linux方法参数,Linux的sysctl 命令 参数
Linux內(nèi)核通過(guò)/proc虛擬文件系統(tǒng)向用戶導(dǎo)出內(nèi)核信息,用戶也可以通過(guò)/proc文件系統(tǒng)或通過(guò)sysctl命令動(dòng)態(tài)配置內(nèi)核。比如,如果我們想啟動(dòng)NAT,除了加載模塊、配置防火墻外,還需要啟動(dòng)內(nèi)核轉(zhuǎn)發(fā)功能。我們有三種方法:
1. 直接寫/proc文件系統(tǒng)
# echo 1 > /proc/sys/net/ipv4/ip_forward
2. 利用sysctl命令
# sysctl -w net.ipv4.ip_forward=1
sysctl -a可以查看內(nèi)核所有導(dǎo)出的變量
3. 編輯/etc/sysctl.conf
添加如下一行,這樣系統(tǒng)每次啟動(dòng)后,該變量的值就是1
net.ipv4.ip_forward = 1
sysctl是procfs軟件中的命令,該軟件包還提供了w, ps, vmstat, pgrep, pkill, top,
slabtop等命令。
sysctl配置與顯示在/proc/sys目錄中的內(nèi)核參數(shù).可以用sysctl來(lái)設(shè)置或重新設(shè)置聯(lián)網(wǎng)功能,如IP轉(zhuǎn)發(fā)、IP碎片去除以及源路由檢查等。用戶只需要編輯/etc/sysctl.conf文件,即可手工或自動(dòng)執(zhí)行由sysctl控制的功能。
命令格式: ?sysctl [-n] [-e] -w variable=value
sysctl [-n] [-e] -p (default
/etc/sysctl.conf) ?sysctl [-n]
[-e] -a ?常用參數(shù)的意義:
-w ?臨時(shí)改變某個(gè)指定參數(shù)的值,如 ?sysctl -w
net.ipv4.ip_forward=1 ?-a
顯示所有的系統(tǒng)參數(shù) ?-p ?從指定的文件加載系統(tǒng)參數(shù),如不指定即從/etc/sysctl.conf中加載 ?如果僅僅是想臨時(shí)改變某個(gè)系統(tǒng)參數(shù)的值,可以用兩種方法來(lái)實(shí)現(xiàn),例如想啟用IP路由轉(zhuǎn)發(fā)功能:
1) #echo 1 >
/proc/sys/net/ipv4/ip_forward ?2) #sysctl -w net.ipv4.ip_forward=1
以上兩種方法都可能立即開啟路由功能,但如果系統(tǒng)重啟,或執(zhí)行了
# service network
restart命令,所設(shè)置的值即會(huì)丟失,如果想永久保留配置,可以修改/etc/sysctl.conf文件將
net.ipv4.ip_forward=0改為net.ipv4.ip_forward=1
sysctl是一個(gè)允許您改變正在運(yùn)行中的Linux系統(tǒng)的接口。它包含一些 TCP/IP 堆棧和虛擬內(nèi)存系統(tǒng)的高級(jí)選項(xiàng),
這可以讓有經(jīng)驗(yàn)的管理員提高引人注目的系統(tǒng)性能。用sysctl可以讀取設(shè)置超過(guò)五百個(gè)系統(tǒng)變量。基于這點(diǎn),sysctl(8)
提供兩個(gè)功能:讀取和修改系統(tǒng)設(shè)置。
查看所有可讀變量:
% sysctl -a
讀一個(gè)指定的變量,例如 kern.maxproc:
% sysctl kern.maxproc kern.maxproc: 1044
要設(shè)置一個(gè)指定的變量,直接用 variable=value 這樣的語(yǔ)法:
# sysctl kern.maxfiles=5000
kern.maxfiles: 2088 -> 5000
您可以使用sysctl修改系統(tǒng)變量,也可以通過(guò)編輯sysctl.conf文件來(lái)修改系統(tǒng)變量。sysctl.conf
看起來(lái)很像 rc.conf。它用 variable=value
的形式來(lái)設(shè)定值。指定的值在系統(tǒng)進(jìn)入多用戶模式之后被設(shè)定。并不是所有的變量都可以在這個(gè)模式下設(shè)定。
sysctl 變量的設(shè)置通常是字符串、數(shù)字或者布爾型。 (布爾型用 1 來(lái)表示'yes',用 0
來(lái)表示'no')。
sysctl -w kernel.sysrq=0
sysctl -w kernel.core_uses_pid=1
sysctl -w net.ipv4.conf.default.accept_redirects=0
sysctl -w net.ipv4.conf.default.accept_source_route=0
sysctl -w net.ipv4.conf.default.rp_filter=1
sysctl -w net.ipv4.tcp_syncookies=1
sysctl -w net.ipv4.tcp_max_syn_backlog=2048
sysctl -w net.ipv4.tcp_fin_timeout=30
sysctl -w net.ipv4.tcp_synack_retries=2
sysctl -w net.ipv4.tcp_keepalive_time=3600
sysctl -w net.ipv4.tcp_window_scaling=1
sysctl -w net.ipv4.tcp_sack=1
