4.tcp_mem = 65536 1048576 33554432 401 | 402 | # Enable TCP MTU probing 403 | net.ipv4.tcp_mtu_probing = 1 404 | 405 | # Define minimum amount of data in the send buffer before TCP starts sending 406 | net.ipv4.tcp_notsent_lowat = 32768 407 | 408 | # Specify retries for TCP socket to establish connection 409 | net.ipv4.tcp_retries2 = 8 410 | 411 | # Enable TCP SACK and DSACK 412 | net.ipv4.tcp_sack = 1 413 | net.ipv4.tcp_dsack = 1 414 | 415 | # Disable TCP slow start after idle 416 | net.ipv4.tcp_slow_start_after_idle = 0 417 | 418 | # Enable TCP window scaling 419 | net.ipv4.tcp_window_scaling = 1 420 | net.ipv4.tcp_adv_win_scale = -2 421 | 422 | # Enable TCP ECN 423 | net.ipv4.tcp_ecn = 1 424 | net.ipv4.tcp_ecn_fallback = 1 425 | 426 | # Enable the use of TCP SYN cookies to help protect against SYN flood attacks 427 | net.ipv4.tcp_syncookies = 1 428 | 429 | 430 | ## UDP settings 431 | ## ---------------------------------------------------------------- 432 | 433 | # Define UDP memory limits 434 | net.ipv4.udp_mem = 65536 1048576 33554432 435 | 436 | 437 | ## IPv6 settings 438 | ## ---------------------------------------------------------------- 439 | 440 | # Enable IPv6 441 | #net.ipv6.conf.all.disable_ipv6 = 0 442 | 443 | # Enable IPv6 by default 444 | #net.ipv6.conf.default.disable_ipv6 = 0 445 | 446 | # Enable IPv6 on the loopback interface (lo) 447 | #net.ipv6.conf.lo.disable_ipv6 = 0 448 | 449 | 450 | ## UNIX domain sockets 451 | ## ---------------------------------------------------------------- 452 | 453 | # Set maximum queue length of UNIX domain sockets 454 | net.unix.max_dgram_qlen = 256 455 | 456 | 457 | ## Virtual memory (VM) settings 458 | ## ---------------------------------------------------------------- 459 | 460 | # Specify minimum free Kbytes at which VM pressure happens 461 | vm.min_free_kbytes = 65536 462 | 463 | # Define how aggressively swap memory pages are used 464 | vm.swappiness = 10 465 | 466 | # Set the tendency of the kernel to reclaim memory used for caching of directory and inode objects 467 | vm.vfs_cache_pressure = 250 468 | 469 | 470 | ## Network Configuration 471 | ## ---------------------------------------------------------------- 472 | 473 | # Configure reverse path filtering 474 | net.ipv4.conf.default.rp_filter = 2 475 | net.ipv4.conf.all.rp_filter = 2 476 | 477 | # Disable source route acceptance 478 | net.ipv4.conf.all.accept_source_route = 0 479 | net.ipv4.conf.default.accept_source_route = 0 480 | 481 | # Neighbor table settings 482 | net.ipv4.neigh.default.gc_thresh1 = 512 483 | net.ipv4.neigh.default.gc_thresh2 = 2048 484 | net.ipv4.neigh.default.gc_thresh3 = 16384 485 | net.ipv4.neigh.default.gc_stale_time = 60 486 | 487 | # ARP settings 488 | net.ipv4.conf.default.arp_announce = 2 489 | net.ipv4.conf.lo.arp_announce = 2 490 | net.ipv4.conf.all.arp_announce = 2 491 | 492 | # Kernel panic timeout 493 | kernel.panic = 1 494 | 495 | # Set dirty page ratio for virtual memory 496 | vm.dirty_ratio = 20 497 | 498 | # Strictly limits memory allocation to physical RAM + swap, preventing overcommit and reducing OOM risks. 499 | vm.overcommit_memory = 2 500 | 501 | # Sets overcommit to 100% of RAM when enabled, but ignored here since overcommit_memory = 2 disables it. 502 | vm.overcommit_ratio = 100 503 | 504 | ################################################################ 505 | ################################################################ 506 | 507 | 508 | EOF 509 | 510 | sudo sysctl -p 511 | 512 | echo 513 | green_msg 'Network is Optimized.' 514 | echo 515 | sleep 0.5 516 | } 517 | 518 | 519 | # Function to find the SSH port and set it in the SSH_PORT variable 520 | find_ssh_port() { 521 | echo 522 | yellow_msg "Finding SSH port..." 523 | echo 524 | 525 | ## Check if the SSH configuration file exists 526 | if [ -e "$SSH_PATH" ]; then 527 | ## Use grep to search for the 'Port' directive in the SSH configuration file 528 | SSH_PORT=$(grep -oP '^Port\s+\K\d+' "$SSH_PATH" 2>/dev/null) 529 | 530 | if [ -n "$SSH_PORT" ]; then 531 | echo 532 | green_msg "SSH port found: $SSH_PORT" 533 | echo 534 | sleep 0.5 535 | else 536 | echo 537 | green_msg "SSH port is default 22." 538 | echo 539 | SSH_PORT=22 540 | sleep 0.5 541 | fi 542 | else 543 | red_msg "SSH configuration file not found at $SSH_PATH" 544 | fi 545 | } 546 | 547 | 548 | # Remove old SSH config to prevent duplicates. 549 | remove_old_ssh_conf() { 550 | ## Make a backup of the original sshd_config file 551 | cp $SSH_PATH /etc/ssh/sshd_config.bak 552 | 553 | echo 554 | yellow_msg 'Default SSH Config file Saved. Directory: /etc/ssh/sshd_config.bak' 555 | echo 556 | sleep 1 557 | 558 | ## Remove these lines 559 | sed -i -e 's/#UseDNS yes/UseDNS no/' \ 560 | -e 's/#Compression no/Compression yes/' \ 561 | -e 's/Ciphers .