Using sysctl
The sysctl command can make viewing, setting, and automating special kernel settings very easy.
sysctl - configure kernel parameters at runtime, sysctl is used to modify kernel parameters at runtime. The parameters available are those listed under /proc/sys/. Procfs is required for sysctl support in Linux. You can use sysctl to both read and write sysctl data.
To get a quick overview of all settings configurable in the /proc/sys directory, type the sysctl -a command as root. This will create a large, comprehensive list, a small portion of which looks something like this:
root@dell:~# sysctl -a
kernel.sched_min_granularity_ns = 4000000
kernel.sched_latency_ns = 20000000
kernel.sched_wakeup_granularity_ns = 5000000
kernel.sched_shares_ratelimit = 250000
kernel.sched_child_runs_first = 1
kernel.sched_features = 7935
You can manually assign values to writable files by echoing the value to the file.
The sysctl command is able to do the same thing by typing the sysctl -w [file]=”[new-value]“ command. For example, to activate the System Request Key, the following command is required:
root@dell# sysctl -w kernel.sysrq=”1″
kernel.sysrq = 1
To preserve the settings that you like to make permanently to your kernel, add them to the /etc/sysctl.conf file.
Any values added to /etc/sysctl.conf will take effect right after the system boots with no need to reconfigure and rebuild the kernel to incorporate the change.
Checking system default VM setting using sysctl
Some of the VM settings for the kernel can be changed using sysctl. Here is a listing of the default settings for a system on 2.6.27
root@dell:~# sysctl -a |grep vm
vm.overcommit_memory = 0
vm.panic_on_oom = 0
vm.oom_kill_allocating_task = 0
vm.oom_dump_tasks = 0
vm.overcommit_ratio = 50
vm.page-cluster = 3
vm.dirty_background_ratio = 10
vm.dirty_ratio = 40
vm.dirty_writeback_centisecs = 499
vm.dirty_expire_centisecs = 2999
vm.nr_pdflush_threads = 2
vm.swappiness = 60
vm.nr_hugepages = 0
vm.hugetlb_shm_group = 0
vm.hugepages_treat_as_movable = 0
vm.nr_overcommit_hugepages = 0
vm.lowmem_reserve_ratio = 256 32 32
vm.drop_caches = 0
vm.min_free_kbytes = 2033
vm.percpu_pagelist_fraction = 0
vm.max_map_count = 65536
vm.laptop_mode = 0
vm.block_dump = 0
vm.vfs_cache_pressure = 100
vm.legacy_va_layout = 0
vm.stat_interval = 1
vm.mmap_min_addr = 0
vm.vdso_enabled = 2
vm.highmem_is_dirtyable = 0
sysctl tunable parameters
If you need Linux to ignore ping requests, edit the /etc/sysctl.conf file and add the following line:
net.ipv4.icmp_echo_ignore_all = 1
If you want or need Linux to ignore broadcast requests, edit the /etc/sysctl.conf file and add the following line:
net.ipv4.icmp_echo_ignore_broadcasts = 1
To alert you about bad error messages in the network, edit the /etc/sysctl.conf file and add the following line:
net.ipv4.icmp_ignore_bogus_error_responses = 1
To turn on logging for Spoofed Packets, Source Routed Packets, and Redirect Packets, edit the /etc/sysctl.conf file and add the following line:
net.ipv4.conf.all.log_martians = 1
Using the sysctl Command
he /sbin/sysctl command is used to view, set, and automate kernel settings in the /proc/sys/ directory.
For a quick overview of all settings configurable in the /proc/sys/ directory, type:
The sysctl command can be used in place of echo to assign values to writable files in the /proc/sys/ directory. For example, instead of using the command
echo 1 > /proc/sys/kernel/sysrq
Use the equivalent sysctl command as follows:
sysctl -w kernel.sysrq=”1″
kernel.sysrq = 1
Enabling Source Address Verification
To prevent remote host from spofing incoming packets as if they had come from the local machine.
Solution:
Trun on source address verification in the Linux kernel.
echo 1 > /pro/sys/net/ipv4/default/rp_filter
A quick method is to add this line to /etc/sysctl.conf
net.ipv4.conf.all.rp_filter = 1
And then run the sysctl command to read the configuration.
DESCRIPTION
sysctl is used to modify kernel parameters at runtime. The parameters available are those listed under /proc/sys/. Procfs is required for sysctl support in Linux. You can use sysctl to both read and write sysctl data.
EXAMPLES
/sbin/sysctl -a
/sbin/sysctl -n kernel.hostname
/sbin/sysctl -w kernel.domainname=”example.com”
/sbin/sysctl -p /etc/sysctl.conf
-w Use this option when you want to change a sysctl setting.
-p Load in sysctl settings from the file specified or /etc/sysctl.conf if none given. Specifying - as filename means reading data from standard input.
-a Display all values currently available.
-A Display all values currently available in table form.