Anonymous

Changes

From dankwiki
1,223 bytes added ,  22:21, 22 September 2019
no edit summary
User-supplied sysctls are best provided via files dropped into <tt>/etc/sysctl.d</tt> (these files must have a <tt>conf</tt> extension). Each has a corresponding entry in <tt>/proc/sys</tt>, assuming [[procfs]] is mounted. With or without a mounted procfs, the <tt>sysctl</tt> command line tool. There is a sysctl system call, but it has been deprecated since Linux 2.6.24, and its usage is discouraged. FreeBSD supports the system call. Supported sysctls can be enumerated using <tt>sysctl -a</tt>. ==Some favorite systctlssysctls==
* <tt>kernel.dmesg_restrict=0</tt> allows regular users to see <tt>dmesg</tt> output
* <tt>kernel.nmi_watchdog=0</tt> disables the NMI watchdog, freeing up a [[Performance Counters|performance counter]]* <tt>kernel.perf_event_paranoid=-1</tt> allow unprivileged access to [[Performance Counters|performance counters]]* <tt>net.ipv4.ip_forward=1</tt> enable IPv4 packet forwarding* <tt>net.ipv6.conf.all.forwarding=1</tt> enable IPv6 packet forwarding* <tt>net.netfilter.nf_conntrack_acct=1</tt> turn on packet/byte stats in conntrack table* <tt>net.netfilter.nf_conntrack_timestamp=1</tt> turn on timestamps in conntrack table* <tt>net.ipv4.tcp_syncookies=1</tt> enable TCP syncookies (see http://lwn.net/Articles/277146/)* <tt>net.ipv4.conf.default.rp_filter=1</tt>, <tt>net.ipv4.conf.all.rp_filter=1</tt> enable reverse path filter* <tt>net.core.bpf_jit_enable=1</tt> enables [[EBPF|eBPF]] JIT