*/Ciphers aes256-ctr,chacha20-poly1305@openssh.com/' \ 562 | -e '/MaxAuthTries/d' \ 563 | -e '/MaxSessions/d' \ 564 | -e '/TCPKeepAlive/d' \ 565 | -e '/ClientAliveInterval/d' \ 566 | -e '/ClientAliveCountMax/d' \ 567 | -e '/AllowAgentForwarding/d' \ 568 | -e '/AllowTcpForwarding/d' \ 569 | -e '/GatewayPorts/d' \ 570 | -e '/PermitTunnel/d' \ 571 | -e '/X11Forwarding/d' "$SSH_PATH" 572 | 573 | } 574 | 575 | 576 | # Update SSH config 577 | update_sshd_conf() { 578 | echo 579 | yellow_msg 'Optimizing SSH...' 580 | echo 581 | sleep 0.5 582 | 583 | ## Enable TCP keep-alive messages 584 | echo "TCPKeepAlive yes" | tee -a "$SSH_PATH" 585 | 586 | ## Configure client keep-alive messages 587 | echo "ClientAliveInterval 3000" | tee -a "$SSH_PATH" 588 | echo "ClientAliveCountMax 100" | tee -a "$SSH_PATH" 589 | 590 | ## Allow TCP forwarding 591 | echo "AllowTcpForwarding yes" | tee -a "$SSH_PATH" 592 | 593 | ## Enable gateway ports 594 | echo "GatewayPorts yes" | tee -a "$SSH_PATH" 595 | 596 | ## Enable tunneling 597 | echo "PermitTunnel yes" | tee -a "$SSH_PATH" 598 | 599 | ## Enable X11 graphical interface forwarding 600 | echo "X11Forwarding yes" | tee -a "$SSH_PATH" 601 | 602 | ## Restart the SSH service to apply the changes 603 | sudo systemctl restart ssh 604 | 605 | echo 606 | green_msg 'SSH is Optimized.' 607 | echo 608 | sleep 0.5 609 | } 610 | 611 | 612 | # System Limits Optimizations 613 | limits_optimizations() { 614 | echo 615 | yellow_msg 'Optimizing System Limits...' 616 | echo 617 | sleep 0.5 618 | 619 | ## Clear old ulimits 620 | sed -i '/ulimit -c/d' $PROF_PATH 621 | sed -i '/ulimit -d/d' $PROF_PATH 622 | sed -i '/ulimit -f/d' $PROF_PATH 623 | sed -i '/ulimit -i/d' $PROF_PATH 624 | sed -i '/ulimit -l/d' $PROF_PATH 625 | sed -i '/ulimit -m/d' $PROF_PATH 626 | sed -i '/ulimit -n/d' $PROF_PATH 627 | sed -i '/ulimit -q/d' $PROF_PATH 628 | sed -i '/ulimit -s/d' $PROF_PATH 629 | sed -i '/ulimit -t/d' $PROF_PATH 630 | sed -i '/ulimit -u/d' $PROF_PATH 631 | sed -i '/ulimit -v/d' $PROF_PATH 632 | sed -i '/ulimit -x/d' $PROF_PATH 633 | sed -i '/ulimit -s/d' $PROF_PATH 634 | 635 | 636 | ## Add new ulimits 637 | ## The maximum size of core files created. 638 | echo "ulimit -c unlimited" | tee -a $PROF_PATH 639 | 640 | ## The maximum size of a process's data segment 641 | echo "ulimit -d unlimited" | tee -a $PROF_PATH 642 | 643 | ## The maximum size of files created by the shell (default option) 644 | echo "ulimit -f unlimited" | tee -a $PROF_PATH 645 | 646 | ## The maximum number of pending signals 647 | echo "ulimit -i unlimited" | tee -a $PROF_PATH 648 | 649 | ## The maximum size that may be locked into memory 650 | echo "ulimit -l unlimited" | tee -a $PROF_PATH 651 | 652 | ## The maximum memory size 653 | echo "ulimit -m unlimited" | tee -a $PROF_PATH 654 | 655 | ## The maximum number of open file descriptors 656 | echo "ulimit -n 1048576" | tee -a $PROF_PATH 657 | 658 | ## The maximum POSIX message queue size 659 | echo "ulimit -q unlimited" | tee -a $PROF_PATH 660 | 661 | ## The maximum stack size 662 | echo "ulimit -s -H 65536" | tee -a $PROF_PATH 663 | echo "ulimit -s 32768" | tee -a $PROF_PATH 664 | 665 | ## The maximum number of seconds to be used by each process. 666 | echo "ulimit -t unlimited" | tee -a $PROF_PATH 667 | 668 | ## The maximum number of processes available to a single user 669 | echo "ulimit -u unlimited" | tee -a $PROF_PATH 670 | 671 | ## The maximum amount of virtual memory available to the process 672 | echo "ulimit -v unlimited" | tee -a $PROF_PATH 673 | 674 | ## The maximum number of file locks 675 | echo "ulimit -x unlimited" | tee -a $PROF_PATH 676 | 677 | 678 | echo 679 | green_msg 'System Limits are Optimized.' 680 | echo 681 | sleep 0.5 682 | } 683 | 684 | 685 | # UFW Optimizations 686 | ufw_optimizations() { 687 | echo 688 | yellow_msg 'Installing & Optimizing UFW...' 689 | echo 690 | sleep 0.5 691 | 692 | ## Purge firewalld to install UFW. 693 | sudo apt -y purge firewalld 694 | 695 | ## Install UFW if it isn't installed. 696 | sudo apt update -q 697 | sudo apt install -y ufw 698 | 699 | ## Disable UFW 700 | sudo ufw disable 701 | 702 | ## Open default ports. 703 | sudo ufw allow $SSH_PORT 704 | sudo ufw allow 80/tcp 705 | sudo ufw allow 80/udp 706 | sudo ufw allow 443/tcp 707 | sudo ufw allow 443/udp 708 | sleep 0.5 709 | 710 | ## Change the UFW config to use System config. 711 | sed -i 's+/etc/ufw/sysctl.conf+/etc/sysctl.conf+gI' /etc/default/ufw 712 | 713 | ## Enable & Reload 714 | echo "y" | sudo ufw enable 715 | sudo ufw reload 716 | echo 717 | green_msg 'UFW is Installed & Optimized. (Open your custom ports manually.)' 718 | echo 719 | sleep 0.5 720 | } 721 | 722 | 723 | # Show the Menu 724 | show_menu() { 725 | echo 726 | yellow_msg 'Choose One Option: ' 727 | echo 728 | green_msg '1 - Apply Everything + XanMod Kernel. (RECOMMENDED)' 729 | echo 730 | green_msg '2 - Install XanMod Kernel.' 731 | echo 732 | green_msg '3 - Complete Update + Useful Packages + Make SWAP + Optimize Network, SSH & System Limits + UFW' 733 | green_msg '4 - Complete Update + Make SWAP + Optimize Network, SSH & System Limits + UFW' 734 | green_msg '5 - Complete Update + Make SWAP + Optimize Network, SSH & System Limits' 735 | echo 736 | green_msg '6 - Complete Update & Clean the OS.' 737 | green_msg '7 - Install Useful Packages.' 738 | green_msg '8 - Make SWAP (2Gb).' 739 | green_msg '9 - Optimize the Network, SSH & System Limits.' 740 | echo 741 | green_msg '10 - Optimize the Network settings.' 742 | green_msg '11 - Optimize the SSH settings.' 743 | green_msg '12 - Optimize the System Limits.' 