BestHub
Sign in
Operations 7 min read

Boost Linux Server Performance: Essential Kernel and Sysctl Tweaks

Learn how to optimize Linux server performance by permanently disabling SELinux, setting runlevel 3, increasing file descriptor limits, fine-tuning kernel network parameters via /etc/sysctl.conf, configuring firewall settings, and handling common issues such as too many open files and connection timeouts.

Raymond Ops
Raymond Ops
Raymond Ops
Boost Linux Server Performance: Essential Kernel and Sysctl Tweaks

Permanently Disable SELinux

SELinux improves security but can cause trouble; to disable edit /etc/selinux/config, change SELINUX=enforcing to SELINUX=disabled, save and reboot.

# vim /etc/selinux/config
# reboot

Set System Runlevel to 3

Running at runlevel 3 saves resources. Edit /etc/inittab to set initdefault to 3 or use init 3.

# grep 3:initdefault /etc/inittab
id:3:initdefault:
# init 3

Increase Maximum File Descriptors

Edit /etc/security/limits.conf and set higher soft and hard limits for nofile and nproc for all users.

* soft nofile 65536
* hard nofile 65536
* soft nproc 65536
* hard nproc 65536

Explanation: * applies to all users; nofile is max open files; nproc is max processes.

Adjust Kernel Network Parameters (/etc/sysctl.conf)

Modify network settings to improve load handling and prevent packet loss.

net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_fin_timeout = 30
net.ipv4.tcp_keepalive_time = 1200
net.ipv4.ip_local_port_range = 1024 65000
net.ipv4.tcp_max_syn_backlog = 8192
net.nf_conntrack_max = 655360
Enables SYN cookies, reuses TIME‑WAIT sockets, recycles them, reduces FIN timeout, shortens keepalive interval, expands local port range, enlarges SYN backlog, and raises conntrack table size.

Firewall‑Related Sysctl Settings

Add the above parameters to the end of /etc/sysctl.conf (or sysctl.conf.first) and apply with sysctl -p.

Common Exceptions

Too many open files – caused by high concurrency or not closing I/O; resolve by increasing file descriptor limits.

Connection timeout – often due to many TIME_WAIT sockets; fix by correcting application behavior and adjusting kernel/network settings.

Useful Commands

Check network socket states:

netstat -n | awk '/^tcp/ {++state[$NF]} END {for(key in state) print key, "\t", state[key]}'

State descriptions: CLOSED, LISTEN, SYN_RECV, SYN_SENT, ESTABLISHED, FIN_WAIT1, FIN_WAIT2, TIME_WAIT, LAST_ACK, etc.

Conclusion

Linux offers many tunable kernel parameters; proper adjustments can significantly boost server processing capability.

Original Source

Signed-in readers can open the original source through BestHub's protected redirect.

Sign in to view source
Republication Notice

This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactadmin@besthub.devand we will review it promptly.

Operationsperformance tuningLinuxsysctlKernel Parameters
Raymond Ops
Written by

Raymond Ops

Linux ops automation, cloud-native, Kubernetes, SRE, DevOps, Python, Golang and related tech discussions.

0 followers
Reader feedback

How this landed with the community

Sign in to like

Rate this article

Was this worth your time?

Sign in to rate
Discussion

0 Comments

Thoughtful readers leave field notes, pushback, and hard-won operational detail here.

Sign in to comment