Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account

Shulou

Introduction of sysctl Command parameters of Linux system

2025-03-29 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Development >

Share

Shulou(Shulou.com)06/03 Report--

This article mainly introduces "introduction of sysctl command parameters of Linux system". In daily operation, I believe many people have doubts about the introduction of sysctl command parameters of Linux system. The editor consulted all kinds of materials and sorted out simple and easy-to-use operation methods. I hope it will be helpful to answer the doubts of "introduction of sysctl command parameters of Linux system". Next, please follow the editor to study!

The Linux kernel exports kernel information to users through the / proc virtual file system, and users can also configure the kernel dynamically through the / proc file system or through the sysctl command. For example, if we want to start NAT, we need to start kernel forwarding in addition to loading modules and configuring firewalls. We have three ways:

1. Write / proc file system directly

# echo 1 > / proc/sys/net/ipv4/ip_forward

two。 Using the sysctl command

# sysctl-w net.ipv4.ip_forward=1

Sysctl-a can view all kernel exported variables

3. Edit / etc/sysctl.conf

Add the following line so that every time the system starts, the value of the variable is 1

Net.ipv4.ip_forward = 1

Sysctl is a command in procfs software, and the package also provides commands such as w, ps, vmstat, pgrep, pkill, top, slabtop and so on.

Sysctl configuration and kernel parameters displayed in the / proc/sys directory. You can use sysctl to set or reset networking features such as IP forwarding, IP fragmentation, and source route checking. Users only need to edit the / etc/sysctl.conf file to perform the functions controlled by sysctl manually or automatically.

Command format: sysctl [- n] [- e]-w variable=value sysctl [- n] [- e]-p (default / etc/sysctl.conf) sysctl [- n] [- e]-a meaning of common parameters:-w temporarily change the value of a specified parameter, such as sysctl-w net.ipv4.ip_forward=1-a displays all system parameters-p loads system parameters from the specified file, or loads them from / etc/sysctl.conf if not specified

If you just want to change the value of a system parameter temporarily, you can do it in two ways. For example, if you want to enable IP routing and forwarding: 1) # echo 1 > / proc/sys/net/ipv4/ip_forward 2) # sysctl-w net.ipv4.ip_forward=1, both of the above two methods may turn on the routing function immediately, but if the system restarts or executes the # service network restart command, the set value will be lost. If you want to keep the configuration permanently, you can modify the / etc/sysctl.conf file to change net.ipv4.ip_forward=0 to net.ipv4.ip_forward=1

Sysctl is an interface that allows you to change a running Linux system. It includes some advanced options for TCP/IP stacks and virtual memory systems, which allow experienced administrators to improve eye-catching system performance. You can read and set more than five hundred system variables with sysctl. Based on this, sysctl (8) provides two functions: reading and modifying system settings.

View all readable variables:

% sysctl-a

Read a specified variable, such as kern.maxproc:

% sysctl kern.maxprockern.maxproc: 1044

To set a specified variable, use syntax such as variable=value directly:

# sysctl kern.maxfiles=5000

Kern.maxfiles: 2088-> 5000

You can use sysctl to modify system variables, or you can modify system variables by editing the sysctl.conf file. Sysctl.conf looks a lot like rc.conf. It uses

Set the value in the form of variable=value. The specified value is set after the system enters multi-user mode. Not all variables can be set in this mode.

The sysctl variable is usually set as a string, number, or Boolean. (Boolean means 1 for 'yes',' and 0 for 'no').

Sysctl-w kernel.sysrq=0

Sysctl-w kernel.core_uses_pid=1

Sysctl-w net.ipv4.conf.default.accept_redirects=0

Sysctl-w net.ipv4.conf.default.accept_source_route=0

Sysctl-w net.ipv4.conf.default.rp_filter=1

Sysctl-w net.ipv4.tcp_syncookies=1

Sysctl-w net.ipv4.tcp_max_syn_backlog=2048

Sysctl-w net.ipv4.tcp_fin_timeout=30

Sysctl-w net.ipv4.tcp_synack_retries=2

Sysctl-w net.ipv4.tcp_keepalive_time=3600

Sysctl-w net.ipv4.tcp_window_scaling=1

Sysctl-w net.ipv4.tcp_sack=1

Configure sysctl

Edit this file:

Vi / etc/sysctl.conf

If the file is empty, enter the following, otherwise adjust yourself according to the situation:

