Sysctl是一个允许您改变正在运行中的Linux系统的接口。它包含一些 TCP/IP 堆栈和虚拟内存系统的高级选项, 这可以让有经验的管理员提高引人注目的系统性能。用sysctl可以读取设置超过五百个系统变量。基于这点,sysctl(8) 提供两个功能:读取和修改系统设置。查看所有可读变量:% sysctl -a读一个指定的变量,例如 kern.maxproc:% sysctl kern.maxproc kern.maxproc: 1044要设置一个指定的变量,直接用 variable=value 这样的语法:# sysctl kern.maxfiles=5000kern.maxfiles: 2088 -> 5000您可以使用sysctl修改系统变量,也可以通过编辑sysctl.conf文件来修改系统变量。sysctl.conf 看起来很像 rc.conf。它用 variable=value 的形式来设定值。指定的值在系统进入多用户模式之后被设定。并不是所有的变量都可以在这个模式下设定。sysctl 变量的设置通常是字符串、数字或者布尔型。 (布尔型用 1 来表示’yes’,用 0 来表示’no’)。sysctl -w kernel.sysrq=0sysctl -w kernel.core_uses_pid=1sysctl -w net.ipv4.conf.default.accept_redirects=0sysctl -w net.ipv4.conf.default.accept_source_route=0sysctl -w net.ipv4.conf.default.rp_filter=1sysctl -w net.ipv4.tcp_syncookies=1sysctl -w net.ipv4.tcp_max_syn_backlog=2048sysctl -w net.ipv4.tcp_fin_timeout=30sysctl -w net.ipv4.tcp_synack_retries=2sysctl -w net.ipv4.tcp_keepalive_time=3600sysctl -w net.ipv4.tcp_window_scaling=1sysctl -w net.ipv4.tcp_sack=1配置sysctl编辑此文件:vi /etc/sysctl.conf如果该文件为空,则输入以下内容,否则请根据情况自己做调整:# Controls source route verification# Default should work for all interfacesnet.ipv4.conf.default.rp_filter = 1# net.ipv4.conf.all.rp_filter = 1# net.ipv4.conf.lo.rp_filter = 1# net.ipv4.conf.eth0.rp_filter = 1# Disables IP source routing# Default should work for all interfacesnet.ipv4.conf.default.accept_source_route = 0# net.ipv4.conf.all.accept_source_route = 0# net.ipv4.conf.lo.accept_source_route = 0# net.ipv4.conf.eth0.accept_source_route = 0# Controls the System Request debugging functionality of the kernelkernel.sysrq = 0# Controls whether core dumps will append the PID to the core filename.# Useful for debugging multi-threaded applications.kernel.core_uses_pid = 1# Increase maximum amount of memory allocated to shm# Only uncomment if needed!# kernel.shmmax = 67108864# Disable ICMP Redirect Acceptance# Default should work for all interfacesnet.ipv4.conf.default.accept_redirects = 0# net.ipv4.conf.all.accept_redirects = 0# net.ipv4.conf.lo.accept_redirects = 0# net.ipv4.conf.eth0.accept_redirects = 0# Enable Log Spoofed Packets, Source Routed Packets, Redirect Packets# Default should work for all interfacesnet.ipv4.conf.default.log_martians = 1# net.ipv4.conf.all.log_martians = 1# net.ipv4.conf.lo.log_martians = 1# net.ipv4.conf.eth0.log_martians = 1# Decrease the time default value for tcp_fin_timeout connectionnet.ipv4.tcp_fin_timeout = 25# Decrease the time default value for tcp_keepalive_time connectionnet.ipv4.tcp_keepalive_time = 1200# Turn on the tcp_window_scalingnet.ipv4.tcp_window_scaling = 1# Turn on the tcp_sacknet.ipv4.tcp_sack = 1# tcp_fack should be on because of sacknet.ipv4.tcp_fack = 1# Turn on the tcp_timestampsnet.ipv4.tcp_timestamps = 1# Enable TCP SYN Cookie Protectionnet.ipv4.tcp_syncookies = 1# Enable ignoring broadcasts requestnet.ipv4.icmp_echo_ignore_broadcasts = 1# Enable bad error message Protectionnet.ipv4.icmp_ignore_bogus_error_responses = 1# Make more local ports available# net.ipv4.ip_local_port_range = 1024 65000# Set TCP Re-Ordering value in kernel to ‘5′net.ipv4.tcp_reordering = 5# Lower syn retry ratesnet.ipv4.tcp_synack_retries = 2net.ipv4.tcp_syn_retries = 3# Set Max SYN Backlog to ‘2048′net.ipv4.tcp_max_syn_backlog = 2048# Various Settingsnet.core.netdev_max_backlog = 1024# Increase the maximum number of skb-heads to be cachednet.core.hot_list_length = 256# Increase the tcp-time-wait buckets pool sizenet.ipv4.tcp_max_tw_buckets = 360000# This will increase the amount of memory available for socket input/output queuesnet.core.rmem_default = 65535net.core.rmem_max = 8388608net.ipv4.tcp_rmem = 4096 87380 8388608net.core.wmem_default = 65535net.core.wmem_max = 8388608net.ipv4.tcp_wmem = 4096 65535 8388608net.ipv4.tcp_mem = 8388608 8388608 8388608net.core.optmem_max = 40960如果希望屏蔽别人 ping 你的主机,则加入以下代码:# Disable ping requestsnet.ipv4.icmp_echo_ignore_all = 1编辑完成后,请执行以下命令使变动立即生效:/sbin/sysctl -p/sbin/sysctl -w net.ipv4.route.flush=1CollabNetSubversionEdge在Linux操作系统下安装Linux下基于Java的程序乱码的解决方法相关资讯 Linux教程
- Linux教程:如何在命令行中查看目 (07/28/2014 12:22:23)
- Linux 修改root密码 (11/03/2012 07:53:38)
- su - root 与su root的区别 (06/06/2012 00:39:40)
| - Linux进程间通信:消息队列 (01/28/2013 09:43:00)
- U盘安装Linux开机无法启动解决方法 (10/07/2012 08:55:52)
- Windows 7/Linux 同步时间 (05/15/2012 06:17:55)
|
本文评论 查看全部评论 (0)
易网时代-编程资源站