744 | echo 745 | green_msg '13 - Install & Optimize UFW.' 746 | echo 747 | red_msg 'q - Exit.' 748 | echo 749 | } 750 | 751 | 752 | # Choosing Program 753 | main() { 754 | while true; do 755 | show_menu 756 | read -p 'Enter Your Choice: ' choice 757 | case $choice in 758 | 1) 759 | apply_everything 760 | 761 | echo 762 | green_msg '=========================' 763 | green_msg 'Done.' 764 | green_msg '=========================' 765 | 766 | ask_reboot 767 | ;; 768 | 769 | 2) 770 | complete_update 771 | sleep 0.5 772 | 773 | install_xanmod 774 | sleep 0.5 775 | 776 | echo 777 | green_msg '=========================' 778 | green_msg 'Done.' 779 | green_msg '=========================' 780 | 781 | ask_reboot 782 | ;; 783 | 3) 784 | complete_update 785 | sleep 0.5 786 | 787 | installations 788 | enable_packages 789 | sleep 0.5 790 | 791 | swap_maker 792 | sleep 0.5 793 | 794 | sysctl_optimizations 795 | sleep 0.5 796 | 797 | remove_old_ssh_conf 798 | sleep 0.5 799 | 800 | update_sshd_conf 801 | sleep 0.5 802 | 803 | limits_optimizations 804 | sleep 0.5 805 | 806 | find_ssh_port 807 | ufw_optimizations 808 | sleep 0.5 809 | 810 | echo 811 | green_msg '=========================' 812 | green_msg 'Done.' 813 | green_msg '=========================' 814 | 815 | ask_reboot 816 | ;; 817 | 4) 818 | complete_update 819 | sleep 0.5 820 | 821 | swap_maker 822 | sleep 0.5 823 | 824 | sysctl_optimizations 825 | sleep 0.5 826 | 827 | remove_old_ssh_conf 828 | sleep 0.5 829 | 830 | update_sshd_conf 831 | sleep 0.5 832 | 833 | limits_optimizations 834 | sleep 0.5 835 | 836 | find_ssh_port 837 | ufw_optimizations 838 | sleep 0.5 839 | 840 | echo 841 | green_msg '=========================' 842 | green_msg 'Done.' 843 | green_msg '=========================' 844 | 845 | ask_reboot 846 | ;; 847 | 5) 848 | complete_update 849 | sleep 0.5 850 | 851 | swap_maker 852 | sleep 0.5 853 | 854 | sysctl_optimizations 855 | sleep 0.5 856 | 857 | remove_old_ssh_conf 858 | sleep 0.5 859 | 860 | update_sshd_conf 861 | sleep 0.5 862 | 863 | limits_optimizations 864 | sleep 0.5 865 | 866 | echo 867 | green_msg '=========================' 868 | green_msg 'Done.' 869 | green_msg '=========================' 870 | 871 | ask_reboot 872 | ;; 873 | 6) 874 | complete_update 875 | sleep 0.5 876 | 877 | echo 878 | green_msg '=========================' 879 | green_msg 'Done.' 880 | green_msg '=========================' 881 | 882 | ask_reboot 883 | ;; 884 | 885 | 7) 886 | complete_update 887 | sleep 0.5 888 | 889 | installations 890 | enable_packages 891 | sleep 0.5 892 | 893 | echo 894 | green_msg '=========================' 895 | green_msg 'Done.' 896 | green_msg '=========================' 897 | 898 | ask_reboot 899 | ;; 900 | 8) 901 | swap_maker 902 | sleep 0.5 903 | 904 | echo 905 | green_msg '=========================' 906 | green_msg 'Done.' 907 | green_msg '=========================' 908 | 909 | ask_reboot 910 | ;; 911 | 9) 912 | sysctl_optimizations 913 | sleep 0.5 914 | 915 | remove_old_ssh_conf 916 | sleep 0.5 917 | 918 | update_sshd_conf 919 | sleep 0.5 920 | 921 | limits_optimizations 922 | sleep 0.5 923 | 924 | echo 925 | green_msg '=========================' 926 | green_msg 'Done.' 927 | green_msg '=========================' 928 | 929 | ask_reboot 930 | ;; 931 | 10) 932 | sysctl_optimizations 933 | sleep 0.5 934 | 935 | echo 936 | green_msg '=========================' 937 | green_msg 'Done.' 938 | green_msg '=========================' 939 | 940 | ;; 941 | 11) 942 | remove_old_ssh_conf 943 | sleep 0.5 944 | 945 | update_sshd_conf 946 | sleep 0.5 947 | 948 | echo 949 | green_msg '=========================' 950 | green_msg 'Done.' 951 | green_msg '=========================' 952 | 953 | ;; 954 | 12) 955 | limits_optimizations 956 | sleep 0.5 957 | 958 | echo 959 | green_msg '=========================' 960 | green_msg 'Done.' 961 | green_msg '=========================' 962 | 963 | ask_reboot 964 | ;; 965 | 13) 966 | find_ssh_port 967 | ufw_optimizations 968 | sleep 0.5 969 | 970 | echo 971 | green_msg '=========================' 972 | green_msg 'Done.' 973 | green_msg '=========================' 974 | 975 | ;; 976 | q) 977 | exit 0 978 | ;; 979 | 980 | *) 981 | red_msg 'Wrong input!' 982 | ;; 983 | esac 984 | done 985 | } 986 | 987 | 988 | # Apply Everything 989 | apply_everything() { 990 | 991 | complete_update 992 | sleep 0.5 993 | 994 | install_xanmod 995 | sleep 0.5 996 | 997 | installations 998 | enable_packages 999 | sleep 0.5 1000 | 1001 | swap_maker 1002 | sleep 0.5 1003 | 1004 | sysctl_optimizations 1005 | sleep 0.5 1006 | 1007 | remove_old_ssh_conf 1008 | sleep 0.5 1009 | 1010 | update_sshd_conf 1011 | sleep 0.5 1012 | 1013 | limits_optimizations 1014 | sleep 0.5 1015 | 1016 | find_ssh_port 1017 | ufw_optimizations 1018 | sleep 0.5 1019 | } 1020 | 1021 | 1022 | main 1023 | -------------------------------------------------------------------------------- /scripts/ubuntu-optimizer.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # https://github.com/hawshemi/Linux-Optimizer 3 | 4 | 5 | # Green, Yellow & Red Messages. 6 | green_msg() { 7 | tput setaf 2 8 | echo "[*] ----- $1" 9 | tput sgr0 10 | } 11 | 12 | yellow_msg() { 13 | tput setaf 3 14 | echo "[*] ----- $1" 15 | tput sgr0 16 | } 17 | 18 | red_msg() { 19 | tput setaf 1 20 | echo "[*] ----- $1" 21 | tput sgr0 22 | } 23 | 24 | 25 | # Declare Paths & Settings. 