In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-04-18 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Development >
Share
Shulou(Shulou.com)06/03 Report--
This article mainly introduces "introduction of sysctl command parameters of Linux system". In daily operation, I believe many people have doubts about the introduction of sysctl command parameters of Linux system. The editor consulted all kinds of materials and sorted out simple and easy-to-use operation methods. I hope it will be helpful to answer the doubts of "introduction of sysctl command parameters of Linux system". Next, please follow the editor to study!
The Linux kernel exports kernel information to users through the / proc virtual file system, and users can also configure the kernel dynamically through the / proc file system or through the sysctl command. For example, if we want to start NAT, we need to start kernel forwarding in addition to loading modules and configuring firewalls. We have three ways:
1. Write / proc file system directly
# echo 1 > / proc/sys/net/ipv4/ip_forward
two。 Using the sysctl command
# sysctl-w net.ipv4.ip_forward=1
Sysctl-a can view all kernel exported variables
3. Edit / etc/sysctl.conf
Add the following line so that every time the system starts, the value of the variable is 1
Net.ipv4.ip_forward = 1
Sysctl is a command in procfs software, and the package also provides commands such as w, ps, vmstat, pgrep, pkill, top, slabtop and so on.
Sysctl configuration and kernel parameters displayed in the / proc/sys directory. You can use sysctl to set or reset networking features such as IP forwarding, IP fragmentation, and source route checking. Users only need to edit the / etc/sysctl.conf file to perform the functions controlled by sysctl manually or automatically.
Command format: sysctl [- n] [- e]-w variable=value sysctl [- n] [- e]-p (default / etc/sysctl.conf) sysctl [- n] [- e]-a meaning of common parameters:-w temporarily change the value of a specified parameter, such as sysctl-w net.ipv4.ip_forward=1-a displays all system parameters-p loads system parameters from the specified file, or loads them from / etc/sysctl.conf if not specified
If you just want to change the value of a system parameter temporarily, you can do it in two ways. For example, if you want to enable IP routing and forwarding: 1) # echo 1 > / proc/sys/net/ipv4/ip_forward 2) # sysctl-w net.ipv4.ip_forward=1, both of the above two methods may turn on the routing function immediately, but if the system restarts or executes the # service network restart command, the set value will be lost. If you want to keep the configuration permanently, you can modify the / etc/sysctl.conf file to change net.ipv4.ip_forward=0 to net.ipv4.ip_forward=1
Sysctl is an interface that allows you to change a running Linux system. It includes some advanced options for TCP/IP stacks and virtual memory systems, which allow experienced administrators to improve eye-catching system performance. You can read and set more than five hundred system variables with sysctl. Based on this, sysctl (8) provides two functions: reading and modifying system settings.
View all readable variables:
% sysctl-a
Read a specified variable, such as kern.maxproc:
% sysctl kern.maxprockern.maxproc: 1044
To set a specified variable, use syntax such as variable=value directly:
# sysctl kern.maxfiles=5000
Kern.maxfiles: 2088-> 5000
You can use sysctl to modify system variables, or you can modify system variables by editing the sysctl.conf file. Sysctl.conf looks a lot like rc.conf. It uses
Set the value in the form of variable=value. The specified value is set after the system enters multi-user mode. Not all variables can be set in this mode.
The sysctl variable is usually set as a string, number, or Boolean. (Boolean means 1 for 'yes',' and 0 for 'no').
Sysctl-w kernel.sysrq=0
Sysctl-w kernel.core_uses_pid=1
Sysctl-w net.ipv4.conf.default.accept_redirects=0
Sysctl-w net.ipv4.conf.default.accept_source_route=0
Sysctl-w net.ipv4.conf.default.rp_filter=1
Sysctl-w net.ipv4.tcp_syncookies=1
Sysctl-w net.ipv4.tcp_max_syn_backlog=2048
Sysctl-w net.ipv4.tcp_fin_timeout=30
Sysctl-w net.ipv4.tcp_synack_retries=2
Sysctl-w net.ipv4.tcp_keepalive_time=3600
Sysctl-w net.ipv4.tcp_window_scaling=1
Sysctl-w net.ipv4.tcp_sack=1
Configure sysctl
Edit this file:
Vi / etc/sysctl.conf
If the file is empty, enter the following, otherwise adjust yourself according to the situation:
# Controls source route verification
# Default should work for all interfaces
Net.ipv4.conf.default.rp_filter = 1
# net.ipv4.conf.all.rp_filter = 1
# net.ipv4.conf.lo.rp_filter = 1
# net.ipv4.conf.eth0.rp_filter = 1
# Disables IP source routing
# Default should work for all interfaces
Net.ipv4.conf.default.accept_source_route = 0
# net.ipv4.conf.all.accept_source_route = 0
# net.ipv4.conf.lo.accept_source_route = 0
# net.ipv4.conf.eth0.accept_source_route = 0
# Controls the System Request debugging functionality of the kernel
Kernel.sysrq = 0
# Controls whether core dumps will append the PID to the core filename.
# Useful for debugging multi-threaded applications.
Kernel.core_uses_pid = 1
# Increase maximum amount of memory allocated to shm
# Only uncomment if needed!
# kernel.shmmax = 67108864
# Disable ICMP Redirect Acceptance
# Default should work for all interfaces
Net.ipv4.conf.default.accept_redirects = 0
# net.ipv4.conf.all.accept_redirects = 0
# net.ipv4.conf.lo.accept_redirects = 0
# net.ipv4.conf.eth0.accept_redirects = 0
# Enable Log Spoofed Packets, Source Routed Packets, Redirect Packets
# Default should work for all interfaces
Net.ipv4.conf.default.log_martians = 1
# net.ipv4.conf.all.log_martians = 1
# net.ipv4.conf.lo.log_martians = 1
# net.ipv4.conf.eth0.log_martians = 1
# Decrease the time default value for tcp_fin_timeout connection
Net.ipv4.tcp_fin_timeout = 25
# Decrease the time default value for tcp_keepalive_time connection
Net.ipv4.tcp_keepalive_time = 1200
# Turn on the tcp_window_scaling
Net.ipv4.tcp_window_scaling = 1
# Turn on the tcp_sack
Net.ipv4.tcp_sack = 1
# tcp_fack should be on because of sack
Net.ipv4.tcp_fack = 1
# Turn on the tcp_timestamps
Net.ipv4.tcp_timestamps = 1
# Enable TCP SYN Cookie Protection
Net.ipv4.tcp_syncookies = 1
# Enable ignoring broadcasts request
Net.ipv4.icmp_echo_ignore_broadcasts = 1
# Enable bad error message Protection
Net.ipv4.icmp_ignore_bogus_error_responses = 1
# Make more local ports available
# net.ipv4.ip_local_port_range = 1024 65000
# Set TCP Re-Ordering value in kernel to'5'
Net.ipv4.tcp_reordering = 5
# Lower syn retry rates
Net.ipv4.tcp_synack_retries = 2
Net.ipv4.tcp_syn_retries = 3
# Set Max SYN Backlog to '2048'
Net.ipv4.tcp_max_syn_backlog = 2048
# Various Settings
Net.core.netdev_max_backlog = 1024
# Increase the maximum number of skb-heads to be cached
Net.core.hot_list_length = 256
# Increase the tcp-time-wait buckets pool size
Net.ipv4.tcp_max_tw_buckets = 360000
# This will increase the amount of memory available for socket input/output queues
Net.core.rmem_default = 65535
Net.core.rmem_max = 8388608
Net.ipv4.tcp_rmem = 4096 87380 8388608
Net.core.wmem_default = 65535
Net.core.wmem_max = 8388608
Net.ipv4.tcp_wmem = 4096 65535 8388608
Net.ipv4.tcp_mem = 8388608 8388608 8388608
Net.core.optmem_max = 40960
If you want to block others from ping your host, add the following code:
# Disable ping requests
Net.ipv4.icmp_echo_ignore_all = 1
After editing, execute the following command to make the changes take effect immediately:
/ sbin/sysctl-p
/ sbin/sysctl-w net.ipv4.route.flush=1
In the / proc/sys directory of Linux, we often manually set some kernel parameters or directly echo specific values to a virtual file under proc, and open some files, such as setting IP Forwarding to start automatically when boot:
Echo "1" > / proc/sys/net/ipv4/ip_forward
In fact, in Linux we can also use sysctl command to easily view, set or automatically configure specific kernel settings. We can enter "sysctl-a" at the prompt, and the summary is as follows: abi.defhandler_coff = 117440515
Dev.raid.speed_limit_max = 100000
Net.ipv4.conf.default.send_redirects = 1
Net.ipv4.conf.default.secure_redirects = 1