# Controls source route verification

# Default should work for all interfaces

Net.ipv4.conf.default.rp_filter = 1

# net.ipv4.conf.all.rp_filter = 1

# net.ipv4.conf.lo.rp_filter = 1

# net.ipv4.conf.eth0.rp_filter = 1

# Disables IP source routing

# Default should work for all interfaces

Net.ipv4.conf.default.accept_source_route = 0

# net.ipv4.conf.all.accept_source_route = 0

# net.ipv4.conf.lo.accept_source_route = 0

# net.ipv4.conf.eth0.accept_source_route = 0

# Controls the System Request debugging functionality of the kernel

Kernel.sysrq = 0

# Controls whether core dumps will append the PID to the core filename.

# Useful for debugging multi-threaded applications.

Kernel.core_uses_pid = 1

# Increase maximum amount of memory allocated to shm

# Only uncomment if needed!

# kernel.shmmax = 67108864

# Disable ICMP Redirect Acceptance

# Default should work for all interfaces

Net.ipv4.conf.default.accept_redirects = 0

# net.ipv4.conf.all.accept_redirects = 0

# net.ipv4.conf.lo.accept_redirects = 0

# net.ipv4.conf.eth0.accept_redirects = 0

# Enable Log Spoofed Packets, Source Routed Packets, Redirect Packets

# Default should work for all interfaces

Net.ipv4.conf.default.log_martians = 1

# net.ipv4.conf.all.log_martians = 1

# net.ipv4.conf.lo.log_martians = 1

# net.ipv4.conf.eth0.log_martians = 1

# Decrease the time default value for tcp_fin_timeout connection

Net.ipv4.tcp_fin_timeout = 25

# Decrease the time default value for tcp_keepalive_time connection

Net.ipv4.tcp_keepalive_time = 1200

# Turn on the tcp_window_scaling

Net.ipv4.tcp_window_scaling = 1

# Turn on the tcp_sack

Net.ipv4.tcp_sack = 1

# tcp_fack should be on because of sack

Net.ipv4.tcp_fack = 1

# Turn on the tcp_timestamps

Net.ipv4.tcp_timestamps = 1

# Enable TCP SYN Cookie Protection

Net.ipv4.tcp_syncookies = 1

# Enable ignoring broadcasts request

Net.ipv4.icmp_echo_ignore_broadcasts = 1

# Enable bad error message Protection

Net.ipv4.icmp_ignore_bogus_error_responses = 1

# Make more local ports available

# net.ipv4.ip_local_port_range = 1024 65000

# Set TCP Re-Ordering value in kernel to'5'

Net.ipv4.tcp_reordering = 5

# Lower syn retry rates

Net.ipv4.tcp_synack_retries = 2

Net.ipv4.tcp_syn_retries = 3

# Set Max SYN Backlog to '2048'

Net.ipv4.tcp_max_syn_backlog = 2048

# Various Settings

Net.core.netdev_max_backlog = 1024

# Increase the maximum number of skb-heads to be cached

Net.core.hot_list_length = 256

# Increase the tcp-time-wait buckets pool size

Net.ipv4.tcp_max_tw_buckets = 360000

# This will increase the amount of memory available for socket input/output queues

Net.core.rmem_default = 65535

Net.core.rmem_max = 8388608

Net.ipv4.tcp_rmem = 4096 87380 8388608

Net.core.wmem_default = 65535

Net.core.wmem_max = 8388608

Net.ipv4.tcp_wmem = 4096 65535 8388608

Net.ipv4.tcp_mem = 8388608 8388608 8388608

Net.core.optmem_max = 40960

If you want to block others from ping your host, add the following code:

# Disable ping requests

Net.ipv4.icmp_echo_ignore_all = 1

After editing, execute the following command to make the changes take effect immediately:

/ sbin/sysctl-p

/ sbin/sysctl-w net.ipv4.route.flush=1

In the / proc/sys directory of Linux, we often manually set some kernel parameters or directly echo specific values to a virtual file under proc, and open some files, such as setting IP Forwarding to start automatically when boot:

Echo "1" > / proc/sys/net/ipv4/ip_forward

In fact, in Linux we can also use sysctl command to easily view, set or automatically configure specific kernel settings. We can enter "sysctl-a" at the prompt, and the summary is as follows: abi.defhandler_coff = 117440515