26 | SYS_PATH="/etc/sysctl.conf" 27 | PROF_PATH="/etc/profile" 28 | SSH_PORT="" 29 | SSH_PATH="/etc/ssh/sshd_config" 30 | SWAP_PATH="/swapfile" 31 | SWAP_SIZE=2G 32 | 33 | 34 | # Root 35 | check_if_running_as_root() { 36 | ## If you want to run as another user, please modify $EUID to be owned by this user 37 | if [[ "$EUID" -ne '0' ]]; then 38 | echo 39 | red_msg 'Error: You must run this script as root!' 40 | echo 41 | sleep 0.5 42 | exit 1 43 | fi 44 | } 45 | 46 | 47 | # Check Root 48 | check_if_running_as_root 49 | sleep 0.5 50 | 51 | 52 | # Ask Reboot 53 | ask_reboot() { 54 | yellow_msg 'Reboot now? (Recommended) (y/n)' 55 | echo 56 | while true; do 57 | read choice 58 | echo 59 | if [[ "$choice" == 'y' || "$choice" == 'Y' ]]; then 60 | sleep 0.5 61 | reboot 62 | exit 0 63 | fi 64 | if [[ "$choice" == 'n' || "$choice" == 'N' ]]; then 65 | break 66 | fi 67 | done 68 | } 69 | 70 | 71 | # Update & Upgrade & Remove & Clean 72 | complete_update() { 73 | echo 74 | yellow_msg 'Updating the System... (This can take a while.)' 75 | echo 76 | sleep 0.5 77 | 78 | sudo apt -q update 79 | sudo apt -y upgrade 80 | sudo apt -y full-upgrade 81 | sudo apt -y autoremove 82 | sleep 0.5 83 | 84 | ## Again :D 85 | sudo apt -y -q autoclean 86 | sudo apt -y clean 87 | sudo apt -q update 88 | sudo apt -y upgrade 89 | sudo apt -y full-upgrade 90 | sudo apt -y autoremove --purge 91 | 92 | echo 93 | green_msg 'System Updated & Cleaned Successfully.' 94 | echo 95 | sleep 0.5 96 | } 97 | 98 | 99 | # Disable Terminal Ads 100 | disable_terminal_ads() { 101 | echo 102 | yellow_msg 'Disabling Terminal Ads...' 103 | echo 104 | sleep 0.5 105 | 106 | sed -i 's/ENABLED=1/ENABLED=0/g' /etc/default/motd-news 107 | pro config set apt_news=false 108 | 109 | echo 110 | green_msg 'Terminal Ads Disabled.' 111 | echo 112 | sleep 0.5 113 | } 114 | 115 | 116 | # Install XanMod Kernel 117 | install_xanmod() { 118 | echo 119 | yellow_msg 'Checking XanMod...' 120 | echo 121 | sleep 0.5 122 | 123 | if uname -r | grep -q 'xanmod'; then 124 | green_msg 'XanMod is already installed.' 125 | echo 126 | sleep 0.5 127 | else 128 | echo 129 | yellow_msg 'XanMod not found. Installing XanMod Kernel...' 130 | echo 131 | sleep 0.5 132 | 133 | ## Update, Upgrade & Install dependencies 134 | sudo apt update -q 135 | sudo apt upgrade -y 136 | sudo apt install wget curl gpg -y 137 | 138 | ## Check the CPU level 139 | cpu_level=$(awk -f - < 0) { print level; exit level + 1 } 147 | exit 1 148 | } 149 | EOF 150 | ) 151 | 152 | if [ "$cpu_level" -ge 1 ] && [ "$cpu_level" -le 4 ]; then 153 | echo 154 | yellow_msg "CPU Level: v$cpu_level" 155 | echo 156 | 157 | ## Add the XanMod repository key 158 | # Define a temporary file for the GPG key 159 | tmp_keyring="/tmp/xanmod-archive-keyring.gpg" 160 | 161 | # Try downloading the GPG key from the XanMod link first 162 | if ! wget -qO $tmp_keyring https://dl.xanmod.org/archive.key || ! [ -s $tmp_keyring ]; then 163 | # If the first attempt fails, try the GitLab link 164 | if ! wget -qO $tmp_keyring https://gitlab.com/afrd.gpg || ! [ -s $tmp_keyring ]; then 165 | echo "Both attempts to download the GPG key failed or the file was empty. Exiting." 166 | exit 1 167 | fi 168 | fi 169 | 170 | # If we reach this point, it means we have a non-empty GPG file 171 | # Now dearmor the GPG key and move to the final location 172 | sudo gpg --dearmor -o /usr/share/keyrings/xanmod-archive-keyring.gpg $tmp_keyring 173 | 174 | # Clean up the temporary file 175 | rm -f $tmp_keyring 176 | 177 | ## Add the XanMod repository 178 | echo 'deb [signed-by=/usr/share/keyrings/xanmod-archive-keyring.gpg] http://deb.xanmod.org releases main' | sudo tee /etc/apt/sources.list.d/xanmod-release.list 179 | 180 | ## Install XanMod 181 | sudo apt update -q && sudo apt install "linux-xanmod-x64v$cpu_level" -y 182 | 183 | ## Clean up 184 | sudo apt update -q 185 | sudo apt autoremove --purge -y 186 | 187 | echo 188 | green_msg "XanMod Kernel Installed. Reboot to Apply the new Kernel." 189 | echo 190 | sleep 1 191 | else 192 | echo 193 | red_msg "Unsupported CPU. (Check the supported CPUs at xanmod.org)" 194 | echo 195 | sleep 2 196 | fi 197 | 198 | fi 199 | } 200 | 201 | 202 | # Install useful packages 203 | installations() { 204 | echo 205 | yellow_msg 'Installing Useful Packages...' 206 | echo 207 | sleep 0.5 208 | 209 | ## Networking packages 210 | sudo apt -y install apt-transport-https 211 | 212 | ## System utilities 213 | sudo apt -y install apt-utils bash-completion busybox ca-certificates cron curl gnupg2 locales lsb-release nano preload screen software-properties-common ufw unzip vim wget xxd zip 214 | 215 | ## Programming and development tools 216 | sudo apt -y install autoconf automake bash-completion build-essential git libtool make pkg-config python3 python3-pip 217 | 218 | ## Additional libraries and dependencies 219 | sudo apt -y install bc binutils binutils-common binutils-x86-64-linux-gnu ubuntu-keyring haveged jq libsodium-dev libsqlite3-dev libssl-dev packagekit qrencode socat 220 | 221 | ## Miscellaneous 222 | sudo apt -y install dialog htop net-tools 223 | 224 | echo 225 | green_msg 'Useful Packages Installed Succesfully.' 226 | echo 227 | sleep 0.5 228 | } 229 | 230 | 231 | # Enable packages at server boot 232 | enable_packages() { 233 | sudo systemctl enable cron haveged preload 234 | echo 235 | green_msg 'Packages Enabled Successfully.' 