sysctl: 深入使用Linux的必经之路
設置Sysctl.conf用以提高Linux的性能
Sysctl是一個允許您改變正在運行中的Linux系統(tǒng)的接口。它包含一些 TCP/IP 堆棧和虛擬內存系統(tǒng)的高級選項, 這可以讓有經驗的管理員提高引人注目的系統(tǒng)性能。用sysctl可以讀取設置超過五百個系統(tǒng)變量。基于這點,sysctl(8) 提供兩個功能:讀取和修改系統(tǒng)設置。
查看所有可讀變量:
% sysctl -a
讀一個指定的變量,例如 kern.maxproc:
% sysctl kern.maxproc kern.maxproc: 1044
要設置一個指定的變量,直接用 variable=value 這樣的語法:
# sysctl kern.maxfiles=5000
kern.maxfiles: 2088 -> 5000
您可以使用sysctl修改系統(tǒng)變量,也可以通過編輯sysctl.conf文件來修改系統(tǒng)變量。sysctl.conf 看起來很像 rc.conf。它用 variable=value 的形式來設定值。指定的值在系統(tǒng)進入多用戶模式之后被設定。并不是所有的變量都可以在這個模式下設定。
sysctl 變量的設置通常是字符串、數(shù)字或者布爾型。 (布爾型用 1 來表示’yes’,用 0 來表示’no’)。
?
sysctl -w kernel.sysrq=0
sysctl -w kernel.core_uses_pid=1
sysctl -w net.ipv4.conf.default.accept_redirects=0
sysctl -w net.ipv4.conf.default.accept_source_route=0
sysctl -w net.ipv4.conf.default.rp_filter=1
sysctl -w net.ipv4.tcp_syncookies=1
sysctl -w net.ipv4.tcp_max_syn_backlog=2048
sysctl -w net.ipv4.tcp_fin_timeout=30
sysctl -w net.ipv4.tcp_synack_retries=2
sysctl -w net.ipv4.tcp_keepalive_time=3600
sysctl -w net.ipv4.tcp_window_scaling=1
sysctl -w net.ipv4.tcp_sack=1
?
配置sysctl
?
編輯此文件:
?
vi /etc/sysctl.conf
?
?
如果該文件為空,則輸入以下內容,否則請根據(jù)情況自己做調整:
?
# Controls source route verification
# Default should work for all interfaces
net.ipv4.conf.default.rp_filter = 1
# net.ipv4.conf.all.rp_filter = 1
# net.ipv4.conf.lo.rp_filter = 1
# net.ipv4.conf.eth0.rp_filter = 1
?
# Disables IP source routing
# Default should work for all interfaces
net.ipv4.conf.default.accept_source_route = 0
# net.ipv4.conf.all.accept_source_route = 0
# net.ipv4.conf.lo.accept_source_route = 0
# net.ipv4.conf.eth0.accept_source_route = 0
?
# Controls the System Request debugging functionality of the kernel
kernel.sysrq = 0
?
# Controls whether core dumps will append the PID to the core filename.
# Useful for debugging multi-threaded applications.
kernel.core_uses_pid = 1
?
# Increase maximum amount of memory allocated to shm
# Only uncomment if needed!
# kernel.shmmax = 67108864
?
# Disable ICMP Redirect Acceptance
# Default should work for all interfaces
net.ipv4.conf.default.accept_redirects = 0
# net.ipv4.conf.all.accept_redirects = 0
# net.ipv4.conf.lo.accept_redirects = 0
# net.ipv4.conf.eth0.accept_redirects = 0
?
# Enable Log Spoofed Packets, Source Routed Packets, Redirect Packets
# Default should work for all interfaces
net.ipv4.conf.default.log_martians = 1
# net.ipv4.conf.all.log_martians = 1
# net.ipv4.conf.lo.log_martians = 1
# net.ipv4.conf.eth0.log_martians = 1
?
# Decrease the time default value for tcp_fin_timeout connection
net.ipv4.tcp_fin_timeout = 25
?
# Decrease the time default value for tcp_keepalive_time connection
net.ipv4.tcp_keepalive_time = 1200
?
# Turn on the tcp_window_scaling
net.ipv4.tcp_window_scaling = 1
?
# Turn on the tcp_sack
net.ipv4.tcp_sack = 1
?
# tcp_fack should be on because of sack
net.ipv4.tcp_fack = 1
?
# Turn on the tcp_timestamps
net.ipv4.tcp_timestamps = 1
?
# Enable TCP SYN Cookie Protection
net.ipv4.tcp_syncookies = 1
?
# Enable ignoring broadcasts request
net.ipv4.icmp_echo_ignore_broadcasts = 1
?
# Enable bad error message Protection
net.ipv4.icmp_ignore_bogus_error_responses = 1
?
# Make more local ports available
# net.ipv4.ip_local_port_range = 1024 65000
?
# Set TCP Re-Ordering value in kernel to ‘5′
net.ipv4.tcp_reordering = 5
?
# Lower syn retry rates
net.ipv4.tcp_synack_retries = 2
net.ipv4.tcp_syn_retries = 3
?
# Set Max SYN Backlog to ‘2048′
net.ipv4.tcp_max_syn_backlog = 2048
?
# Various Settings
net.core.netdev_max_backlog = 1024
?
# Increase the maximum number of skb-heads to be cached
net.core.hot_list_length = 256
?
# Increase the tcp-time-wait buckets pool size
net.ipv4.tcp_max_tw_buckets = 360000
?
# This will increase the amount of memory available for socket input/output queues
net.core.rmem_default = 65535
net.core.rmem_max = 8388608
net.ipv4.tcp_rmem = 4096 87380 8388608
net.core.wmem_default = 65535
net.core.wmem_max = 8388608
net.ipv4.tcp_wmem = 4096 65535 8388608
net.ipv4.tcp_mem = 8388608 8388608 8388608
net.core.optmem_max = 40960
?
如果希望屏蔽別人 ping 你的主機,則加入以下代碼:
?
# Disable ping requests
net.ipv4.icmp_echo_ignore_all = 1
?
編輯完成后,請執(zhí)行以下命令使變動立即生效:
?
/sbin/sysctl -p
/sbin/sysctl -w net.ipv4.route.flush=1
總結
以上是生活随笔為你收集整理的sysctl: 深入使用Linux的必经之路的全部內容,希望文章能夠幫你解決所遇到的問題。
- 上一篇: 用sysctl调整linux内核参数
- 下一篇: Linux中kill,pkill,kil