Dev.raid.speed_limit_max = 100000

Net.ipv4.conf.default.send_redirects = 1

Net.ipv4.conf.default.secure_redirects = 1

Net.ipv4.conf.default.accept_redirects = 1

Net.ipv4.conf.default.mc_forwarding = 0

Net.ipv4.neigh.lo.delay_first_probe_time = 5

Net.ipv4.neigh.lo.base_reachable_time = 30

Net.ipv4.icmp_ratelimit = 100

Net.ipv4.inet_peer_gc_mintime = 10

Net.ipv4.igmp_max_memberships = 20

Net.ipv4.ip_no_pmtu_disc = 0

Net.core.no_cong_thresh = 20

Net.core.netdev_max_backlog = 300

Net.core.rmem_default = 65535

Net.core.wmem_max = 65535

Vm.kswapd = 512 32 8

Vm.overcommit_memory = 0

Vm.bdflush = 30 64 64 256 500 3000 60 00

Vm.freepages = 351702 1053

Kernel.sem = 250 32000 32 128

Kernel.panic = 0

Kernel.domainname = (none)

Kernel.hostname = pc02.shinewave.com.tw

Kernel.version = # 1 Tue Oct 30 20:11:04 EST 2001

Kernel.osrelease = 2.4.9-13

Kernel.ostype = Linux

Fs.dentry-state = 1611 45000

Fs.file-nr = 1121 73 8192

Fs.inode-state = 1333 0 000 0 0

From the above syntax, we can probably see that the representation of sysctl is to express the directory structure of "/" with "." and link down layer by layer. Of course, giving a virtual file under proc with a specific value of echo can also be represented by sysctl, for example:

# sysctl-w net.ipv4.ip_forward = "1"

Or you can add, delete or modify the 0J1 value of a specific file directly in / etc/sysctl.conf:

# Enables packet forwarding

Net.ipv4.ip_forward = 1

# Enables source route verification

Net.ipv4.conf.default.rp_filter = 1

# Disables the magic-sysrq key

Kernel.sysrq = 0

Of course, if it is still valid after considering reboot, directly add, delete and modify the 0Magne1 value of a specific file in / etc/sysctl.conf to make it retain the setting (take RedHat as an example, every time the boot system starts, init will execute / etc/rc.d/rc.sysinit, and then use the default value of / etc/sysctl.conf to execute sysctl).

Related reference files:

/ sbin/sysctl

/ etc/sysctl.conf

Sysctl and sysctl.conf manpage

/ usr/src/linux-x.y.z/Documentation/sysctl/*

/ usr/share/doc/kernel-doc-x.y.z/sysctl/* (RedHat)

Http://hi.baidu.com/caosicong/blog/item/0a592360d438cfda8db10d9b.html

Http://hi.baidu.com/phpfamer/blog/item/932e276eb39c30de80cb4a3c.htmlsysctl configuration and kernel parameters displayed in the / proc/sys directory. You can use sysctl to set or reset networking features such as IP forwarding, IP fragmentation, and source route checking. Users only need to edit the / etc/sysctl.conf file to perform the functions controlled by sysctl manually or automatically. Command format: sysctl [- n] [- e]-w variable=value sysctl [- n] [- e]

-p (default / etc/sysctl.conf) sysctl [- n] [- e]-a meaning of common parameters:-w temporarily change the value of a specified parameter, for example, sysctl-w net.ipv4.ip_forward=1-a displays all system parameters-p loads system parameters from the specified file, if not specified, loads from / etc/sysctl.conf if you just want to temporarily change the value of a system parameter It can be implemented in two ways, for example, if you want to enable IP routing forwarding: 1)

# echo 1 > / proc/sys/net/ipv4/ip_forward 2) both of the above two methods can enable routing immediately, but if the system is rebooted or the # service network restart command is executed, the set value will be lost. If you want to keep the configuration permanently, you can modify the / etc/sysctl.conf file to change net.ipv4.ip_forward=0 to net.ipv4.ip_forward=1.

Sysctl is an interface that allows you to change a running Linux system. It includes some advanced options for TCP/IP stacks and virtual memory systems, which allow experienced administrators to improve eye-catching system performance. You can read and set more than five hundred system variables with sysctl. Based on this, sysctl (8) provides two functions: reading and modifying system settings.