236 | echo 237 | sleep 0.5 238 | } 239 | 240 | 241 | ## Swap Maker 242 | swap_maker() { 243 | echo 244 | yellow_msg 'Making SWAP Space...' 245 | echo 246 | sleep 0.5 247 | 248 | ## Make Swap 249 | sudo fallocate -l $SWAP_SIZE $SWAP_PATH ## Allocate size 250 | sudo chmod 600 $SWAP_PATH ## Set proper permission 251 | sudo mkswap $SWAP_PATH ## Setup swap 252 | sudo swapon $SWAP_PATH ## Enable swap 253 | echo "$SWAP_PATH none swap sw 0 0" >> /etc/fstab ## Add to fstab 254 | echo 255 | green_msg 'SWAP Created Successfully.' 256 | echo 257 | sleep 0.5 258 | } 259 | 260 | 261 | # SYSCTL Optimization 262 | sysctl_optimizations() { 263 | ## Make a backup of the original sysctl.conf file 264 | cp $SYS_PATH /etc/sysctl.conf.bak 265 | 266 | echo 267 | yellow_msg 'Default sysctl.conf file Saved. Directory: /etc/sysctl.conf.bak' 268 | echo 269 | sleep 1 270 | 271 | echo 272 | yellow_msg 'Optimizing the Network...' 273 | echo 274 | sleep 0.5 275 | 276 | sed -i -e '/fs.file-max/d' \ 277 | -e '/net.core.default_qdisc/d' \ 278 | -e '/net.core.netdev_max_backlog/d' \ 279 | -e '/net.core.optmem_max/d' \ 280 | -e '/net.core.somaxconn/d' \ 281 | -e '/net.core.rmem_max/d' \ 282 | -e '/net.core.wmem_max/d' \ 283 | -e '/net.core.rmem_default/d' \ 284 | -e '/net.core.wmem_default/d' \ 285 | -e '/net.ipv4.tcp_rmem/d' \ 286 | -e '/net.ipv4.tcp_wmem/d' \ 287 | -e '/net.ipv4.tcp_congestion_control/d' \ 288 | -e '/net.ipv4.tcp_fastopen/d' \ 289 | -e '/net.ipv4.tcp_fin_timeout/d' \ 290 | -e '/net.ipv4.tcp_keepalive_time/d' \ 291 | -e '/net.ipv4.tcp_keepalive_probes/d' \ 292 | -e '/net.ipv4.tcp_keepalive_intvl/d' \ 293 | -e '/net.ipv4.tcp_max_orphans/d' \ 294 | -e '/net.ipv4.tcp_max_syn_backlog/d' \ 295 | -e '/net.ipv4.tcp_max_tw_buckets/d' \ 296 | -e '/net.ipv4.tcp_mem/d' \ 297 | -e '/net.ipv4.tcp_mtu_probing/d' \ 298 | -e '/net.ipv4.tcp_notsent_lowat/d' \ 299 | -e '/net.ipv4.tcp_retries2/d' \ 300 | -e '/net.ipv4.tcp_sack/d' \ 301 | -e '/net.ipv4.tcp_dsack/d' \ 302 | -e '/net.ipv4.tcp_slow_start_after_idle/d' \ 303 | -e '/net.ipv4.tcp_window_scaling/d' \ 304 | -e '/net.ipv4.tcp_adv_win_scale/d' \ 305 | -e '/net.ipv4.tcp_ecn/d' \ 306 | -e '/net.ipv4.tcp_ecn_fallback/d' \ 307 | -e '/net.ipv4.tcp_syncookies/d' \ 308 | -e '/net.ipv4.udp_mem/d' \ 309 | -e '/net.ipv6.conf.all.disable_ipv6/d' \ 310 | -e '/net.ipv6.conf.default.disable_ipv6/d' \ 311 | -e '/net.ipv6.conf.lo.disable_ipv6/d' \ 312 | -e '/net.unix.max_dgram_qlen/d' \ 313 | -e '/vm.min_free_kbytes/d' \ 314 | -e '/vm.swappiness/d' \ 315 | -e '/vm.vfs_cache_pressure/d' \ 316 | -e '/net.ipv4.conf.default.rp_filter/d' \ 317 | -e '/net.ipv4.conf.all.rp_filter/d' \ 318 | -e '/net.ipv4.conf.all.accept_source_route/d' \ 319 | -e '/net.ipv4.conf.default.accept_source_route/d' \ 320 | -e '/net.ipv4.neigh.default.gc_thresh1/d' \ 321 | -e '/net.ipv4.neigh.default.gc_thresh2/d' \ 322 | -e '/net.ipv4.neigh.default.gc_thresh3/d' \ 323 | -e '/net.ipv4.neigh.default.gc_stale_time/d' \ 324 | -e '/net.ipv4.conf.default.arp_announce/d' \ 325 | -e '/net.ipv4.conf.lo.arp_announce/d' \ 326 | -e '/net.ipv4.conf.all.arp_announce/d' \ 327 | -e '/kernel.panic/d' \ 328 | -e '/vm.dirty_ratio/d' \ 329 | -e '/vm.overcommit_memory/d' \ 330 | -e '/vm.overcommit_ratio/d' \ 331 | -e '/^#/d' \ 332 | -e '/^$/d' \ 333 | "$SYS_PATH" 334 | 335 | 336 | ## Add new parameters. Read More: https://github.com/hawshemi/Linux-Optimizer/blob/main/files/sysctl.conf 337 | 338 | cat <> "$SYS_PATH" 339 | 340 | 341 | ################################################################ 342 | ################################################################ 343 | 344 | 345 | # /etc/sysctl.conf 346 | # These parameters in this file will be added/updated to the sysctl.conf file. 347 | # Read More: https://github.com/hawshemi/Linux-Optimizer/blob/main/files/sysctl.conf 348 | 349 | 350 | ## File system settings 351 | ## ---------------------------------------------------------------- 352 | 353 | # Set the maximum number of open file descriptors 354 | fs.file-max = 67108864 355 | 356 | 357 | ## Network core settings 358 | ## ---------------------------------------------------------------- 359 | 360 | # Specify default queuing discipline for network devices 361 | net.core.default_qdisc = fq 362 | 363 | # Configure maximum network device backlog 364 | net.core.netdev_max_backlog = 32768 365 | 366 | # Set maximum socket receive buffer 367 | net.core.optmem_max = 262144 368 | 369 | # Define maximum backlog of pending connections 370 | net.core.somaxconn = 65536 371 | 372 | # Configure maximum TCP receive buffer size 373 | net.core.rmem_max = 33554432 374 | 375 | # Set default TCP receive buffer size 376 | net.core.rmem_default = 1048576 377 | 378 | # Configure maximum TCP send buffer size 379 | net.core.wmem_max = 33554432 380 | 381 | # Set default TCP send buffer size 382 | net.core.wmem_default = 1048576 383 | 384 | 385 | ## TCP settings 386 | ## ---------------------------------------------------------------- 387 | 388 | # Define socket receive buffer sizes 389 | net.ipv4.tcp_rmem = 16384 1048576 33554432 390 | 391 | # Specify socket send buffer sizes 392 | net.ipv4.tcp_wmem = 16384 1048576 33554432 393 | 394 | # Set TCP congestion control algorithm to BBR 395 | net.ipv4.tcp_congestion_control = bbr 396 | 397 | # Configure TCP FIN timeout period 398 | net.ipv4.tcp_fin_timeout = 25 399 | 