Questions tagged [sysctl]
sysctl is a mechanism for controlling options and limits in the Unix-like operating system kernels. Sysctls can be used to tune performance or change behaviors of many subsystems.
121 questions
0 votes
1 answer
382 views
what exactly does the fs.quota.syncs sysctl parameter in Linux do?
We are debugging high load/low CPU issues that ultimately crash the system on a customers SLES 8.8 VMs. I compared the sysctl values and noticed the instances on which the problem occurred the issues ...
- 171
0 votes
0 answers
693 views
rp_filter was set to 1 unexpectedly on rhel 9 clones
I'm trying to setup a virtual interface, and disable its rp_filter. For example, a virtual ethernet: ip l a va type veth peer name vb; echo 0 > /proc/sys/net/ipv4//conf/va/rp_filter It works fine ...
- 11
1 vote
0 answers
373 views
Automatic TCP SYN - cookie activation
I am simulating a SYN flood attack on a Raspberry Pi 1 with KALI Linux (ARM) installed. A similar message as mentioned in this post was printed after performing the attack: How to avoid syn cookies. ...
- 11
0 votes
0 answers
2k views
Can't disable Privacy Extensions for IPv6
On a fresh Debian 12 install, I wish to disable Privacy Extention for IPv6, but the config get rewritten every time I reboot. After doing the proper modification to /etc/sysctl.conf I'm getting the ...
- 101
1 vote
0 answers
945 views
Amazon Linux 2023: systcl kernel parameters - network - hardening and tuning review
We are in the process of transitioning to Amazon Gnu/Linux 2023, and during the course of this migration, I came across some Ansible code that modifies kernel parameters. I would greatly appreciate it ...
- 111
0 votes
1 answer
2k views
Static IPv6 LAN address while using SLAAC for global unicast
I have some IPv6 nodes in two IPv6 networks. There is a single IPv6 router, link-local to all nodes. The router sends out router advertisements(RA) containing two prefixes for the two networks. The ...
4 votes
1 answer
6k views
Disable ipv4 with /etc/sysctl.conf | GNU/LINUX Debian 11
I can disable ipv6 as su in /etc/sysctl.conf on my GNU/LINUX Debian 11 with net.ipv6.conf.all.disable_ipv6 = 1 net.ipv6.conf.default.disable_ipv6 = 1 and restart with /sbin/sysctl -p when i try to ...
1 vote
1 answer
194 views
Client TCP segments arrive in batches
The scenario is the following: a WebSocket server and clients exchange messages at some pace (like 40-50 times in a second). However, for one client, once in a few minutes I'm observing that there is ...
- 111
0 votes
0 answers
344 views
Limit number of connection for a special port on Linux server
I have an Nginx server in Ubuntu 20, And has a multi-port listener on it for the proxy pass. I want to limit the number of connections per port. IP doesn't matter (I mean dont limit by IP). My IPTable ...
- 103
0 votes
1 answer
523 views
Optional sysctl configuration parameters
I am working on some automation that sets linux kernel parameters using sysctl. Specifically I am creating a template that can be deployed to systems with a high amount of connections. The automation ...
0 votes
1 answer
586 views
Which versions of Ubuntu share /etc/sysctl.conf compatibility? [closed]
I am looking to secure my Ubuntu 18.04 LTS server and have found a nice script but it was designed for Ubuntu 20.04 LTS which includes changes to /etc/sysctl.conf. Which versions of Ubuntu (or linux ...
- 11
1 vote
0 answers
1k views
Problems with sysctl settings somaxconn
I'm trying to change the somaxconn settings, but for some reason they are not there. ***@***:~# cat /etc/debian_version bullseye/sid ***@***:~# uname -a Linux *** 5.4.78-2-pve #1 SMP PVE 5.4.78-2 (...
- 11
0 votes
0 answers
2k views
How to determine which resource is exhausted
On a server with a very high load many of my daily cron jobs stopped working. I have postfix server running that only delivers locally so that I can see the output of the cron jobs with mutt. I ...
- 179
1 vote
0 answers
501 views
Same sysctl kernel parameters for KVM host and guest
I need to set up a KVM guest with the following sysctl kernel parameters: net.core.rmem_max = 16777216 net.core.wmem_max = 16777216 net.ipv4.tcp_rmem = 4096 87380 16777216 net.ipv4.tcp_wmem = 4096 ...
- 31
0 votes
0 answers
1k views
Nginx: how to increase backlog (net.core.somaxconn), without changing sysctl.conf? Want to allow many pending connections
I am not running a webapp, but rather a Machine Learning model which needs to provide real-time predictions. Am using Nginx with Gunicorn, both of which are running in a docker container. The setup ...
- 101
0 votes
0 answers
877 views
Issue with HAProxy 2.0.7 setup with tproxy on Centos-7
I am Trying to setup HAProxy with transparent proxy on Centos-7 machine. Env: ( 2-http server ==>> HAProxy server ==>> ClientVM ) I have configured http servers with normal haproxy and it ...