View all readable variables:

% sysctl-a

Read a specified variable, such as kern.maxproc:

% sysctl kern.maxprockern.maxproc: 1044

To set a specified variable, use syntax such as variable=value directly:

# sysctl kern.maxfiles=5000

Kern.maxfiles: 2088-> 5000

You can use sysctl to modify system variables, or you can modify system variables by editing the sysctl.conf file. Sysctl.conf looks a lot like rc.conf. It uses

Set the value in the form of variable=value. The specified value is set after the system enters multi-user mode. Not all variables can be set in this mode.

The sysctl variable is usually set as a string, number, or Boolean. (Boolean means 1 for 'yes',' and 0 for 'no').

Sysctl-w kernel.sysrq=0

Sysctl-w kernel.core_uses_pid=1

Sysctl-w net.ipv4.conf.default.accept_redirects=0

Sysctl-w net.ipv4.conf.default.accept_source_route=0

Sysctl-w net.ipv4.conf.default.rp_filter=1

Sysctl-w net.ipv4.tcp_syncookies=1

Sysctl-w net.ipv4.tcp_max_syn_backlog=2048

Sysctl-w net.ipv4.tcp_fin_timeout=30

Sysctl-w net.ipv4.tcp_synack_retries=2

Sysctl-w net.ipv4.tcp_keepalive_time=3600

Sysctl-w net.ipv4.tcp_window_scaling=1

Sysctl-w net.ipv4.tcp_sack=1

Configure sysctl

Edit this file:

Vi / etc/sysctl.conf

If the file is empty, enter the following, otherwise adjust yourself according to the situation:

