Difference between revisions of "Sysctl"

From dankwiki
Line 1: Line 1:
 
User-supplied sysctls are best provided via files dropped into <tt>/etc/sysctl.d</tt> (these files must have a <tt>conf</tt> extension). Each has a corresponding entry in <tt>/proc/sys</tt>, assuming [[procfs]] is mounted.
 
User-supplied sysctls are best provided via files dropped into <tt>/etc/sysctl.d</tt> (these files must have a <tt>conf</tt> extension). Each has a corresponding entry in <tt>/proc/sys</tt>, assuming [[procfs]] is mounted.
  
==Some favorite systctls==
+
==Some favorite sysctls==
 
* <tt>kernel.dmesg_restrict=0</tt> allows regular users to see <tt>dmesg</tt> output
 
* <tt>kernel.dmesg_restrict=0</tt> allows regular users to see <tt>dmesg</tt> output
 
* <tt>kernel.nmi_watchdog=0</tt> disables the NMI watchdog, freeing up a [[Performance Counters|performance counter]]
 
* <tt>kernel.nmi_watchdog=0</tt> disables the NMI watchdog, freeing up a [[Performance Counters|performance counter]]

Revision as of 23:13, 22 September 2019

User-supplied sysctls are best provided via files dropped into /etc/sysctl.d (these files must have a conf extension). Each has a corresponding entry in /proc/sys, assuming procfs is mounted.

Some favorite sysctls

  • kernel.dmesg_restrict=0 allows regular users to see dmesg output
  • kernel.nmi_watchdog=0 disables the NMI watchdog, freeing up a performance counter
  • kernel.perf_event_paranoid=-1 allow unprivileged access to performance counters
  • net.ipv4.ip_forward=1 enable IPv4 packet forwarding
  • net.ipv6.conf.all.forwarding=1 enable IPv6 packet forwarding
  • net.netfilter.nf_conntrack_acct=1 turn on packet/byte stats in conntrack table
  • net.netfilter.nf_conntrack_timestamp=1 turn on timestamps in conntrack table
  • net.ipv4.tcp_syncookies=1 enable TCP syncookies (see http://lwn.net/Articles/277146/)
  • net.ipv4.conf.default.rp_filter=1, net.ipv4.conf.all.rp_filter=1 enable reverse path filter