400 | # Set keepalive time (seconds) 401 | net.ipv4.tcp_keepalive_time = 1200 402 | 403 | # Configure keepalive probes count and interval 404 | net.ipv4.tcp_keepalive_probes = 7 405 | net.ipv4.tcp_keepalive_intvl = 30 406 | 407 | # Define maximum orphaned TCP sockets 408 | net.ipv4.tcp_max_orphans = 819200 409 | 410 | # Set maximum TCP SYN backlog 411 | net.ipv4.tcp_max_syn_backlog = 20480 412 | 413 | # Configure maximum TCP Time Wait buckets 414 | net.ipv4.tcp_max_tw_buckets = 1440000 415 | 416 | # Define TCP memory limits 417 | net.ipv4.tcp_mem = 65536 1048576 33554432 418 | 419 | # Enable TCP MTU probing 420 | net.ipv4.tcp_mtu_probing = 1 421 | 422 | # Define minimum amount of data in the send buffer before TCP starts sending 423 | net.ipv4.tcp_notsent_lowat = 32768 424 | 425 | # Specify retries for TCP socket to establish connection 426 | net.ipv4.tcp_retries2 = 8 427 | 428 | # Enable TCP SACK and DSACK 429 | net.ipv4.tcp_sack = 1 430 | net.ipv4.tcp_dsack = 1 431 | 432 | # Disable TCP slow start after idle 433 | net.ipv4.tcp_slow_start_after_idle = 0 434 | 435 | # Enable TCP window scaling 436 | net.ipv4.tcp_window_scaling = 1 437 | net.ipv4.tcp_adv_win_scale = -2 438 | 439 | # Enable TCP ECN 440 | net.ipv4.tcp_ecn = 1 441 | net.ipv4.tcp_ecn_fallback = 1 442 | 443 | # Enable the use of TCP SYN cookies to help protect against SYN flood attacks 444 | net.ipv4.tcp_syncookies = 1 445 | 446 | 447 | ## UDP settings 448 | ## ---------------------------------------------------------------- 449 | 450 | # Define UDP memory limits 451 | net.ipv4.udp_mem = 65536 1048576 33554432 452 | 453 | 454 | ## IPv6 settings 455 | ## ---------------------------------------------------------------- 456 | 457 | # Enable IPv6 458 | #net.ipv6.conf.all.disable_ipv6 = 0 459 | 460 | # Enable IPv6 by default 461 | #net.ipv6.conf.default.disable_ipv6 = 0 462 | 463 | # Enable IPv6 on the loopback interface (lo) 464 | #net.ipv6.conf.lo.disable_ipv6 = 0 465 | 466 | 467 | ## UNIX domain sockets 468 | ## ---------------------------------------------------------------- 469 | 470 | # Set maximum queue length of UNIX domain sockets 471 | net.unix.max_dgram_qlen = 256 472 | 473 | 474 | ## Virtual memory (VM) settings 475 | ## ---------------------------------------------------------------- 476 | 477 | # Specify minimum free Kbytes at which VM pressure happens 478 | vm.min_free_kbytes = 65536 479 | 480 | # Define how aggressively swap memory pages are used 481 | vm.swappiness = 10 482 | 483 | # Set the tendency of the kernel to reclaim memory used for caching of directory and inode objects 484 | vm.vfs_cache_pressure = 250 485 | 486 | 487 | ## Network Configuration 488 | ## ---------------------------------------------------------------- 489 | 490 | # Configure reverse path filtering 491 | net.ipv4.conf.default.rp_filter = 2 492 | net.ipv4.conf.all.rp_filter = 2 493 | 494 | # Disable source route acceptance 495 | net.ipv4.conf.all.accept_source_route = 0 496 | net.ipv4.conf.default.accept_source_route = 0 497 | 498 | # Neighbor table settings 499 | net.ipv4.neigh.default.gc_thresh1 = 512 500 | net.ipv4.neigh.default.gc_thresh2 = 2048 501 | net.ipv4.neigh.default.gc_thresh3 = 16384 502 | net.ipv4.neigh.default.gc_stale_time = 60 503 | 504 | # ARP settings 505 | net.ipv4.conf.default.arp_announce = 2 506 | net.ipv4.conf.lo.arp_announce = 2 507 | net.ipv4.conf.all.arp_announce = 2 508 | 509 | # Kernel panic timeout 510 | kernel.panic = 1 511 | 512 | # Set dirty page ratio for virtual memory 513 | vm.dirty_ratio = 20 514 | 515 | # Strictly limits memory allocation to physical RAM + swap, preventing overcommit and reducing OOM risks. 516 | vm.overcommit_memory = 2 517 | 518 | # Sets overcommit to 100% of RAM when enabled, but ignored here since overcommit_memory = 2 disables it. 519 | vm.overcommit_ratio = 100 520 | 521 | 522 | ################################################################ 523 | ################################################################ 524 | 525 | 526 | EOF 527 | 528 | sudo sysctl -p 529 | 530 | echo 531 | green_msg 'Network is Optimized.' 532 | echo 533 | sleep 0.5 534 | } 535 | 536 | 537 | # Function to find the SSH port and set it in the SSH_PORT variable 538 | find_ssh_port() { 539 | echo 540 | yellow_msg "Finding SSH port..." 541 | echo 542 | 543 | ## Check if the SSH configuration file exists 544 | if [ -e "$SSH_PATH" ]; then 545 | ## Use grep to search for the 'Port' directive in the SSH configuration file 546 | SSH_PORT=$(grep -oP '^Port\s+\K\d+' "$SSH_PATH" 2>/dev/null) 547 | 548 | if [ -n "$SSH_PORT" ]; then 549 | echo 550 | green_msg "SSH port found: $SSH_PORT" 551 | echo 552 | sleep 0.5 553 | else 554 | echo 555 | green_msg "SSH port is default 22." 556 | echo 557 | SSH_PORT=22 558 | sleep 0.5 559 | fi 560 | else 561 | red_msg "SSH configuration file not found at $SSH_PATH" 562 | fi 563 | } 564 | 565 | 566 | # Remove old SSH config to prevent duplicates. 567 | remove_old_ssh_conf() { 568 | ## Make a backup of the original sshd_config file 569 | cp $SSH_PATH /etc/ssh/sshd_config.bak 570 | 571 | echo 572 | yellow_msg 'Default SSH Config file Saved. Directory: /etc/ssh/sshd_config.bak' 573 | echo 574 | sleep 1 575 | 576 | ## Remove these lines 577 | sed -i -e 's/#UseDNS yes/UseDNS no/' \ 578 | -e 's/#Compression no/Compression yes/' \ 579 | -e 's/Ciphers .