More Deep Discovery on your Linux Server With /proc
Changing system settings with /proc/sys
Linux's amazing and powerful pseudo-filesytem proc isn't just for peering into a running kernel. Juliet Kemp shows how Linux admins can also change kernel parameters on the fly.
Last month I looked at some of the interesting data you can get out of /proc/. But /proc isn't just for getting information out of the system and into convenient text form. You can also use it to put information into the system, and thereby change it. The sys/ directory, which is where kernel variable information is kept, is where most of the things you might want to alter live. Changes made here will take effect immediately; no need to reboot. A real boon for working sysadmins! Note that you'll need appropriate (root) privileges to change these values. See here for a discussion of using sudo with pipes.
/proc/sys/net/ipv4/ contains a bunch of networking values to try playing around with.
/proc/sys/net/ipv4/tcp_keepalive_time sets how long (in seconds) it takes the TCP keepalive routines to send the first keepalive probe. A keepalive message simply detects whether the other side of the connection is still there; if not, it drops the connection. However, the default is 7200 seconds (2 hours), which is probably after your session would have timed out itself. If you want something quicker than that, you can change this value to send a keepalive sooner (and thus drop the session sooner if the other side has gone away). Setting it to 120 seconds would start sending keepalives after two minutes.
echo 120 > /proc/sys/net/ipv4/tcp_keepalive_time
After the first probe, the default time between keepalives is 75 seconds. To change this, you can alter /proc/sys/net/ipv4/tcp_keepalive_intvl. (Bear in mind that shortening the interval will increase network traffic, although keepalives are small packets, so not by much.)
Another useful value is /proc/sys/net/ipv4/tcp_keepalive_probes, which defines how many dropped keepalives it takes before the connection is marked inactive. By default, this value is 9, which may be worth increasing if you have a flaky network (or if your network is temporarily flaky):
echo 15 > /proc/sys/net/ipv4/tcp_keepalive_probes
When changing settings via /proc, you should use echo, as shown above, rather than a text editor. If you open the file in a text editor, the kernel value might conceivably change while you're editing it. Bear in mind that these files don't "really" exist, but are just a pretend file getting values into and out of the kernel. To avoid this problem, use echo to edit files, and cat (piped through less if necessary) to look at files.
Another useful file, /proc/sys/net/ipv4/ip_forward, allows you to enable IP forwarding. Most people don't need IP forwarding, but in some networking situations, such as setting up a VPN and/or dial-in server, it can be useful. (Be careful, as unlimited IP forwarding is a security risk!) Change the value to 1 to enable, or 0 to disable:
echo 1 > /proc/sys/net/ipv4/ip_forward
- Skip Ahead
- 1. Changing system settings with /proc/sys
- 2. Changing system settings with /proc/sys
Solid state disks (SSDs) made a splash in consumer technology, and now the technology has its eyes on the enterprise storage market. Download this eBook to see what SSDs can do for your infrastructure and review the pros and cons of this potentially game-changing storage technology.
- 1Linux Top 3: CoreOS, Oracle Enterprise Linux 7 and Ubuntu 14.10
- 2Linux Top 3: Debian Dumps SPARC, Ubuntu Takes Over Linux 3.13 and the Core Infrastructure Initiative
- 3Linux Top 3: Fedora, Ubuntu and Gluster Lose Community Leaders
- 4Red Hat Enterprise Linux 7 Finally Hits the Big Time
- 5Linux Top 3: Tails 1.0, OpenMandriva Lx 2014.0 and Debian 7.5