LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   How to change kernel parameter. (https://www.linuxquestions.org/questions/linux-newbie-8/how-to-change-kernel-parameter-837326/)

pinga123 10-11-2010 01:16 AM
How to change kernel parameter.
 
Hi i m using following kernal.
Code:
# uname -r
2.6.18-128.2.1.4.9.el5xen
According to security manual i need to incorporate following changes into kernal parameter but i m not sure when and how these changes will be implemented.

Code:
net.ipv4.conf.all.accept_source_route must be set to "0"
net.ipv4.ip_forward must be set to "0" (zero)
icmp_echo_ignore_broadcasts must be set to "1"
net.ipv4.tcp_syncookies must be set to "1"
net.ipv4.conf.all.rp_filter must be set to “1”
The kernel parameter net.ipv4.conf.default.accept_redirects must be set to “0”
net.ipv4.conf.all.send_redirects and net.ipv4.conf.default.send_redirects must both be set to “0”
To add to this i m not able to find the exact kernal parameter as they are not standerd throughout every linux distributions.

prayag_pjs 10-11-2010 01:18 AM
See this file

/etc/sysctl.conf

gdejonge 10-11-2010 01:26 AM
Changes to the kernel parameters can be done with the sysctl command. First check what the current vallue is
Code:
gerrard@orion:~/downloads/tmp$ sysctl net.ipv4.conf.all.accept_source_route
net.ipv4.conf.all.accept_source_route = 0
If it is already the correct value you don't need to change anything.
otherwise you can change it with:
Code:
gerrard@orion:~$ sysctl net.ipv4.conf.all.accept_source_route=0
net.ipv4.conf.all.accept_source_route=0
If you want to make changes permanent, add the lines to /etc/syctl.conf

_________________________
Gerrard

divyashree 10-11-2010 03:43 AM
Quote:
Originally Posted by pinga123 (Post 4123547)
Hi i m using following kernal.
Code:
# uname -r
2.6.18-128.2.1.4.9.el5xen
According to security manual i need to incorporate following changes into kernal parameter but i m not sure when and how these changes will be implemented.

Code:
net.ipv4.conf.all.accept_source_route must be set to "0"
net.ipv4.ip_forward must be set to "0" (zero)
icmp_echo_ignore_broadcasts must be set to "1"
net.ipv4.tcp_syncookies must be set to "1"
net.ipv4.conf.all.rp_filter must be set to “1”
The kernel parameter net.ipv4.conf.default.accept_redirects must be set to “0”
net.ipv4.conf.all.send_redirects and net.ipv4.conf.default.send_redirects must both be set to “0”
To add to this i m not able to find the exact kernal parameter as they are not standerd throughout every linux distributions.
open /etc/sysctl.conf

and add the lines with its values,then run
Quote:
sysctl -P
which will load the changes.

pinga123 10-12-2010 06:05 AM
Quote:
Originally Posted by divyashree (Post 4123661)
open /etc/sysctl.conf

and add the lines with its values,then run which will load the changes.
I m not able to find some of the parameter in /etc/sysctl.conf file but when i run sysctl with the parameter it shows the values of that parameter.
Also i m getting following error.
Please help.

Code:
# sysctl -P
error: Unknown parameter "-P"
usage:  sysctl [-n] [-e] variable ...
        sysctl [-n] [-e] [-q] -w variable=value ...
        sysctl [-n] [-e] -a
        sysctl [-n] [-e] [-q] -p <file>  (default /etc/sysctl.conf)
        sysctl [-n] [-e] -A

prayag_pjs 10-12-2010 06:07 AM
Hi its

Quote:
sysctl -p
p--->is in lowercase

divyashree 10-12-2010 08:13 AM
Oh, sorry I have written the capital P.

gdejonge 10-14-2010 08:06 AM
Quote:
Originally Posted by pinga123 (Post 4124809)
I m not able to find some of the parameter in /etc/sysctl.conf file but when i run sysctl with the parameter it shows the values of that parameter.
Also i m getting following error.
Please help.
Only kernel parameters that need a different value than the values that have been compiled in to the kernel need to be entered in sysctl.conf
So if you can't find it, you can just add it to the file.

_______________
Gerrard

pinga123 10-15-2010 12:01 AM
Quote:
Originally Posted by gdejonge (Post 4127129)
Only kernel parameters that need a different value than the values that have been compiled in to the kernel need to be entered in sysctl.conf
So if you can't find it, you can just add it to the file.

_______________
Gerrard
Does this mean kernal parameters are same across the different versions of linux distribution?

I m reading this security manual which is in general applicable to linux .I m not sure if it is meant for my linux distribution.
Shall i add those parameters to my distributions sysctl.conf file?

divyashree 10-15-2010 03:14 AM
Quote:
Originally Posted by pinga123 (Post 4127913)
Does this mean kernal parameters are same across the different versions of linux distribution?

I m reading this security manual which is in general applicable to linux .I m not sure if it is meant for my linux distribution.
Shall i add those parameters to my distributions sysctl.conf file?
Yes.


All times are GMT -5. The time now is 08:28 PM.