*/Ciphers aes256-ctr,chacha20-poly1305@openssh.com/' \ 580 | -e '/MaxAuthTries/d' \ 581 | -e '/MaxSessions/d' \ 582 | -e '/TCPKeepAlive/d' \ 583 | -e '/ClientAliveInterval/d' \ 584 | -e '/ClientAliveCountMax/d' \ 585 | -e '/AllowAgentForwarding/d' \ 586 | -e '/AllowTcpForwarding/d' \ 587 | -e '/GatewayPorts/d' \ 588 | -e '/PermitTunnel/d' \ 589 | -e '/X11Forwarding/d' "$SSH_PATH" 590 | 591 | } 592 | # Update SSH config 593 | update_sshd_conf() { 594 | echo 595 | yellow_msg 'Optimizing SSH...' 596 | echo 597 | sleep 0.5 598 | 599 | ## Enable TCP keep-alive messages 600 | echo "TCPKeepAlive yes" | tee -a "$SSH_PATH" 601 | 602 | ## Configure client keep-alive messages 603 | echo "ClientAliveInterval 3000" | tee -a "$SSH_PATH" 604 | echo "ClientAliveCountMax 100" | tee -a "$SSH_PATH" 605 | 606 | ## Allow TCP forwarding 607 | echo "AllowTcpForwarding yes" | tee -a "$SSH_PATH" 608 | 609 | ## Enable gateway ports 610 | echo "GatewayPorts yes" | tee -a "$SSH_PATH" 611 | 612 | ## Enable tunneling 613 | echo "PermitTunnel yes" | tee -a "$SSH_PATH" 614 | 615 | ## Enable X11 graphical interface forwarding 616 | echo "X11Forwarding yes" | tee -a "$SSH_PATH" 617 | 618 | ## Restart the SSH service to apply the changes 619 | sudo systemctl restart ssh 620 | 621 | echo 622 | green_msg 'SSH is Optimized.' 623 | echo 624 | sleep 0.5 625 | } 626 | 627 | 628 | # System Limits Optimizations 629 | limits_optimizations() { 630 | echo 631 | yellow_msg 'Optimizing System Limits...' 632 | echo 633 | sleep 0.5 634 | 635 | ## Clear old ulimits 636 | sed -i '/ulimit -c/d' $PROF_PATH 637 | sed -i '/ulimit -d/d' $PROF_PATH 638 | sed -i '/ulimit -f/d' $PROF_PATH 639 | sed -i '/ulimit -i/d' $PROF_PATH 640 | sed -i '/ulimit -l/d' $PROF_PATH 641 | sed -i '/ulimit -m/d' $PROF_PATH 642 | sed -i '/ulimit -n/d' $PROF_PATH 643 | sed -i '/ulimit -q/d' $PROF_PATH 644 | sed -i '/ulimit -s/d' $PROF_PATH 645 | sed -i '/ulimit -t/d' $PROF_PATH 646 | sed -i '/ulimit -u/d' $PROF_PATH 647 | sed -i '/ulimit -v/d' $PROF_PATH 648 | sed -i '/ulimit -x/d' $PROF_PATH 649 | sed -i '/ulimit -s/d' $PROF_PATH 650 | 651 | 652 | ## Add new ulimits 653 | ## The maximum size of core files created. 654 | echo "ulimit -c unlimited" | tee -a $PROF_PATH 655 | 656 | ## The maximum size of a process's data segment 657 | echo "ulimit -d unlimited" | tee -a $PROF_PATH 658 | 659 | ## The maximum size of files created by the shell (default option) 660 | echo "ulimit -f unlimited" | tee -a $PROF_PATH 661 | 662 | ## The maximum number of pending signals 663 | echo "ulimit -i unlimited" | tee -a $PROF_PATH 664 | 665 | ## The maximum size that may be locked into memory 666 | echo "ulimit -l unlimited" | tee -a $PROF_PATH 667 | 668 | ## The maximum memory size 669 | echo "ulimit -m unlimited" | tee -a $PROF_PATH 670 | 671 | ## The maximum number of open file descriptors 672 | echo "ulimit -n 1048576" | tee -a $PROF_PATH 673 | 674 | ## The maximum POSIX message queue size 675 | echo "ulimit -q unlimited" | tee -a $PROF_PATH 676 | 677 | ## The maximum stack size 678 | echo "ulimit -s -H 65536" | tee -a $PROF_PATH 679 | echo "ulimit -s 32768" | tee -a $PROF_PATH 680 | 681 | ## The maximum number of seconds to be used by each process. 682 | echo "ulimit -t unlimited" | tee -a $PROF_PATH 683 | 684 | ## The maximum number of processes available to a single user 685 | echo "ulimit -u unlimited" | tee -a $PROF_PATH 686 | 687 | ## The maximum amount of virtual memory available to the process 688 | echo "ulimit -v unlimited" | tee -a $PROF_PATH 689 | 690 | ## The maximum number of file locks 691 | echo "ulimit -x unlimited" | tee -a $PROF_PATH 692 | 693 | 694 | echo 695 | green_msg 'System Limits are Optimized.' 696 | echo 697 | sleep 0.5 698 | } 699 | 700 | 701 | # UFW Optimizations 702 | ufw_optimizations() { 703 | echo 704 | yellow_msg 'Installing & Optimizing UFW...' 705 | echo 706 | sleep 0.5 707 | 708 | ## Purge firewalld to install UFW. 709 | sudo apt -y purge firewalld 710 | 711 | ## Install UFW if it isn't installed. 712 | sudo apt update -q 713 | sudo apt install -y ufw 714 | 715 | ## Disable UFW 716 | sudo ufw disable 717 | 718 | ## Open default ports. 719 | sudo ufw allow $SSH_PORT 720 | sudo ufw allow 80/tcp 721 | sudo ufw allow 80/udp 722 | sudo ufw allow 443/tcp 723 | sudo ufw allow 443/udp 724 | sleep 0.5 725 | 726 | ## Change the UFW config to use System config. 727 | sed -i 's+/etc/ufw/sysctl.conf+/etc/sysctl.conf+gI' /etc/default/ufw 728 | 729 | ## Enable & Reload 730 | echo "y" | sudo ufw enable 731 | sudo ufw reload 732 | echo 733 | green_msg 'UFW is Installed & Optimized. (Open your custom ports manually.)' 734 | echo 735 | sleep 0.5 736 | } 737 | 738 | 739 | # Show the Menu 740 | show_menu() { 741 | echo 742 | yellow_msg 'Choose One Option: ' 743 | echo 744 | green_msg '1 - Apply Everything + XanMod Kernel. (RECOMMENDED)' 745 | echo 746 | green_msg '2 - Install XanMod Kernel.' 747 | echo 748 | green_msg '3 - Complete Update + Useful Packages + Make SWAP + Optimize Network, SSH & System Limits + UFW' 749 | green_msg '4 - Complete Update + Make SWAP + Optimize Network, SSH & System Limits + UFW' 750 | green_msg '5 - Complete Update + Make SWAP + Optimize Network, SSH & System Limits' 751 | echo 752 | green_msg '6 - Complete Update & Clean the OS.' 753 | green_msg '7 - Install Useful Packages.' 