{"id":645,"date":"2018-07-27T20:25:52","date_gmt":"2018-07-27T13:25:52","guid":{"rendered":"http:\/\/www.oopsbox.com\/?p=645"},"modified":"2018-07-27T20:25:52","modified_gmt":"2018-07-27T13:25:52","slug":"sysctl-changing-kernel-parameters-at-runtime","status":"publish","type":"post","link":"https:\/\/www.oopsbox.com\/?p=645","title":{"rendered":"sysctl &#8211; changing kernel parameters at runtime"},"content":{"rendered":"<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"null\">#\r\n# \/etc\/sysctl.conf - Configuration file for setting system variables\r\n# See \/etc\/sysctl.d\/ for additional system variables.\r\n# See sysctl.conf (5) for information.\r\n#\r\n\r\n#kernel.domainname = example.com\r\n\r\n# Uncomment the following to stop low-level messages on console\r\n#kernel.printk = 3 4 1 3\r\n\r\n##############################################################3\r\n# Functions previously found in netbase\r\n#\r\n\r\n# Uncomment the next two lines to enable Spoof protection (reverse-path filter)\r\n# Turn on Source Address Verification in all interfaces to\r\n# prevent some spoofing attacks\r\n#net.ipv4.conf.default.rp_filter=1\r\n#net.ipv4.conf.all.rp_filter=1\r\n\r\n# Uncomment the next line to enable TCP\/IP SYN cookies\r\n# See http:\/\/lwn.net\/Articles\/277146\/\r\n# Note: This may impact IPv6 TCP sessions too\r\n#net.ipv4.tcp_syncookies=1\r\n\r\n# Uncomment the next line to enable packet forwarding for IPv4\r\n#net.ipv4.ip_forward=1\r\n\r\n# Uncomment the next line to enable packet forwarding for IPv6\r\n#  Enabling this option disables Stateless Address Autoconfiguration\r\n#  based on Router Advertisements for this host\r\n#net.ipv6.conf.all.forwarding=1\r\n\r\n\r\n###################################################################\r\n# Additional settings - these settings can improve the network\r\n# security of the host and prevent against some network attacks\r\n# including spoofing attacks and man in the middle attacks through\r\n# redirection. Some network environments, however, require that these\r\n# settings are disabled so review and enable them as needed.\r\n#\r\n# Do not accept ICMP redirects (prevent MITM attacks)\r\n#net.ipv4.conf.all.accept_redirects = 0\r\n#net.ipv6.conf.all.accept_redirects = 0\r\n# _or_\r\n# Accept ICMP redirects only for gateways listed in our default\r\n# gateway list (enabled by default)\r\n# net.ipv4.conf.all.secure_redirects = 1\r\n#\r\n# Do not send ICMP redirects (we are not a router)\r\n#net.ipv4.conf.all.send_redirects = 0\r\n#\r\n# Do not accept IP source route packets (we are not a router)\r\n#net.ipv4.conf.all.accept_source_route = 0\r\n#net.ipv6.conf.all.accept_source_route = 0\r\n#\r\n# Log Martian Packets\r\n#net.ipv4.conf.all.log_martians = 1\r\n#\r\n\r\n###################################################################\r\n# Magic system request Key\r\n# 0=disable, 1=enable all\r\n# Debian kernels have this set to 0 (disable the key)\r\n# See https:\/\/www.kernel.org\/doc\/Documentation\/sysrq.txt\r\n# for what other values do\r\n#kernel.sysrq=1\r\n\r\n###################################################################\r\n# Protected links\r\n#\r\n# Protects against creating or following links under certain conditions\r\n# Debian kernels have both set to 1 (restricted) \r\n# See https:\/\/www.kernel.org\/doc\/Documentation\/sysctl\/fs.txt\r\n#fs.protected_hardlinks=0\r\n#fs.protected_symlinks=0\r\n\r\n###################################################################\r\n# Improving performance\r\n# Virtual memory\r\n# Consensus is that setting vm.dirty_ratio to 10% of RAM is a sane value if RAM is say 1 GB (so 10% is 100 MB). But if the machine has much more RAM, say 16 GB (10% is 1.6 # GB), the percentage may be out of proportion as it becomes several seconds of writeback on spinning disks. A more sane value in this case may be 3 (3% of 16 GB is #approximately 491 MB).\r\n\r\nvm.swappiness=10\r\nvm.dirty_ratio=10\r\nvm.dirty_background_ratio=5\r\nvm.vfs_cache_pressure=50\r\nvm.dirty_background_bytes=4194304\r\nvm.dirty_bytes=4194304\r\n\r\n# Networking\r\n# Increasing the size of the receive queue.