配置sysctl
編輯此文件:
vi /etc/sysctl.conf
如果該文件為空,則輸入以下內(nèi)容,否則請(qǐng)根據(jù)情況自己做調(diào)整:
# Controls source route verification
# Default should work for all interfaces
net.ipv4.conf.default.rp_filter = 1
# net.ipv4.conf.all.rp_filter = 1
# net.ipv4.conf.lo.rp_filter = 1
# net.ipv4.conf.eth0.rp_filter = 1
# Disables IP source routing
# Default should work for all interfaces
net.ipv4.conf.default.accept_source_route = 0
# net.ipv4.conf.all.accept_source_route = 0
# net.ipv4.conf.lo.accept_source_route = 0
# net.ipv4.conf.eth0.accept_source_route = 0
# Controls the System Request debugging functionality of the
kernel
kernel.sysrq = 0
# Controls whether core dumps will append the PID to the core
filename.
# Useful for debugging multi-threaded applications.
kernel.core_uses_pid = 1
# Increase maximum amount of memory allocated to shm
# Only uncomment if needed!
# kernel.shmmax = 67108864
# Disable ICMP Redirect Acceptance
# Default should work for all interfaces
net.ipv4.conf.default.accept_redirects = 0
# net.ipv4.conf.all.accept_redirects = 0
# net.ipv4.conf.lo.accept_redirects = 0
# net.ipv4.conf.eth0.accept_redirects = 0
# Enable Log Spoofed Packets, Source Routed Packets, Redirect
Packets
# Default should work for all interfaces
net.ipv4.conf.default.log_martians = 1
# net.ipv4.conf.all.log_martians = 1
# net.ipv4.conf.lo.log_martians = 1
# net.ipv4.conf.eth0.log_martians = 1
# Decrease the time default value for tcp_fin_timeout
connection
net.ipv4.tcp_fin_timeout = 25
# Decrease the time default value for tcp_keepalive_time
connection
net.ipv4.tcp_keepalive_time = 1200
# Turn on the tcp_window_scaling
net.ipv4.tcp_window_scaling = 1
# Turn on the tcp_sack
net.ipv4.tcp_sack = 1
# tcp_fack should be on because of sack
net.ipv4.tcp_fack = 1
# Turn on the tcp_timestamps
net.ipv4.tcp_timestamps = 1
# Enable TCP SYN Cookie Protection
net.ipv4.tcp_syncookies = 1
# Enable ignoring broadcasts request
net.ipv4.icmp_echo_ignore_broadcasts = 1
# Enable bad error message Protection
net.ipv4.icmp_ignore_bogus_error_responses = 1
# Make more local ports available
# net.ipv4.ip_local_port_range = 1024 65000
# Set TCP Re-Ordering value in kernel to ‘5′
net.ipv4.tcp_reordering = 5
# Lower syn retry rates
net.ipv4.tcp_synack_retries = 2
net.ipv4.tcp_syn_retries = 3
# Set Max SYN Backlog to ‘2048′
net.ipv4.tcp_max_syn_backlog = 2048
# Various Settings
net.core.netdev_max_backlog = 1024
# Increase the maximum number of skb-heads to be cached
net.core.hot_list_length = 256
