設置Sysctl.conf用以提高Linux的性能

Sysctl是一個允許您改變正在運行中的Linux系統的接口。它包含一些 TCP/IP 堆棧和虛擬內存系統的高級選項， 這可以讓有經驗的管理員提高引人注目的系統性能。用sysctl可以讀取設置超過五百個系統變量。基于這點，sysctl(8) 提供兩個功能：讀取和修改系統設置。

查看所有可讀變量：

% sysctl -a

讀一個指定的變量，例如 kern.maxproc：

% sysctl kern.maxproc kern.maxproc: 1044

要設置一個指定的變量，直接用 variable=value 這樣的語法：

# sysctl kern.maxfiles=5000

kern.maxfiles: 2088 -> 5000

您可以使用sysctl修改系統變量，也可以通過編輯sysctl.conf文件來修改系統變量。sysctl.conf 看起來很像 rc.conf。它用 variable=value 的形式來設定值。指定的值在系統進入多用戶模式之后被設定。并不是所有的變量都可以在這個模式下設定。

sysctl 變量的設置通常是字符串、數字或者布爾型。 (布爾型用 1 來表示’yes’，用 0 來表示’no’)。

?

sysctl -w kernel.sysrq=0

sysctl -w kernel.core_uses_pid=1

sysctl -w net.ipv4.conf.default.accept_redirects=0

sysctl -w net.ipv4.conf.default.accept_source_route=0

sysctl -w net.ipv4.conf.default.rp_filter=1

sysctl -w net.ipv4.tcp_syncookies=1

sysctl -w net.ipv4.tcp_max_syn_backlog=2048

sysctl -w net.ipv4.tcp_fin_timeout=30

sysctl -w net.ipv4.tcp_synack_retries=2

sysctl -w net.ipv4.tcp_keepalive_time=3600

sysctl -w net.ipv4.tcp_window_scaling=1

sysctl -w net.ipv4.tcp_sack=1

?

配置sysctl

?

編輯此文件：

?

vi /etc/sysctl.conf

?

?

如果該文件為空，則輸入以下內容，否則請根據情況自己做調整：

?

# Controls source route verification

# Default should work for all interfaces

net.ipv4.conf.default.rp_filter = 1

# net.ipv4.conf.all.rp_filter = 1

# net.ipv4.conf.lo.rp_filter = 1

# net.ipv4.conf.eth0.rp_filter = 1

?

# Disables IP source routing

# Default should work for all interfaces

net.ipv4.conf.default.accept_source_route = 0

# net.ipv4.conf.all.accept_source_route = 0

# net.ipv4.conf.lo.accept_source_route = 0

# net.ipv4.conf.eth0.accept_source_route = 0

?

# Controls the System Request debugging functionality of the kernel

kernel.sysrq = 0

?

# Controls whether core dumps will append the PID to the core filename.

# Useful for debugging multi-threaded applications.

kernel.core_uses_pid = 1

?

# Increase maximum amount of memory allocated to shm

# Only uncomment if needed!

# kernel.shmmax = 67108864

?

# Disable ICMP Redirect Acceptance

# Default should work for all interfaces

net.ipv4.conf.default.accept_redirects = 0

# net.ipv4.conf.all.accept_redirects = 0

# net.ipv4.conf.lo.accept_redirects = 0

# net.ipv4.conf.eth0.accept_redirects = 0

?

# Enable Log Spoofed Packets, Source Routed Packets, Redirect Packets

# Default should work for all interfaces

net.ipv4.conf.default.log_martians = 1

# net.ipv4.conf.all.log_martians = 1

# net.ipv4.conf.lo.log_martians = 1

# net.ipv4.conf.eth0.log_martians = 1

?

# Decrease the time default value for tcp_fin_timeout connection

net.ipv4.tcp_fin_timeout = 25

?

# Decrease the time default value for tcp_keepalive_time connection

net.ipv4.tcp_keepalive_time = 1200

?

# Turn on the tcp_window_scaling

net.ipv4.tcp_window_scaling = 1

?

# Turn on the tcp_sack

net.ipv4.tcp_sack = 1

?

# tcp_fack should be on because of sack

net.ipv4.tcp_fack = 1

?

# Turn on the tcp_timestamps

net.ipv4.tcp_timestamps = 1

?

# Enable TCP SYN Cookie Protection

net.ipv4.tcp_syncookies = 1

?

# Enable ignoring broadcasts request

net.ipv4.icmp_echo_ignore_broadcasts = 1

?

# Enable bad error message Protection

net.ipv4.icmp_ignore_bogus_error_responses = 1

?

# Make more local ports available

# net.ipv4.ip_local_port_range = 1024 65000

?

# Set TCP Re-Ordering value in kernel to ‘5′

net.ipv4.tcp_reordering = 5

?

# Lower syn retry rates

net.ipv4.tcp_synack_retries = 2

net.ipv4.tcp_syn_retries = 3

?

# Set Max SYN Backlog to ‘2048′

net.ipv4.tcp_max_syn_backlog = 2048

?

# Various Settings

net.core.netdev_max_backlog = 1024

?

# Increase the maximum number of skb-heads to be cached

net.core.hot_list_length = 256

?

# Increase the tcp-time-wait buckets pool size

net.ipv4.tcp_max_tw_buckets = 360000

?

# This will increase the amount of memory available for socket input/output queues

net.core.rmem_default = 65535

net.core.rmem_max = 8388608

net.ipv4.tcp_rmem = 4096 87380 8388608

net.core.wmem_default = 65535

net.core.wmem_max = 8388608

net.ipv4.tcp_wmem = 4096 65535 8388608

net.ipv4.tcp_mem = 8388608 8388608 8388608

net.core.optmem_max = 40960

?

如果希望屏蔽別人 ping 你的主機，則加入以下代碼：

?

# Disable ping requests

net.ipv4.icmp_echo_ignore_all = 1

?

編輯完成后，請執行以下命令使變動立即生效：

?

/sbin/sysctl -p

/sbin/sysctl -w net.ipv4.route.flush=1

總結

以上是生活随笔為你收集整理的sysctl: 深入使用Linux的必经之路的全部內容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網站內容還不錯，歡迎將生活随笔推薦給好友。