Net.ipv4.conf.default.accept_redirects = 1
Net.ipv4.conf.default.mc_forwarding = 0
Net.ipv4.neigh.lo.delay_first_probe_time = 5
Net.ipv4.neigh.lo.base_reachable_time = 30
Net.ipv4.icmp_ratelimit = 100
Net.ipv4.inet_peer_gc_mintime = 10
Net.ipv4.igmp_max_memberships = 20
Net.ipv4.ip_no_pmtu_disc = 0
Net.core.no_cong_thresh = 20
Net.core.netdev_max_backlog = 300
Net.core.rmem_default = 65535
Net.core.wmem_max = 65535
Vm.kswapd = 512 32 8
Vm.overcommit_memory = 0
Vm.bdflush = 30 64 64 256 500 3000 60 00
Vm.freepages = 351702 1053
Kernel.sem = 250 32000 32 128
Kernel.panic = 0
Kernel.domainname = (none)
Kernel.hostname = pc02.shinewave.com.tw
Kernel.version = # 1 Tue Oct 30 20:11:04 EST 2001
Kernel.osrelease = 2.4.9-13
Kernel.ostype = Linux
Fs.dentry-state = 1611 45000
Fs.file-nr = 1121 73 8192
Fs.inode-state = 1333 0 000 0 0
From the above syntax, we can probably see that the representation of sysctl is to express the directory structure of "/" with "." and link down layer by layer. Of course, giving a virtual file under proc with a specific value of echo can also be represented by sysctl, for example:
# sysctl-w net.ipv4.ip_forward = "1"
Or you can add, delete or modify the 0J1 value of a specific file directly in / etc/sysctl.conf:
# Enables packet forwarding
Net.ipv4.ip_forward = 1
# Enables source route verification
Net.ipv4.conf.default.rp_filter = 1
# Disables the magic-sysrq key
Kernel.sysrq = 0
Of course, if it is still valid after considering reboot, directly add, delete and modify the 0Magne1 value of a specific file in / etc/sysctl.conf to make it retain the setting (take RedHat as an example, every time the boot system starts, init will execute / etc/rc.d/rc.sysinit, and then use the default value of / etc/sysctl.conf to execute sysctl).
Related reference files:
/ sbin/sysctl
/ etc/sysctl.conf
Sysctl and sysctl.conf manpage
/ usr/src/linux-x.y.z/Documentation/sysctl/*
/ usr/share/doc/kernel-doc-x.y.z/sysctl/* (RedHat)
Http://hi.baidu.com/caosicong/blog/item/0a592360d438cfda8db10d9b.html
Http://hi.baidu.com/phpfamer/blog/item/932e276eb39c30de80cb4a3c.htmlsysctl configuration and kernel parameters displayed in the / proc/sys directory. You can use sysctl to set or reset networking features such as IP forwarding, IP fragmentation, and source route checking. Users only need to edit the / etc/sysctl.conf file to perform the functions controlled by sysctl manually or automatically. Command format: sysctl [- n] [- e]-w variable=value sysctl [- n] [- e]
-p (default / etc/sysctl.conf) sysctl [- n] [- e]-a meaning of common parameters:-w temporarily change the value of a specified parameter, for example, sysctl-w net.ipv4.ip_forward=1-a displays all system parameters-p loads system parameters from the specified file, if not specified, loads from / etc/sysctl.conf if you just want to temporarily change the value of a system parameter It can be implemented in two ways, for example, if you want to enable IP routing forwarding: 1)
# echo 1 > / proc/sys/net/ipv4/ip_forward 2) both of the above two methods can enable routing immediately, but if the system is rebooted or the # service network restart command is executed, the set value will be lost. If you want to keep the configuration permanently, you can modify the / etc/sysctl.conf file to change net.ipv4.ip_forward=0 to net.ipv4.ip_forward=1.
Sysctl is an interface that allows you to change a running Linux system. It includes some advanced options for TCP/IP stacks and virtual memory systems, which allow experienced administrators to improve eye-catching system performance. You can read and set more than five hundred system variables with sysctl. Based on this, sysctl (8) provides two functions: reading and modifying system settings.