# Increase the tcp-time-wait buckets pool size
net.ipv4.tcp_max_tw_buckets = 360000
# This will increase the amount of memory available for socket
input/output queues
net.core.rmem_default = 65535
net.core.rmem_max = 8388608
net.ipv4.tcp_rmem = 4096 87380 8388608
net.core.wmem_default = 65535
net.core.wmem_max = 8388608
net.ipv4.tcp_wmem = 4096 65535 8388608
net.ipv4.tcp_mem = 8388608 8388608 8388608
net.core.optmem_max = 40960
如果希望屏蔽別人 ping 你的主機(jī),則加入以下代碼:
# Disable ping requests
net.ipv4.icmp_echo_ignore_all = 1
編輯完成后,請(qǐng)執(zhí)行以下命令使變動(dòng)立即生效:
/sbin/sysctl -p
/sbin/sysctl -w net.ipv4.route.flush=1
我們常常在 Linux 的 /proc/sys 目錄下,手動(dòng)設(shè)定一些 kernel 的參數(shù)或是直接 echo 特定的值給一個(gè)
proc下的虛擬檔案,俾利某些檔案之開啟,常見(jiàn)的例如設(shè)定開機(jī)時(shí)自動(dòng)啟動(dòng) IP
Forwarding:
echo “1” >
/proc/sys/net/ipv4/ip_forward
其實(shí),在 Linux 我們還可以用 sysctl command 便可以簡(jiǎn)易的去檢視、設(shè)定或自動(dòng)配置 特定的 kernel
設(shè)定。我們可以在系統(tǒng)提示符號(hào)下輸入「sysctl -a」,摘要如后:abi.defhandler_coff =
117440515
dev.raid.speed_limit_max = 100000
net.ipv4.conf.default.send_redirects =
1
net.ipv4.conf.default.secure_redirects =
1
net.ipv4.conf.default.accept_redirects =
1
net.ipv4.conf.default.mc_forwarding =
0
net.ipv4.neigh.lo.delay_first_probe_time =
5
net.ipv4.neigh.lo.base_reachable_time =
30
net.ipv4.icmp_ratelimit = 100
net.ipv4.inet_peer_gc_mintime = 10
net.ipv4.igmp_max_memberships = 20
net.ipv4.ip_no_pmtu_disc = 0
net.core.no_cong_thresh = 20
net.core.netdev_max_backlog = 300
net.core.rmem_default = 65535
net.core.wmem_max = 65535
vm.kswapd = 512 32 8
vm.overcommit_memory = 0
vm.bdflush = 30 64 64 256 500 3000 60 0
0
vm.freepages = 351 702 1053
kernel.sem = 250 32000 32 128
kernel.panic = 0
kernel.domainname = (none)
kernel.hostname =
pc02.shinewave.com.tw
kernel.version = #1 Tue Oct 30 20:11:04 EST
2001
kernel.osrelease = 2.4.9-13
kernel.ostype = Linux
fs.dentry-state = 1611 969 45 0 0 0
fs.file-nr = 1121 73 8192
fs.inode-state = 1333 523 0 0 0 0 0
從上述的語(yǔ)法我們大概可看出 sysctl 的表示法乃把目錄結(jié)構(gòu)的「/」以「.」表示,一層一層的連結(jié)下去。當(dāng)然以echo
特定的值給一個(gè) proc下的虛擬檔案也是可以用 sysctl加以表示,例如:
#sysctl –w net.ipv4.ip_forward =”1”
或是直接在 /etc/sysctl.conf 增刪修改特定檔案的
0,1值亦可:
# Enables packet forwarding
net.ipv4.ip_forward = 1
# Enables source route verification
net.ipv4.conf.default.rp_filter = 1
# Disables the magic-sysrq key
kernel.sysrq = 0
當(dāng)然如果考慮 reboot 后仍有效, 直接在 /etc/sysctl.conf 增刪修改特定檔案的
0,1值才可使之保留設(shè)定(以RedHat 為例,每次開機(jī)系統(tǒng)啟動(dòng)后, init 會(huì)執(zhí)行
