Linux SYSCTL commands and related applications

One, sysctl command introduction

The SYSCTL command is used to dynamically modify the kernel's operating parameters while the kernel is running, and the available kernel parameters are in directory/proc/sys. It contains advanced options for both the TCP/IP stack and the virtual memory system, which allows experienced administrators to improve compelling system performance. More than 500 system variables can be read with Sysctl.
1.sysctl (option) (parameter)
Option: (Details can be man sysctl)
-A All view all kernel parameter variables and values
-W Write Modify kernel parameters
-P load kernel parameter settings from config file "/etc/sysctl.conf"

Parameters:
Variable = value: Sets the value of the variable corresponding to the kernel parameter.

2.sysctl and/proc/sys/configuration file relationships
Sysctl is a command to modify kernel parameters
/proc/sys/is the memory read kernel parameter directory
Sysctl and/proc/sys corresponding rules:
Remove the previous section/proc/sys and change the slash in the file name to point
For example:

　　/proc/sys/net/ipv4/ip_forward ＝》 net.ipv4.ip_forward　　/proc/sys/kernel/hostname ＝》 kernel.hostname

These two rules can convert any file name in/proc/sys to a variable name in Sysctl.
Changes made with sysctl-w or echo xxx >/pro/sys/net/netfilter/xxx will expire after a reboot.
Configuration files for 3.CENTOS6 and 7
6 Version:/etc/sysctl.conf,7 version:/etc/sysctl.d/99-sysctl.conf
You can edit the configuration file under/etc/sysctl.d/(the old system is/etc/sysctl.conf) and the settings will be loaded when the system starts.

[[email protected] ~]# ll /etc/sysctl.d/99-sysctl.conf lrwxrwxrwx. 1 root root 14 1月   5 2017 /etc/sysctl.d/99-sysctl.conf -> ../sysctl.conf  //sysctl.conf和99-sysctl.conf 是同一个文件，只是链接而已

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

Second, the SYSCTL command uses

Use environment

[[email protected] ~]# cat /etc/redhat-release Red Hat Enterprise Linux Server release 7.2 (Maipo

1. Block others Ping your host (Boolean with one to indicate ' yes ', and ' no ' for ' no ')

[[email protected] ~]# sysctl -a | grep icmpnet.ipv4.icmp_echo_ignore_all = 0[[email protected] ~]# sysctl -w net.ipv4.icmp_echo_ignore_all=1[[email protected] ~]# sysctl -p

2./var/log/messages log appears kernel:nf_conntrack:table full, dropping packet. What is the cause of this? How to Solve
Reason:
Server access is large, kernel NetFilter module Conntrack related parameters configuration unreasonable, resulting in the new connection is discarded.
Analysis:
The Nf_conntrack module uses a hash table to record the connections that come in, more quickly than it is released, fills the hash table, and the connected packets are discarded, resulting in a denial of service. Small set up and release time, adjust the hash table.
Solve:
A, reset the Nf_conntrack module parameters

[[email protected] ~]# echo 250000 > /sys/module/nf_conntrack/parameters/hashsize    //设置哈希表大小[[email protected] ~]# sysctl -w net.nf_conntrack_max = 1000000   //哈希表最大跟踪数（一般是哈希表4倍）[[email protected] ~]# sysctl -w net.netfilter.nf_conntrack_max = 1000000      //哈希表最大跟踪数[[email protected] ~]# sysctl -w net.netfilter.nf_conntrack_tcp_timeout_established = 300  //默认432000 秒（5天） tcp三次握手建立[[email protected] ~]# sysctl -w net.netfilter.nf_conntrack_tcp_timeout_fin_wait = 60    //默认120秒，四次断开的主动断开一方，第一和二次断开等待时间[[email protected] ~]# sysctl -w net.netfilter.nf_conntrack_tcp_timeout_close_wait = 30 //默认60秒 ，四次断开，被动断开一方，第二次断开的出现的状态[[email protected] ~]# sysctl -w net.netfilter.nf_conntrack_tcp_timeout_time_wait = 60  //默认120秒 ， 四次断开，被动断开一方，第四次断开的状态

B, shut down the firewall (not directly exposed to the public network of the host)

[[email protected] ~]# systemctl stop firewalld[[email protected] ~]# systemctl disable firewalld

3. Turn on the kernel Routing and forwarding function

[[email protected] ~]# sysctl -w net.ipv4.ip_forward=1net.ipv4.ip_forward = 1

4. Adjust the total amount of files that all processes can open (web tuning can be used)

[[email protected] ~]# sysctl -w fs.file-max=197900fs.file-max = 197900

Encouragement: I hear and I forget. I see and I remember. I do and I understand!

Reference connection:
53426630
http://keyknight.blog.163.com/blog/static/3663784020104152407759/
51178794 System Tuning

Linux SYSCTL commands and related applications