0 votes
1 answer
3k views
sysctl disable IPv6 autoconf
I'm trying to setup IPv6 on my OVH server using their guide. In the article they recommend to disable IPv6 autoconf and router advertising to prevent known issues You can do so by adding the ...
- 103
0 votes
1 answer
1k views
Portainer: Pass vm.max_map_count to SonarQube Docker container
I need to set up a SonarQube container on my Portainer instance. SonarQube uses Elasticsearch, which needs a kernel setting passed from the host. This issue is well documented, as mentioned in this ...
- 67
2 votes
1 answer
945 views
Set sysfs network option before interface is up
I want to set /sys/class/net/wwan0/qmi/raw_ip, and I don't want to do it by writing a shell script to take wwan0 down set it, then put wwan0 back up as a systemd unit. I'm trying this on Raspbian ...
- 185
1 vote
0 answers
4k views
How to interpret the number of open and max file descriptors for nginx?
I want to get the currently open file descriptors and upper limit of open file descriptors on an AWS Linux instance. The reason is to determine whether to increase the limits for nginx to have enough ...
- 235
2 votes
0 answers
637 views
Is there an ipv6 equivalent for net.ipv4.conf.all.route_localnet
Is there an ipv6 equivalent for net.ipv4.conf.all.route_localnet ? (According to nftables ip6 route to localhost/ ipv6 nat to loopback, there isn't). If not, how the use case described in Port ...
- 21
1 vote
1 answer
3k views
In IPv6 router gets the Router solicitation message, but not respond with Router advertisement
We setup a IPv6 network with two ubuntu systems and we make one PC as HOST and other as ROUTER(based on the concept of SLAAC). The host sent the "Router solicitation" message, but the router not ...
- 31
2 votes
1 answer
5k views
cant counting all open files by lsof + lsof is hung
we are tying to count all open files by lsof lsof | wc -l lsof: WARNING: can't stat() fuse.gvfsd-fuse file system /run/user/42/gvfs Output information may be incomplete. but sill after 1 hour ...
- 521
0 votes
1 answer
641 views
sysctl kernel core pattern not working with ~
I'm trying to put core dumps in home directory but for whatever reason a core pattern starting with ~ does not work while using full path works just fine. Can't seem to find this rule in docs. Not ...
- 113
2 votes
1 answer
2k views
AWS EC2 Amazon Linux is using swap even if it shouldn't
I have a few ECS servers running various apps. After a few mysterious outages I noticed that the instance is swapping hard and it consumes its IO Burst Balance rendering the instance useless. The ...
- 23
9 votes
3 answers
30k views
sysctl not sticking after reboot
Using Lubuntu 18.10 Cosmic Cuttlefish Most commands do stick. However Lynis has repeatedly demonstrated four sysctl parameters are not sticking on reboot. sysctl -p does successfully apply them ...
- 103
0 votes
1 answer
2k views
how are all/default/interface configuration influencing each other?
On the following kernel configuration path: /proc/sys/net/ipv6/conf/ we can configure each network interface in the following way: we can specify what configuration to follow for all interfaces we ...
- 139
9 votes
2 answers
3k views
sysctl vs writing directly to /proc/*
On a typical linux machine you can change kernel configuration by modifying the files located at /proc/*. For example, for the IPv6 accept_dad parameter of a specific network interface (say, eth0), ...
- 139
5 votes
1 answer
2k views
What is the difference between net.core.netdev_max_backlog and net.ipv4.tcp_max_syn_backlog
Several docs on the net describe these options as following: net.core.netdev_max_backlog: Maximum number of packets, queued on the INPUT side, when the interface receives packets faster than kernel ...
- 153
-1 votes
1 answer
511 views
Changes in fs.* after rebooting?
After rebooting my machine, sysctl -a gave me different outputs (some of changes like kernel.sched_domain.cpu0.domain0.max_newidle_lb_cost is expected): 16c16 < fs.dentry-state = 37641 15280 ...
- 255
0 votes
0 answers
558 views
error: "net.ipv6" is an unknown key
On one of my CentOS 6 machines I get $ sudo sysctl net.ipv6 error: "net.ipv6" is an unknown key Why do I see this and how can I fix this?
- 457
1 vote
1 answer
2k views
sysctl -p /etc/sysctl.conf reverts to original settings after 1 minute
I need to tweak the kernel params as the Ubuntu minimal install is created for a machine with 256 MB of ram and our server has 32 GB. The issue I am having is that when I execute the command sysctl -...
- 357
1 vote
0 answers
1k views
How does non-namespace specific sysctl variables work in the context of network namespaces?
Let's assume the systctl variables net.ipv4.tcp_wmem and net.ipv4.tcp_rmem. To my understanding, these variables can not be set per-namespace (but very soon apparently). My understanding is that ...