/etc/rc.d/rc.sysinit,便會(huì)使用 /etc/sysctl.conf 的預(yù)設(shè)值去執(zhí)行
sysctl)。
相關(guān)參考檔案:
/sbin/sysctl
/etc/sysctl.conf
sysctl 及sysctl.conf manpage
/usr/src/linux-x.y.z/Documentation/sysctl/*
/usr/share/doc/kernel-doc-x.y.z/sysctl/* (RedHat)
http://hi.baidu.com/caosicong/blog/item/0a592360d438cfda8db10d9b.html
http://hi.baidu.com/phpfamer/blog/item/932e276eb39c30de80cb4a3c.htmlsysctl配置與顯示在/proc/sys目錄中的內(nèi)核參數(shù).可以用sysctl來(lái)設(shè)置或重新設(shè)置聯(lián)網(wǎng)功能,如IP轉(zhuǎn)發(fā)、IP碎片去除以及源路由檢查等。用戶只需要編輯/etc/sysctl.conf文件,即可手工或自動(dòng)執(zhí)行由sysctl控制的功能。
命令格式: ?sysctl [-n] [-e] -w variable=value
sysctl [-n] [-e] -p (default
/etc/sysctl.conf) ?sysctl [-n]
[-e] -a ?常用參數(shù)的意義:
-w ?臨時(shí)改變某個(gè)指定參數(shù)的值,如 ?sysctl -w
net.ipv4.ip_forward=1 ?-a
顯示所有的系統(tǒng)參數(shù) ?-p ?從指定的文件加載系統(tǒng)參數(shù),如不指定即從/etc/sysctl.conf中加載 ?如果僅僅是想臨時(shí)改變某個(gè)系統(tǒng)參數(shù)的值,可以用兩種方法來(lái)實(shí)現(xiàn),例如想啟用IP路由轉(zhuǎn)發(fā)功能:
1) #echo 1 >
/proc/sys/net/ipv4/ip_forward ?2) #sysctl -w net.ipv4.ip_forward=1
以上兩種方法都可能立即開啟路由功能,但如果系統(tǒng)重啟,或執(zhí)行了
# service network
restart命令,所設(shè)置的值即會(huì)丟失,如果想永久保留配置,可以修改/etc/sysctl.conf文件將
net.ipv4.ip_forward=0改為net.ipv4.ip_forward=1
sysctl是一個(gè)允許您改變正在運(yùn)行中的Linux系統(tǒng)的接口。它包含一些 TCP/IP 堆棧和虛擬內(nèi)存系統(tǒng)的高級(jí)選項(xiàng),
這可以讓有經(jīng)驗(yàn)的管理員提高引人注目的系統(tǒng)性能。用sysctl可以讀取設(shè)置超過(guò)五百個(gè)系統(tǒng)變量。基于這點(diǎn),sysctl(8)
提供兩個(gè)功能:讀取和修改系統(tǒng)設(shè)置。
查看所有可讀變量:
% sysctl -a
讀一個(gè)指定的變量,例如 kern.maxproc:
% sysctl kern.maxproc kern.maxproc: 1044
要設(shè)置一個(gè)指定的變量,直接用 variable=value 這樣的語(yǔ)法:
# sysctl kern.maxfiles=5000
kern.maxfiles: 2088 -> 5000
您可以使用sysctl修改系統(tǒng)變量,也可以通過(guò)編輯sysctl.conf文件來(lái)修改系統(tǒng)變量。sysctl.conf
看起來(lái)很像 rc.conf。它用 variable=value
的形式來(lái)設(shè)定值。指定的值在系統(tǒng)進(jìn)入多用戶模式之后被設(shè)定。并不是所有的變量都可以在這個(gè)模式下設(shè)定。
sysctl 變量的設(shè)置通常是字符串、數(shù)字或者布爾型。 (布爾型用 1 來(lái)表示'yes',用 0
來(lái)表示'no')。
sysctl -w kernel.sysrq=0
sysctl -w kernel.core_uses_pid=1
sysctl -w net.ipv4.conf.default.accept_redirects=0
sysctl -w net.ipv4.conf.default.accept_source_route=0
sysctl -w net.ipv4.conf.default.rp_filter=1
sysctl -w net.ipv4.tcp_syncookies=1
sysctl -w net.ipv4.tcp_max_syn_backlog=2048
sysctl -w net.ipv4.tcp_fin_timeout=30
sysctl -w net.ipv4.tcp_synack_retries=2
sysctl -w net.ipv4.tcp_keepalive_time=3600
sysctl -w net.ipv4.tcp_window_scaling=1
sysctl -w net.ipv4.tcp_sack=1
配置sysctl
編輯此文件:
vi /etc/sysctl.conf
如果該文件為空,則輸入以下內(nèi)容,否則請(qǐng)根據(jù)情況自己做調(diào)整:
# Controls source route verification
# Default should work for all interfaces
net.ipv4.conf.default.rp_filter = 1