View all readable variables:
% sysctl-a
Read a specified variable, such as kern.maxproc:
% sysctl kern.maxprockern.maxproc: 1044
To set a specified variable, use syntax such as variable=value directly:
# sysctl kern.maxfiles=5000
Kern.maxfiles: 2088-> 5000
You can use sysctl to modify system variables, or you can modify system variables by editing the sysctl.conf file. Sysctl.conf looks a lot like rc.conf. It uses
Set the value in the form of variable=value. The specified value is set after the system enters multi-user mode. Not all variables can be set in this mode.
The sysctl variable is usually set as a string, number, or Boolean. (Boolean means 1 for 'yes',' and 0 for 'no').
Sysctl-w kernel.sysrq=0
Sysctl-w kernel.core_uses_pid=1
Sysctl-w net.ipv4.conf.default.accept_redirects=0
Sysctl-w net.ipv4.conf.default.accept_source_route=0
Sysctl-w net.ipv4.conf.default.rp_filter=1
Sysctl-w net.ipv4.tcp_syncookies=1
Sysctl-w net.ipv4.tcp_max_syn_backlog=2048
Sysctl-w net.ipv4.tcp_fin_timeout=30
Sysctl-w net.ipv4.tcp_synack_retries=2
Sysctl-w net.ipv4.tcp_keepalive_time=3600
Sysctl-w net.ipv4.tcp_window_scaling=1
Sysctl-w net.ipv4.tcp_sack=1
Configure sysctl
Edit this file:
Vi / etc/sysctl.conf
If the file is empty, enter the following, otherwise adjust yourself according to the situation:
# Controls source route verification
# Default should work for all interfaces
Net.ipv4.conf.default.rp_filter = 1
# net.ipv4.conf.all.rp_filter = 1
# net.ipv4.conf.lo.rp_filter = 1
# net.ipv4.conf.eth0.rp_filter = 1
# Disables IP source routing
# Default should work for all interfaces
Net.ipv4.conf.default.accept_source_route = 0
# net.ipv4.conf.all.accept_source_route = 0
# net.ipv4.conf.lo.accept_source_route = 0
# net.ipv4.conf.eth0.accept_source_route = 0
# Controls the System Request debugging functionality of the kernel
Kernel.sysrq = 0
# Controls whether core dumps will append the PID to the core filename.
# Useful for debugging multi-threaded applications.
Kernel.core_uses_pid = 1
# Increase maximum amount of memory allocated to shm
# Only uncomment if needed!
# kernel.shmmax = 67108864
# Disable ICMP Redirect Acceptance
# Default should work for all interfaces
Net.ipv4.conf.default.accept_redirects = 0
# net.ipv4.conf.all.accept_redirects = 0
# net.ipv4.conf.lo.accept_redirects = 0
# net.ipv4.conf.eth0.accept_redirects = 0
# Enable Log Spoofed Packets, Source Routed Packets, Redirect Packets
# Default should work for all interfaces
Net.ipv4.conf.default.log_martians = 1
# net.ipv4.conf.all.log_martians = 1
# net.ipv4.conf.lo.log_martians = 1
# net.ipv4.conf.eth0.log_martians = 1
# Decrease the time default value for tcp_fin_timeout connection
Net.ipv4.tcp_fin_timeout = 25
# Decrease the time default value for tcp_keepalive_time connection
Net.ipv4.tcp_keepalive_time = 1200
# Turn on the tcp_window_scaling
Net.ipv4.tcp_window_scaling = 1
# Turn on the tcp_sack
Net.ipv4.tcp_sack = 1
# tcp_fack should be on because of sack
Net.ipv4.tcp_fack = 1
# Turn on the tcp_timestamps
Net.ipv4.tcp_timestamps = 1
# Enable TCP SYN Cookie Protection
Net.ipv4.tcp_syncookies = 1
# Enable ignoring broadcasts request
Net.ipv4.icmp_echo_ignore_broadcasts = 1
# Enable bad error message Protection
Net.ipv4.icmp_ignore_bogus_error_responses = 1
# Make more local ports available
# net.ipv4.ip_local_port_range = 1024 65000
# Set TCP Re-Ordering value in kernel to'5'
Net.ipv4.tcp_reordering = 5
# Lower syn retry rates
Net.ipv4.tcp_synack_retries = 2
Net.ipv4.tcp_syn_retries = 3
# Set Max SYN Backlog to '2048'
Net.ipv4.tcp_max_syn_backlog = 2048
# Various Settings
Net.core.netdev_max_backlog = 1024
# Increase the maximum number of skb-heads to be cached
Net.core.hot_list_length = 256
