More Deep Discovery on your Linux Server With /proc
Changing system settings with /proc/sys
Linux's amazing and powerful pseudo-filesytem proc isn't just for peering into a running kernel. Juliet Kemp shows how Linux admins can also change kernel parameters on the fly.
Last month I looked at some of the interesting data you can get out of /proc/. But /proc isn't just for getting information out of the system and into convenient text form. You can also use it to put information into the system, and thereby change it. The sys/ directory, which is where kernel variable information is kept, is where most of the things you might want to alter live. Changes made here will take effect immediately; no need to reboot. A real boon for working sysadmins! Note that you'll need appropriate (root) privileges to change these values. See here for a discussion of using sudo with pipes.
/proc/sys/net/ipv4/ contains a bunch of networking values to try playing around with.
/proc/sys/net/ipv4/tcp_keepalive_time sets how long (in seconds) it takes the TCP keepalive routines to send the first keepalive probe. A keepalive message simply detects whether the other side of the connection is still there; if not, it drops the connection. However, the default is 7200 seconds (2 hours), which is probably after your session would have timed out itself. If you want something quicker than that, you can change this value to send a keepalive sooner (and thus drop the session sooner if the other side has gone away). Setting it to 120 seconds would start sending keepalives after two minutes.
echo 120 > /proc/sys/net/ipv4/tcp_keepalive_time
After the first probe, the default time between keepalives is 75 seconds. To change this, you can alter /proc/sys/net/ipv4/tcp_keepalive_intvl. (Bear in mind that shortening the interval will increase network traffic, although keepalives are small packets, so not by much.)
Another useful value is /proc/sys/net/ipv4/tcp_keepalive_probes, which defines how many dropped keepalives it takes before the connection is marked inactive. By default, this value is 9, which may be worth increasing if you have a flaky network (or if your network is temporarily flaky):
echo 15 > /proc/sys/net/ipv4/tcp_keepalive_probes
When changing settings via /proc, you should use echo, as shown above, rather than a text editor. If you open the file in a text editor, the kernel value might conceivably change while you're editing it. Bear in mind that these files don't "really" exist, but are just a pretend file getting values into and out of the kernel. To avoid this problem, use echo to edit files, and cat (piped through less if necessary) to look at files.
Another useful file, /proc/sys/net/ipv4/ip_forward, allows you to enable IP forwarding. Most people don't need IP forwarding, but in some networking situations, such as setting up a VPN and/or dial-in server, it can be useful. (Be careful, as unlimited IP forwarding is a security risk!) Change the value to 1 to enable, or 0 to disable:
echo 1 > /proc/sys/net/ipv4/ip_forward
- 1Linux Top 3: Alpine Linux 3.4, deepin 15.2 and Linux Lite 3.0
- 2Linux 4.7 Set to Boost Live Patching, Security and Power Management
- 3Linux 4.6 Charred Weasel adds USB 3.1 Support
- 4Linux Top 3: OpenIndiana 2016.04, Ubuntu 16.04 and Debian's New Leader
- 5Linux Top 3: KaOS 2016.04, TurnKey 14.1 and pfSense 2.3