# net.ipv4.conf.all.rp_filter = 1
# net.ipv4.conf.lo.rp_filter = 1
# net.ipv4.conf.eth0.rp_filter = 1
# Disables IP source routing
# Default should work for all interfaces
net.ipv4.conf.default.accept_source_route = 0
# net.ipv4.conf.all.accept_source_route = 0
# net.ipv4.conf.lo.accept_source_route = 0
# net.ipv4.conf.eth0.accept_source_route = 0
# Controls the System Request debugging functionality of the
kernel
kernel.sysrq = 0
# Controls whether core dumps will append the PID to the core
filename.
# Useful for debugging multi-threaded applications.
kernel.core_uses_pid = 1
# Increase maximum amount of memory allocated to shm
# Only uncomment if needed!
# kernel.shmmax = 67108864
# Disable ICMP Redirect Acceptance
# Default should work for all interfaces
net.ipv4.conf.default.accept_redirects = 0
# net.ipv4.conf.all.accept_redirects = 0
# net.ipv4.conf.lo.accept_redirects = 0
# net.ipv4.conf.eth0.accept_redirects = 0
# Enable Log Spoofed Packets, Source Routed Packets, Redirect
Packets
# Default should work for all interfaces
net.ipv4.conf.default.log_martians = 1
# net.ipv4.conf.all.log_martians = 1
# net.ipv4.conf.lo.log_martians = 1
# net.ipv4.conf.eth0.log_martians = 1
# Decrease the time default value for tcp_fin_timeout
connection
net.ipv4.tcp_fin_timeout = 25
# Decrease the time default value for tcp_keepalive_time
connection
net.ipv4.tcp_keepalive_time = 1200
# Turn on the tcp_window_scaling
net.ipv4.tcp_window_scaling = 1
# Turn on the tcp_sack
net.ipv4.tcp_sack = 1
# tcp_fack should be on because of sack
net.ipv4.tcp_fack = 1
# Turn on the tcp_timestamps
net.ipv4.tcp_timestamps = 1
# Enable TCP SYN Cookie Protection
net.ipv4.tcp_syncookies = 1
# Enable ignoring broadcasts request
net.ipv4.icmp_echo_ignore_broadcasts = 1
# Enable bad error message Protection
net.ipv4.icmp_ignore_bogus_error_responses = 1
# Make more local ports available
# net.ipv4.ip_local_port_range = 1024 65000
# Set TCP Re-Ordering value in kernel to ‘5′
net.ipv4.tcp_reordering = 5
# Lower syn retry rates
net.ipv4.tcp_synack_retries = 2
net.ipv4.tcp_syn_retries = 3
# Set Max SYN Backlog to ‘2048′
net.ipv4.tcp_max_syn_backlog = 2048
# Various Settings
net.core.netdev_max_backlog = 1024
# Increase the maximum number of skb-heads to be cached
net.core.hot_list_length = 256
# Increase the tcp-time-wait buckets pool size
net.ipv4.tcp_max_tw_buckets = 360000
# This will increase the amount of memory available for socket
input/output queues