# Increase the tcp-time-wait buckets pool size
Net.ipv4.tcp_max_tw_buckets = 360000
# This will increase the amount of memory available for socket input/output queues
Net.core.rmem_default = 65535
Net.core.rmem_max = 8388608
Net.ipv4.tcp_rmem = 4096 87380 8388608
Net.core.wmem_default = 65535
Net.core.wmem_max = 8388608
Net.ipv4.tcp_wmem = 4096 65535 8388608
Net.ipv4.tcp_mem = 8388608 8388608 8388608
Net.core.optmem_max = 40960
If you want to block others from ping your host, add the following code:
# Disable ping requests
Net.ipv4.icmp_echo_ignore_all = 1
After editing, execute the following command to make the changes take effect immediately:
/ sbin/sysctl-p
/ sbin/sysctl-w net.ipv4.route.flush=1
In the / proc/sys directory of Linux, we often manually set some kernel parameters or directly echo specific values to a virtual file under proc, and open some files, such as setting IP Forwarding to start automatically when boot:
Echo "1" > / proc/sys/net/ipv4/ip_forward
In fact, in Linux we can also use sysctl command to easily view, set or automatically configure specific kernel settings. We can enter "sysctl-a" at the prompt, and the summary is as follows: abi.defhandler_coff = 117440515
Dev.raid.speed_limit_max = 100000
Net.ipv4.conf.default.send_redirects = 1
Net.ipv4.conf.default.secure_redirects = 1
Net.ipv4.conf.default.accept_redirects = 1
Net.ipv4.conf.default.mc_forwarding = 0
Net.ipv4.neigh.lo.delay_first_probe_time = 5
Net.ipv4.neigh.lo.base_reachable_time = 30
Net.ipv4.icmp_ratelimit = 100
Net.ipv4.inet_peer_gc_mintime = 10
Net.ipv4.igmp_max_memberships = 20
Net.ipv4.ip_no_pmtu_disc = 0
Net.core.no_cong_thresh = 20
Net.core.netdev_max_backlog = 300
Net.core.rmem_default = 65535
Net.core.wmem_max = 65535
Vm.kswapd = 512 32 8
Vm.overcommit_memory = 0
Vm.bdflush = 30 64 64 256 500 3000 60 00
Vm.freepages = 351702 1053
Kernel.sem = 250 32000 32 128
Kernel.panic = 0
Kernel.domainname = (none)
Kernel.hostname = pc02.shinewave.com.tw
Kernel.version = # 1 Tue Oct 30 20:11:04 EST 2001
Kernel.osrelease = 2.4.9-13
Kernel.ostype = Linux
Fs.dentry-state = 1611 45000
Fs.file-nr = 1121 73 8192
Fs.inode-state = 1333 0 000 0 0
From the above syntax, we can probably see that the representation of sysctl is to express the directory structure of "/" with "." and link down layer by layer. Of course, giving a virtual file under proc with a specific value of echo can also be represented by sysctl, for example:
# sysctl-w net.ipv4.ip_forward = "1"
Or you can add, delete or modify the 0J1 value of a specific file directly in / etc/sysctl.conf:
# Enables packet forwarding
Net.ipv4.ip_forward = 1
# Enables source route verification
Net.ipv4.conf.default.rp_filter = 1
# Disables the magic-sysrq key
Kernel.sysrq = 0
Of course, if it is still valid after considering reboot, directly add, delete and modify the 0Magne1 value of a specific file in / etc/sysctl.conf to make it retain the setting (take RedHat as an example, every time the boot system starts, init will execute / etc/rc.d/rc.sysinit, and then use the default value of / etc/sysctl.conf to execute sysctl).
At this point, the study on the "introduction of sysctl command parameters of the Linux system" is over. I hope to be able to solve your doubts. The collocation of theory and practice can better help you learn, go and try it! If you want to continue to learn more related knowledge, please continue to follow the website, the editor will continue to work hard to bring you more practical articles!
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 0
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
"Every 5-10 years, there's a rare product, a really special, very unusual product that's the most un
© 2024 shulou.com SLNews company. All rights reserved.
12
Report