754 | green_msg '8 - Make SWAP (2Gb).' 755 | green_msg '9 - Optimize the Network, SSH & System Limits.' 756 | echo 757 | green_msg '10 - Optimize the Network settings.' 758 | green_msg '11 - Optimize the SSH settings.' 759 | green_msg '12 - Optimize the System Limits.' 760 | echo 761 | green_msg '13 - Install & Optimize UFW.' 762 | echo 763 | red_msg 'q - Exit.' 764 | echo 765 | } 766 | 767 | 768 | # Choosing Program 769 | main() { 770 | while true; do 771 | show_menu 772 | read -p 'Enter Your Choice: ' choice 773 | case $choice in 774 | 1) 775 | apply_everything 776 | 777 | echo 778 | green_msg '=========================' 779 | green_msg 'Done.' 780 | green_msg '=========================' 781 | 782 | ask_reboot 783 | ;; 784 | 785 | 2) 786 | complete_update 787 | sleep 0.5 788 | 789 | install_xanmod 790 | sleep 0.5 791 | 792 | echo 793 | green_msg '=========================' 794 | green_msg 'Done.' 795 | green_msg '=========================' 796 | 797 | ask_reboot 798 | ;; 799 | 3) 800 | complete_update 801 | sleep 0.5 802 | 803 | installations 804 | enable_packages 805 | sleep 0.5 806 | 807 | swap_maker 808 | sleep 0.5 809 | 810 | sysctl_optimizations 811 | sleep 0.5 812 | 813 | remove_old_ssh_conf 814 | sleep 0.5 815 | 816 | update_sshd_conf 817 | sleep 0.5 818 | 819 | limits_optimizations 820 | sleep 0.5 821 | 822 | find_ssh_port 823 | ufw_optimizations 824 | sleep 0.5 825 | 826 | echo 827 | green_msg '=========================' 828 | green_msg 'Done.' 829 | green_msg '=========================' 830 | 831 | ask_reboot 832 | ;; 833 | 4) 834 | complete_update 835 | sleep 0.5 836 | 837 | swap_maker 838 | sleep 0.5 839 | 840 | sysctl_optimizations 841 | sleep 0.5 842 | 843 | remove_old_ssh_conf 844 | sleep 0.5 845 | 846 | update_sshd_conf 847 | sleep 0.5 848 | 849 | limits_optimizations 850 | sleep 0.5 851 | 852 | find_ssh_port 853 | ufw_optimizations 854 | sleep 0.5 855 | 856 | echo 857 | green_msg '=========================' 858 | green_msg 'Done.' 859 | green_msg '=========================' 860 | 861 | ask_reboot 862 | ;; 863 | 5) 864 | complete_update 865 | sleep 0.5 866 | 867 | swap_maker 868 | sleep 0.5 869 | 870 | sysctl_optimizations 871 | sleep 0.5 872 | 873 | remove_old_ssh_conf 874 | sleep 0.5 875 | 876 | update_sshd_conf 877 | sleep 0.5 878 | 879 | limits_optimizations 880 | sleep 0.5 881 | 882 | echo 883 | green_msg '=========================' 884 | green_msg 'Done.' 885 | green_msg '=========================' 886 | 887 | ask_reboot 888 | ;; 889 | 6) 890 | complete_update 891 | sleep 0.5 892 | 893 | echo 894 | green_msg '=========================' 895 | green_msg 'Done.' 896 | green_msg '=========================' 897 | 898 | ask_reboot 899 | ;; 900 | 901 | 7) 902 | complete_update 903 | sleep 0.5 904 | 905 | installations 906 | enable_packages 907 | sleep 0.5 908 | 909 | echo 910 | green_msg '=========================' 911 | green_msg 'Done.' 912 | green_msg '=========================' 913 | 914 | ask_reboot 915 | ;; 916 | 8) 917 | swap_maker 918 | sleep 0.5 919 | 920 | echo 921 | green_msg '=========================' 922 | green_msg 'Done.' 923 | green_msg '=========================' 924 | 925 | ask_reboot 926 | ;; 927 | 9) 928 | sysctl_optimizations 929 | sleep 0.5 930 | 931 | remove_old_ssh_conf 932 | sleep 0.5 933 | 934 | update_sshd_conf 935 | sleep 0.5 936 | 937 | limits_optimizations 938 | sleep 0.5 939 | 940 | echo 941 | green_msg '=========================' 942 | green_msg 'Done.' 943 | green_msg '=========================' 944 | 945 | ask_reboot 946 | ;; 947 | 10) 948 | sysctl_optimizations 949 | sleep 0.5 950 | 951 | echo 952 | green_msg '=========================' 953 | green_msg 'Done.' 954 | green_msg '=========================' 955 | 956 | ;; 957 | 11) 958 | remove_old_ssh_conf 959 | sleep 0.5 960 | 961 | update_sshd_conf 962 | sleep 0.5 963 | 964 | echo 965 | green_msg '=========================' 966 | green_msg 'Done.' 967 | green_msg '=========================' 968 | 969 | ;; 970 | 12) 971 | limits_optimizations 972 | sleep 0.5 973 | 974 | echo 975 | green_msg '=========================' 976 | green_msg 'Done.' 977 | green_msg '=========================' 978 | 979 | ask_reboot 980 | ;; 981 | 13) 982 | find_ssh_port 983 | ufw_optimizations 984 | sleep 0.5 985 | 986 | echo 987 | green_msg '=========================' 988 | green_msg 'Done.' 989 | green_msg '=========================' 990 | 991 | ;; 992 | q) 993 | exit 0 994 | ;; 995 | 996 | *) 997 | red_msg 'Wrong input!' 998 | ;; 999 | esac 1000 | done 1001 | } 1002 | 1003 | 1004 | # Apply Everything 1005 | apply_everything() { 1006 | 1007 | complete_update 1008 | sleep 0.5 1009 | 1010 | disable_terminal_ads 1011 | sleep 0.5 1012 | 1013 | install_xanmod 1014 | sleep 0.5 1015 | 1016 | installations 1017 | enable_packages 1018 | sleep 0.5 1019 | 1020 | swap_maker 1021 | sleep 0.5 1022 | 1023 | sysctl_optimizations 1024 | sleep 0.5 1025 | 1026 | remove_old_ssh_conf 1027 | sleep 0.5 1028 | 1029 | update_sshd_conf 1030 | sleep 0.5 1031 | 1032 | limits_optimizations 1033 | sleep 0.5 1034 | 1035 | find_ssh_port 1036 | ufw_optimizations 1037 | sleep 0.5 1038 | } 1039 | 1040 | 1041 | main 1042 | --------------------------------------------------------------------------------