4.5.1 Ensure sockthresh is configured

Information

The sockthresh parameter value determines what percentage of the total memory allocated to networking, set via thewall can be used for sockets.

The sockthresh parameterwill be set to 60 This means that 60% of network memory can be used to service new socket connections, the remaining 40% is reserved for existing sockets. This ensures a quality of service for existing connections.

Solution

In /etc/tunables/nextboot add the sockthresh entry:

no -p -o sockthresh=60

This makes the change permanent by adding the entry into /etc/tunables/nextboot

See Also

https://workbench.cisecurity.org/benchmarks/10385

Item Details

Category: SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|SC-7(12)

Plugin: Unix

Control ID: 947e30b896661ef9a79af49cee5fcb49a51f76e5166d5fdb928c576811e35723