net.core.rmem_default = 65535
net.core.rmem_max = 8388608
net.ipv4.tcp_rmem = 4096 87380 8388608
net.core.wmem_default = 65535
net.core.wmem_max = 8388608
net.ipv4.tcp_wmem = 4096 65535 8388608
net.ipv4.tcp_mem = 8388608 8388608 8388608
net.core.optmem_max = 40960
如果希望屏蔽別人 ping 你的主機(jī),則加入以下代碼:
# Disable ping requests
net.ipv4.icmp_echo_ignore_all = 1
編輯完成后,請(qǐng)執(zhí)行以下命令使變動(dòng)立即生效:
/sbin/sysctl -p
/sbin/sysctl -w net.ipv4.route.flush=1
我們常常在 Linux 的 /proc/sys 目錄下,手動(dòng)設(shè)定一些 kernel 的參數(shù)或是直接 echo 特定的值給一個(gè)
proc下的虛擬檔案,俾利某些檔案之開啟,常見(jiàn)的例如設(shè)定開機(jī)時(shí)自動(dòng)啟動(dòng) IP
Forwarding:
echo “1” >
/proc/sys/net/ipv4/ip_forward
其實(shí),在 Linux 我們還可以用 sysctl command 便可以簡(jiǎn)易的去檢視、設(shè)定或自動(dòng)配置 特定的 kernel
設(shè)定。我們可以在系統(tǒng)提示符號(hào)下輸入「sysctl -a」,摘要如后:abi.defhandler_coff =
117440515
dev.raid.speed_limit_max = 100000
net.ipv4.conf.default.send_redirects =
1
net.ipv4.conf.default.secure_redirects =
1
net.ipv4.conf.default.accept_redirects =
1
net.ipv4.conf.default.mc_forwarding =
0
net.ipv4.neigh.lo.delay_first_probe_time =
5
net.ipv4.neigh.lo.base_reachable_time =
30
net.ipv4.icmp_ratelimit = 100
net.ipv4.inet_peer_gc_mintime = 10
net.ipv4.igmp_max_memberships = 20
net.ipv4.ip_no_pmtu_disc = 0
net.core.no_cong_thresh = 20
net.core.netdev_max_backlog = 300
net.core.rmem_default = 65535
net.core.wmem_max = 65535
vm.kswapd = 512 32 8
vm.overcommit_memory = 0
vm.bdflush = 30 64 64 256 500 3000 60 0
0
vm.freepages = 351 702 1053
kernel.sem = 250 32000 32 128
kernel.panic = 0
kernel.domainname = (none)
kernel.hostname =
pc02.shinewave.com.tw
kernel.version = #1 Tue Oct 30 20:11:04 EST
2001
kernel.osrelease = 2.4.9-13
kernel.ostype = Linux
fs.dentry-state = 1611 969 45 0 0 0
fs.file-nr = 1121 73 8192
fs.inode-state = 1333 523 0 0 0 0 0
從上述的語(yǔ)法我們大概可看出 sysctl 的表示法乃把目錄結(jié)構(gòu)的「/」以「.」表示,一層一層的連結(jié)下去。當(dāng)然以echo
特定的值給一個(gè) proc下的虛擬檔案也是可以用 sysctl加以表示,例如:
#sysctl –w net.ipv4.ip_forward =”1”
或是直接在 /etc/sysctl.conf 增刪修改特定檔案的
0,1值亦可:
# Enables packet forwarding
net.ipv4.ip_forward = 1
# Enables source route verification
net.ipv4.conf.default.rp_filter = 1
# Disables the magic-sysrq key
kernel.sysrq = 0
當(dāng)然如果考慮 reboot 后仍有效, 直接在 /etc/sysctl.conf 增刪修改特定檔案的
0,1值才可使之保留設(shè)定(以RedHat 為例,每次開機(jī)系統(tǒng)啟動(dòng)后, init 會(huì)執(zhí)行
/etc/rc.d/rc.sysinit,便會(huì)使用 /etc/sysctl.conf 的預(yù)設(shè)值去執(zhí)行
sysctl)。
總結(jié)
以上是生活随笔為你收集整理的linux方法参数,Linux的sysctl 命令 参数的全部?jī)?nèi)容,希望文章能夠幫你解決所遇到的問(wèn)題。
- 上一篇: 建一个冷库需要多少钱啊?
- 下一篇: centos 获取硬件序列号_如何在 L