Check out my first novel, midnight's simulacra!
Sysctl: Difference between revisions
From dankwiki
No edit summary |
No edit summary |
||
Line 2: | Line 2: | ||
* <tt>kernel.dmesg_restrict=0</tt> allows regular users to see <tt>dmesg</tt> output | * <tt>kernel.dmesg_restrict=0</tt> allows regular users to see <tt>dmesg</tt> output | ||
* <tt>kernel.nmi_watchdog=0</tt> disables the NMI watchdog, freeing up a [[Performance Counters|performance counter]] | * <tt>kernel.nmi_watchdog=0</tt> disables the NMI watchdog, freeing up a [[Performance Counters|performance counter]] | ||
* <tt>net.ipv4.ip_forward=1</tt> enable IPv4 packet forwarding | |||
* <tt>net.ipv6.conf.all.forwarding=1</tt> enable IPv6 packet forwarding | |||
* <tt>net.netfilter.nf_conntrack_acct=1</tt> turn on packet/byte stats in conntrack table | |||
* <tt>net.netfilter.nf_conntrack_timestamp=1</tt> turn on timestamps in conntrack table | |||
* <tt>net.ipv4.tcp_syncookies=1</tt> enable TCP syncookies (see http://lwn.net/Articles/277146/) | |||
* <tt>net.ipv4.conf.default.rp_filter=1</tt>, <tt>net.ipv4.conf.all.rp_filter=1</tt> enable reverse path filter | |||
* <tt>kernel.perf_event_paranoid=-1</tt> allow unprivileged access to [[Performance Counters|performance counters]] |
Revision as of 03:11, 23 September 2019
Some favorite systctls
- kernel.dmesg_restrict=0 allows regular users to see dmesg output
- kernel.nmi_watchdog=0 disables the NMI watchdog, freeing up a performance counter
- net.ipv4.ip_forward=1 enable IPv4 packet forwarding
- net.ipv6.conf.all.forwarding=1 enable IPv6 packet forwarding
- net.netfilter.nf_conntrack_acct=1 turn on packet/byte stats in conntrack table
- net.netfilter.nf_conntrack_timestamp=1 turn on timestamps in conntrack table
- net.ipv4.tcp_syncookies=1 enable TCP syncookies (see http://lwn.net/Articles/277146/)
- net.ipv4.conf.default.rp_filter=1, net.ipv4.conf.all.rp_filter=1 enable reverse path filter
- kernel.perf_event_paranoid=-1 allow unprivileged access to performance counters