\r\nnet.core.netdev_max_backlog=100000\r\nnet.core.netdev_budget=50000\r\nnet.core.netdev_budget_usecs=5000\r\n#\r\n# Increase the maximum connections default 128\r\nnet.core.somaxconn=1024\r\n#\r\n# Increase the memory dedicated to the network interfaces\r\nnet.core.rmem_default=1048576\r\nnet.core.rmem_max=16777216\r\nnet.core.wmem_default=1048576\r\nnet.core.wmem_max=16777216\r\nnet.core.optmem_max=65536\r\nnet.ipv4.tcp_rmem=4096 1048576 2097152\r\nnet.ipv4.tcp_wmem=4096 65536 16777216\r\n#\r\n# increase the default 4096 UDP limits\r\nnet.ipv4.udp_rmem_min=8192\r\nnet.ipv4.udp_wmem_min=8192\r\n#\r\n# Enable TCP Fast Open\r\nnet.ipv4.tcp_fastopen=3\r\n#\r\n# Tweak the pending connection handling\r\nnet.ipv4.tcp_max_syn_backlog=30000\r\nnet.ipv4.tcp_max_tw_buckets=2000000\r\nnet.ipv4.tcp_tw_reuse=1\r\nnet.ipv4.tcp_fin_timeout=10\r\nnet.ipv4.tcp_slow_start_after_idle=0\r\n#\r\n# Change TCP keepalive parameters\r\nnet.ipv4.tcp_keepalive_time=60\r\nnet.ipv4.tcp_keepalive_intvl=10\r\nnet.ipv4.tcp_keepalive_probes=6\r\n#\r\n# Enable MTU probing\r\nnet.ipv4.tcp_mtu_probing=1\r\n#\r\n# TCP Timestamps\r\nnet.ipv4.tcp_timestamps=0\r\n#\r\n# TCP\/IP stack hardening\r\n# TCP SYN cookie protection\r\nnet.ipv4.tcp_syncookies=1\r\n#\r\n# TCP rfc1337\r\nnet.ipv4.tcp_rfc1337=1\r\n#\r\n# Reverse path filtering\r\nnet.ipv4.conf.default.rp_filter=1\r\nnet.ipv4.conf.all.rp_filter=1\r\n#\r\n# Log martian packets\r\nnet.ipv4.conf.default.log_martians=1\r\nnet.ipv4.conf.all.log_martians=1\r\n#\r\n# Disable ICMP redirecting\r\nnet.ipv4.conf.all.accept_redirects=0\r\nnet.ipv4.conf.default.accept_redirects=0\r\nnet.ipv4.conf.all.secure_redirects=0\r\nnet.ipv4.conf.default.secure_redirects=0\r\nnet.ipv6.conf.all.accept_redirects=0\r\nnet.ipv6.conf.default.accept_redirects=0\r\n#\r\n# disable ICMP redirect sending when on a non router\r\nnet.ipv4.conf.all.send_redirects=0\r\nnet.ipv4.conf.default.send_redirects=0\r\n#\r\n# Enable Ignoring to ICMP Request\r\nnet.ipv4.icmp_echo_ignore_all=1\r\n<\/pre>\n<p>&nbsp;<br \/>\nSource : https:\/\/wiki.archlinux.org\/index.php\/Sysctl<\/p>\n<div id=\"s-share-buttons\" class=\"\"><div class=\"s-single-share\">\n\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"fb-share-button\" data-href=\"https:\/\/www.oopsbox.com\/?p=645\" data-type=\"button_count\"><\/div><\/div><div class=\"s-single-share\"><a href=\"https:\/\/twitter.com\/share\" class=\"twitter-share-button\"><\/a>\n\t\t\t\t\t\t\t\t\t\t\t\t<\/div><div class=\"s-single-share\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"g-plusone\" data-size=\"medium\"><\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div><div class=\"s-single-share\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t<a href=\"\/\/www.pinterest.com\/pin\/create\/button\/\" data-pin-do=\"buttonBookmark\"  data-pin-color=\"red\"><img decoding=\"async\" src=\"\/\/assets.pinterest.com\/images\/pidgets\/pinit_fg_en_rect_red_20.png\" \/><\/a>\n\t\t\t\t\t\t\t\t\t\t\t\t\t<script type=\"text\/javascript\" async defer src=\"\/\/assets.pinterest.com\/js\/pinit.js\"><\/script>\n\t\t\t\t\t\t\t\t\t\t\t\t<\/div><div class=\"s-single-share\">\n\t\t\t\t\t\t\t\t\t\t\t\t<a href=\"mailto:?Subject=sysctl%20&#8211;%20changing%20kernel%20parameters%20at%20runtime&Body=Here%20is%20the%20link%20to%20the%20article:%20https:\/\/www.oopsbox.com\/?p=645\" title=\"Email\" class=\"s3-email\"><img decoding=\"async\" src=\"https:\/\/www.oopsbox.com\/wp-content\/plugins\/simple-social-share\/includes\/..\/images\/share-email.png\"><\/a>\n\t\t\t\t\t\t\t\t\t\t\t<\/div><\/div>","protected":false},"excerpt":{"rendered":"<p># # \/etc\/sysctl.conf &#8211; Configuration file for setting system variables # See \/etc\/sysctl.d\/ for additional system variables. # See sysctl.conf (5) for information. # #kernel.domainname = example.com # Uncomment the following to stop low-level messages on console #kernel.printk = 3 4 1 3 ##############################################################3 # Functions previously found in netbase # # Uncomment the next &hellip; <\/p>\n<p class=\"link-more\"><a href=\"https:\/\/www.oopsbox.com\/?p=645\" class=\"more-link\">Continue reading<span class=\"screen-reader-text\"> &#8220;sysctl &#8211; changing kernel parameters at runtime&#8221;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[6],"tags":[71],"class_list":["post-645","post","type-post","status-publish","format-standard","hentry","category-lab","tag-sysctl","entry"],"views":3590,"_links":{"self":[{"href":"https:\/\/www.oopsbox.com\/index.php?rest_route=\/wp\/v2\/posts\/645","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.oopsbox.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.oopsbox.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.oopsbox.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.oopsbox.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=645"}],"version-history":[{"count":1,"href":"https:\/\/www.oopsbox.com\/index.php?rest_route=\/wp\/v2\/posts\/645\/revisions"}],"predecessor-version":[{"id":647,"href":"https:\/\/www.oopsbox.com\/index.php?rest_route=\/wp\/v2\/posts\/645\/revisions\/647"}],"wp:attachment":[{"href":"https:\/\/www.oopsbox.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=645"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.oopsbox.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=645"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.oopsbox.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=645"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}