Check out my first novel, midnight's simulacra!

Sysctl: Difference between revisions

From dankwiki
No edit summary
No edit summary
Line 1: Line 1:
User-supplied sysctls are best provided via files dropped into <tt>/etc/sysctl.d</tt> (these files must have a <tt>conf</tt> extension). Each has a corresponding entry in <tt>/proc/sys</tt>, assuming [[procfs]] is mounted.
User-supplied sysctls are best provided via files dropped into <tt>/etc/sysctl.d</tt> (these files must have a <tt>conf</tt> extension). Each has a corresponding entry in <tt>/proc/sys</tt>, assuming [[procfs]] is mounted.


==Some favorite systctls==
==Some favorite sysctls==
* <tt>kernel.dmesg_restrict=0</tt> allows regular users to see <tt>dmesg</tt> output
* <tt>kernel.dmesg_restrict=0</tt> allows regular users to see <tt>dmesg</tt> output
* <tt>kernel.nmi_watchdog=0</tt> disables the NMI watchdog, freeing up a [[Performance Counters|performance counter]]
* <tt>kernel.nmi_watchdog=0</tt> disables the NMI watchdog, freeing up a [[Performance Counters|performance counter]]

Revision as of 03:13, 23 September 2019

User-supplied sysctls are best provided via files dropped into /etc/sysctl.d (these files must have a conf extension). Each has a corresponding entry in /proc/sys, assuming procfs is mounted.

Some favorite sysctls

  • kernel.dmesg_restrict=0 allows regular users to see dmesg output
  • kernel.nmi_watchdog=0 disables the NMI watchdog, freeing up a performance counter
  • kernel.perf_event_paranoid=-1 allow unprivileged access to performance counters
  • net.ipv4.ip_forward=1 enable IPv4 packet forwarding
  • net.ipv6.conf.all.forwarding=1 enable IPv6 packet forwarding
  • net.netfilter.nf_conntrack_acct=1 turn on packet/byte stats in conntrack table
  • net.netfilter.nf_conntrack_timestamp=1 turn on timestamps in conntrack table
  • net.ipv4.tcp_syncookies=1 enable TCP syncookies (see http://lwn.net/Articles/277146/)
  • net.ipv4.conf.default.rp_filter=1, net.ipv4.conf.all.rp_filter=1 enable reverse path filter