- 1,720
1 vote
1 answer
1k views
seting rtprio limit in system without PAM
I have minimal linux system without PAM (custom complied linux based appliance) and I want to set system wide (all users) rtprio to 99. My idea is to do this with help of sysctl. But looking on ...
- 21
2 votes
0 answers
2k views
Debian 8 - TCP Overflows / TCP Drops
I have recently installed netdata on my Debian 8 server (monitoring software) and afetr installing my Debian 8 server is reporting the below two alerts constantly. 1m ipv4 tcp listen overflows = 37 ...
- 41
22 votes
1 answer
34k views
Sane value for net.ipv4.tcp_max_syn_backlog in sysctl.conf
I'm tuning sysctl.conf. According to an optimization guide on linode's website, the following is a sane value to set in sysctl.conf: net.ipv4.tcp_max_syn_backlog = 3240000 However, the same value in ...
- 2,785
19 votes
2 answers
89k views
How to get the count of open files by a user in linux
Is their any specific command or tool to get the count of open files by a user in linux?
- 291
1 vote
1 answer
13k views
How can I reliably set net.core.ipv4.conf.rp_filter = 0 on CentOS 7?
I would like to disable reverse-path filtering on a CentOS 7 machine. I have a file in /etc/sysctl.d/ that contains the following in an attempt to disable it for all of my network interfaces: net....
- 448
3 votes
0 answers
3k views
Reaching maximum TIME_WAIT sockets (tried tcp_fin_timeout)
tl;dr: How do i get the kernel to drop TIME_WAIT/closing sockets as forcibly and fast as possible? I don't care about data being lost since I'm not sending any. I'm currently running a little test ...
- 237
0 votes
1 answer
415 views
What else can drop/delay connections, but iptables
In the office we have an interesting situation: after there is a connection (even if it's just a web page refresh) from any computer to our test server (hosted on AWS), another computer wouldn't be ...
- 111
-1 votes
1 answer
175 views
Fixing fs.file-max too small remotely
I was testing some things and breaking things in order to see if I could fix them. I was connected to a remote machine via Putty ssh and ended up changing fs.file-max to a very (comparatively) small ...
5 votes
3 answers
9k views
What is the default maximum value for /proc/sys/kernel/shmmax
I am having an amiguity as to what the maximum value in shmmax should be set. After having a look at my system's statistics, it shows the following: #cat /proc/sys/kernel/shmmax ...
- 51
-3 votes
2 answers
272 views
/sbin/sysctl was overwritten accidentally , How do we restore it CentOS
We accidentally overwrote file /sbin/sysctl with command echo 1 > /sbin/sysctl How do we restore the file in centos?
- 1
2 votes
1 answer
601 views
Default values on missing procfs and sysctl settings
I have several questions regarding the handling of procfs or sysctl values. Can a feature be enabled with a missing /proc file? Does a missing /proc or sysctl entry always mean that the option is ...
- 123
0 votes
1 answer
949 views
linux + sysctl -a + from where sysctl -a print all kernel parameters
we have linux machine redhat 6 when we print all paramers from /etc/sysctl.conf we see only ~20 but when we perform sysctl -a we see more then 200 so from where sysctl -a print all these parameters ?...
- 11
0 votes
1 answer
3k views
Centos7 disable IP Redirect sending on IPSec VPN Server
When using StrongSwan as an IPSEC S2S VPN Gateway, ICMP redirects are being sent to machines behind the right side. I have added the following lines to /etc/sysctl.conf: net.ipv4.conf.all....
- 61
0 votes
1 answer
2k views
Why lxc container doesn't execute config files on /etc/sysctl.d?
My host is Ubuntu 16.04.1 LTS with privileged container. I want to disable ipv6 of container, so I created a config file on /etc/sysctl.d/60-disable-ipv6.conf, I have tried lxc-start and lxc-stop -r ...
- 23
1 vote
0 answers
2k views
Debian sysctl config not persisting on reboot
I am running ubuntu 14.04: Linux WEBLB3 3.13.0-79-generic #123-Ubuntu SMP Fri Feb 19 14:27:58 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux I have modified the /etc/sysctl.conf file to set sysctl settings ...
- 171
2 votes
1 answer
1k views
Cannot find default value in sysctl - Ubuntu
Im running Ubuntu 14.0.4 LTS and im trying to change some default values to optimize. I run sysctl -a to see all values. I have /etc/sysctl.conf and /etc/sysctl.d/ which has a few 10-*.conf files ...
- 21
1 vote
1 answer
2k views
Overwhelmed by "TCP: time wait bucket table overflow" errors -- What can I do to mitigate?
I've got a legacy system running Debian 7 (proxmox) hosting OpenVZ containers, and I'm seeing a troublesome problem where the system is being overwhelmed by open connections to VZ container running ...
- 11