# Controls source route verification

# Default should work for all interfaces

Net.ipv4.conf.default.rp_filter = 1

# net.ipv4.conf.all.rp_filter = 1

# net.ipv4.conf.lo.rp_filter = 1

# net.ipv4.conf.eth0.rp_filter = 1

# Disables IP source routing

# Default should work for all interfaces

Net.ipv4.conf.default.accept_source_route = 0

# net.ipv4.conf.all.accept_source_route = 0

# net.ipv4.conf.lo.accept_source_route = 0

# net.ipv4.conf.eth0.accept_source_route = 0

# Controls the System Request debugging functionality of the kernel

Kernel.sysrq = 0

# Controls whether core dumps will append the PID to the core filename.

# Useful for debugging multi-threaded applications.

Kernel.core_uses_pid = 1

# Increase maximum amount of memory allocated to shm

# Only uncomment if needed!

# kernel.shmmax = 67108864

# Disable ICMP Redirect Acceptance

# Default should work for all interfaces

Net.ipv4.conf.default.accept_redirects = 0

# net.ipv4.conf.all.accept_redirects = 0

# net.ipv4.conf.lo.accept_redirects = 0

# net.ipv4.conf.eth0.accept_redirects = 0

# Enable Log Spoofed Packets, Source Routed Packets, Redirect Packets

# Default should work for all interfaces

Net.ipv4.conf.default.log_martians = 1

# net.ipv4.conf.all.log_martians = 1

# net.ipv4.conf.lo.log_martians = 1

# net.ipv4.conf.eth0.log_martians = 1

# Decrease the time default value for tcp_fin_timeout connection

Net.ipv4.tcp_fin_timeout = 25

# Decrease the time default value for tcp_keepalive_time connection

Net.ipv4.tcp_keepalive_time = 1200

# Turn on the tcp_window_scaling

Net.ipv4.tcp_window_scaling = 1

# Turn on the tcp_sack

Net.ipv4.tcp_sack = 1

# tcp_fack should be on because of sack

Net.ipv4.tcp_fack = 1

# Turn on the tcp_timestamps

Net.ipv4.tcp_timestamps = 1

# Enable TCP SYN Cookie Protection

Net.ipv4.tcp_syncookies = 1

# Enable ignoring broadcasts request

Net.ipv4.icmp_echo_ignore_broadcasts = 1

# Enable bad error message Protection

Net.ipv4.icmp_ignore_bogus_error_responses = 1

# Make more local ports available

# net.ipv4.ip_local_port_range = 1024 65000

# Set TCP Re-Ordering value in kernel to'5'

Net.ipv4.tcp_reordering = 5

# Lower syn retry rates

Net.ipv4.tcp_synack_retries = 2

Net.ipv4.tcp_syn_retries = 3

# Set Max SYN Backlog to '2048'

Net.ipv4.tcp_max_syn_backlog = 2048

# Various Settings

Net.core.netdev_max_backlog = 1024

# Increase the maximum number of skb-heads to be cached

Net.core.hot_list_length = 256

# Increase the tcp-time-wait buckets pool size

Net.ipv4.tcp_max_tw_buckets = 360000

# This will increase the amount of memory available for socket input/output queues

Net.core.rmem_default = 65535

Net.core.rmem_max = 8388608

Net.ipv4.tcp_rmem = 4096 87380 8388608

Net.core.wmem_default = 65535

Net.core.wmem_max = 8388608

Net.ipv4.tcp_wmem = 4096 65535 8388608

Net.ipv4.tcp_mem = 8388608 8388608 8388608

Net.core.optmem_max = 40960

If you want to block others from ping your host, add the following code:

# Disable ping requests

Net.ipv4.icmp_echo_ignore_all = 1

After editing, execute the following command to make the changes take effect immediately:

/ sbin/sysctl-p

/ sbin/sysctl-w net.ipv4.route.flush=1

In the / proc/sys directory of Linux, we often manually set some kernel parameters or directly echo specific values to a virtual file under proc, and open some files, such as setting IP Forwarding to start automatically when boot:

Echo "1" > / proc/sys/net/ipv4/ip_forward

In fact, in Linux we can also use sysctl command to easily view, set or automatically configure specific kernel settings. We can enter "sysctl-a" at the prompt, and the summary is as follows: abi.defhandler_coff = 117440515

Dev.raid.speed_limit_max = 100000

Net.ipv4.conf.default.send_redirects = 1

Net.ipv4.conf.default.secure_redirects = 1

Net.ipv4.conf.default.accept_redirects = 1

Net.ipv4.conf.default.mc_forwarding = 0

Net.ipv4.neigh.lo.delay_first_probe_time = 5

Net.ipv4.neigh.lo.base_reachable_time = 30

Net.ipv4.icmp_ratelimit = 100

Net.ipv4.inet_peer_gc_mintime = 10

Net.ipv4.igmp_max_memberships = 20

Net.ipv4.ip_no_pmtu_disc = 0

Net.core.no_cong_thresh = 20

Net.core.netdev_max_backlog = 300

Net.core.rmem_default = 65535

Net.core.wmem_max = 65535

Vm.kswapd = 512 32 8

Vm.overcommit_memory = 0

Vm.bdflush = 30 64 64 256 500 3000 60 00

Vm.freepages = 351702 1053

Kernel.sem = 250 32000 32 128

Kernel.panic = 0

Kernel.domainname = (none)

Kernel.hostname = pc02.shinewave.com.tw

Kernel.version = # 1 Tue Oct 30 20:11:04 EST 2001

Kernel.osrelease = 2.4.9-13

Kernel.ostype = Linux

Fs.dentry-state = 1611 45000

Fs.file-nr = 1121 73 8192

Fs.inode-state = 1333 0 000 0 0

From the above syntax, we can probably see that the representation of sysctl is to express the directory structure of "/" with "." and link down layer by layer. Of course, giving a virtual file under proc with a specific value of echo can also be represented by sysctl, for example:

# sysctl-w net.ipv4.ip_forward = "1"

Or you can add, delete or modify the 0J1 value of a specific file directly in / etc/sysctl.conf:

# Enables packet forwarding

Net.ipv4.ip_forward = 1

# Enables source route verification

Net.ipv4.conf.default.rp_filter = 1

# Disables the magic-sysrq key

Kernel.sysrq = 0

Of course, if it is still valid after considering reboot, directly add, delete and modify the 0Magne1 value of a specific file in / etc/sysctl.conf to make it retain the setting (take RedHat as an example, every time the boot system starts, init will execute / etc/rc.d/rc.sysinit, and then use the default value of / etc/sysctl.conf to execute sysctl).

At this point, the study on the "introduction of sysctl command parameters of the Linux system" is over. I hope to be able to solve your doubts. The collocation of theory and practice can better help you learn, go and try it! If you want to continue to learn more related knowledge, please continue to follow the website, the editor will continue to work hard to bring you more practical articles!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 0

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Share To

Development

Wechat

© 2024 shulou.com SLNews company. All rights reserved.

12
Report