Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account

Shulou

How to use the sysctl command of Linux

2025-04-08 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Development >

Share

Shulou(Shulou.com)06/01 Report--

Today, the editor will share with you the relevant knowledge points about how to use the sysctl command of Linux. The content is detailed and the logic is clear. I believe most people still know too much about this knowledge, so share this article for your reference. I hope you can get something after reading this article. Let's take a look.

The Linux common command sysctl command is used to dynamically modify kernel running parameters while the kernel is running, and the available kernel parameters are in the directory / proc/sys.

Dynamically modify kernel running parameters during sysctl

Add that it includes some advanced options for TCP/ip stacks and virtual memory systems, which allow experienced administrators to improve eye-catching system performance. You can read and set more than five hundred system variables with sysctl.

Syntax sysctl (options) (parameters) option-n: do not print keywords when printing values;-e: ignore unknown keyword errors;-N: print only names;-w: use this when changing sysctl settings;-p: load kernel parameter settings from configuration file "/ etc/sysctl.conf";-a: print all currently available kernel parameter variables and values -A: prints all currently available kernel parameter variables and values in tabular form. Parameter variable = value: sets the value of the variable corresponding to the kernel parameter.

Instance to view all readable variables:

Sysctl-a

Read a specified variable, such as kern.maxproc:

Sysctl kern.maxproc kern.maxproc: 1044

To set a specified variable, use syntax such as variable=value directly:

Sysctl kern.maxfiles=5000 kern.maxfiles: 2088-> 5000 you can use sysctl to modify system variables, or you can modify system variables by editing the sysctl.conf file. Sysctl.conf looks a lot like rc.conf. It sets the value in the form of variable=value. The specified value is set after the system enters multi-user mode. Not all variables can be set in this mode.

The sysctl variable is usually set as a string, number, or Boolean. (Boolean means 1 for 'yes',' and 0 for 'no').

Sysctl-w kernel.sysrq=0 sysctl-w kernel.core_uses_pid=1 sysctl-w net.ipv4.conf.default.accept_redirects=0 sysctl-w net.ipv4.conf.default.accept_source_route=0 sysctl-w net.ipv4.conf.default.rp_filter=1 sysctl-w net.ipv4.tcp_syncookies=1 sysctl-w net.ipv4.tcp_max_syn_backlog=2048 sysctl-w net.ipv4.tcp_fin_timeout=30 sysctl-w net.ipv4.tcp_synack_retries=2 sysctl-w net.ipv4.tcp_keepalive_time=3600 Sysctl-w net.ipv4.tcp_window_scaling=1 sysctl-w net.ipv4.tcp_sack=1 configuration sysctl edit this file: / etc/sysctl.conf

If the file is empty, enter the following, otherwise adjust yourself according to the situation:

# Controls source route verification # Default should work for all interfaces net.ipv4.conf.default.rp_filter = 1 # net.ipv4.conf.all.rp_filter = 1 # net.ipv4.conf.lo.rp_filter = 1 # net.ipv4.conf.eth0.rp_filter = 1 # Disables IP source routing # Default should work for all interfaces net.ipv4.conf.default.accept_source_route = 0 # net.ipv4.conf.all.accept_source_route = 0 # net.ipv4.conf.lo. Accept_source_route = 0 # net.ipv4.conf.eth0.accept_source_route = 0 # Controls the System Request debugging functionality of the kernel kernel.sysrq = 0 # Controls whether core dumps will append the PID to the core filename. # Useful for debugging multi-threaded applications. Kernel.core_uses_pid = 1 # Increase maximum amount of memory allocated to shm # Only uncomment if needed! # kernel.shmmax = 67108864 # Disable ICMP Redirect Acceptance # Default should work for all interfaces net.ipv4.conf.default.accept_redirects = 0 # net.ipv4.conf.all.accept_redirects = 0 # net.ipv4.conf.lo.accept_redirects = 0 # net.ipv4.conf.eth0.accept_redirects = 0 # enable Log Spoofed Packets, Source Routed Packets Redirect Packets # Default should work for all interfaces net.ipv4.conf.default.log_martians = 1 # net.ipv4.conf.all.log_martians = 1 # net.ipv4.conf.lo.log_martians = 1 # net.ipv4.conf.eth0.log_martians = 1 # Decrease the time default value for tcp_fin_timeout connection net.ipv4.tcp_fin_timeout = 25 # Decrease the time default value for tcp_keepalive_time connection net.ipv4.tcp_keepalive_time = 1200 # Turn on the tcp _ window_scaling net.ipv4.tcp_window_scaling = 1 # Turn on the tcp_sack net.ipv4.tcp_sack = 1 # tcp_fack should be on because of sack net.ipv4.tcp_fack = 1 # Turn on the tcp_timestamps net.ipv4.tcp_timestamps = 1 # Enable TCP SYN Cookie Protection net.ipv4.tcp_syncookies = 1 # Enable ignoring broadcasts request net.ipv4.icmp_echo_ignore_broadcasts = 1 # Enable bad error message Protection net.ipv4.icmp_ignore_bogus _ error_responses = 1 # make more local ports available # net.ipv4.ip_local_port_range = 1024 65000 # set TCP Re-Ordering value in kernel to'5' net.ipv4.tcp_reordering = 5 # Lower syn retry rates net.ipv4.tcp_synack_retries = 2 net.ipv4.tcp_syn_retries = 3 # Set Max SYN Backlog to '2048' net.ipv4.tcp_max_syn_backlog = 2048 # Various Settings net.core.netdev_max_backlog = 1024 # Increase The maximum number of skb-heads to be cached net.core.hot_list_length = 360000 # Increase the tcp-time-wait buckets pool size net.ipv4.tcp_max_tw_buckets = 360000 # This will increase the amount of memory available for socket input/output queues net.core.rmem_default = 65535 net.core.rmem_max = 8388608 net.ipv4.tcp_rmem = 4096 87380 8388608 net.core.wmem_default = 65535 net.core.wmem_max = 8388608 net.ipv4.tcp_wmem = 4096 65535 8388608 Net.ipv4.tcp_mem = 8388608 8388608 8388608 net.core.optmem_max = 40960 if you want to block others from ping your host Then add the following code:

# Disable ping requests net.ipv4.icmp_echo_ignore_all = 1 after editing, execute the following command to make the changes take effect immediately:

/ sbin/sysctl-p / sbin/sysctl-w net.ipv4.route.flush=1 above is all the content of this article "how to use the sysctl command of Linux". Thank you for reading! I believe you will gain a lot after reading this article. The editor will update different knowledge for you every day. If you want to learn more knowledge, please pay attention to the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 0

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Share To

Development

Wechat

© 2024 shulou.com SLNews company. All rights reserved.

12
Report