LinuxQuestions.org
Latest LQ Deal: Linux Power User Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 10-11-2010, 02:16 AM   #1
pinga123
Member
 
Registered: Sep 2009
Posts: 684
Blog Entries: 2

Rep: Reputation: 37
How to change kernel parameter.


Hi i m using following kernal.
Code:
# uname -r
2.6.18-128.2.1.4.9.el5xen
According to security manual i need to incorporate following changes into kernal parameter but i m not sure when and how these changes will be implemented.

Code:
net.ipv4.conf.all.accept_source_route must be set to "0" 
net.ipv4.ip_forward must be set to "0" (zero) 
icmp_echo_ignore_broadcasts must be set to "1" 
net.ipv4.tcp_syncookies must be set to "1" 
net.ipv4.conf.all.rp_filter must be set to 1 
The kernel parameter net.ipv4.conf.default.accept_redirects must be set to 0 
net.ipv4.conf.all.send_redirects and net.ipv4.conf.default.send_redirects must both be set to 0
To add to this i m not able to find the exact kernal parameter as they are not standerd throughout every linux distributions.
 
Old 10-11-2010, 02:18 AM   #2
prayag_pjs
Senior Member
 
Registered: Feb 2008
Location: Pune - India
Distribution: Fedora,RedHat,CentOS,Gentoo
Posts: 1,145
Blog Entries: 4

Rep: Reputation: 147Reputation: 147
See this file

/etc/sysctl.conf
 
Old 10-11-2010, 02:26 AM   #3
gdejonge
Member
 
Registered: Aug 2010
Location: Netherlands
Distribution: Kubuntu, Debian, Suse, Slackware
Posts: 317

Rep: Reputation: 73
Changes to the kernel parameters can be done with the sysctl command. First check what the current vallue is
Code:
gerrard@orion:~/downloads/tmp$ sysctl net.ipv4.conf.all.accept_source_route 
net.ipv4.conf.all.accept_source_route = 0
If it is already the correct value you don't need to change anything.
otherwise you can change it with:
Code:
gerrard@orion:~$ sysctl net.ipv4.conf.all.accept_source_route=0
net.ipv4.conf.all.accept_source_route=0
If you want to make changes permanent, add the lines to /etc/syctl.conf

_________________________
Gerrard
 
1 members found this post helpful.
Old 10-11-2010, 04:43 AM   #4
divyashree
Senior Member
 
Registered: Apr 2007
Location: bbsr,orissa,India
Distribution: RHEL5 ,RHEL4,CENT OS5,FEDORA,UBUNTU
Posts: 1,363

Rep: Reputation: 135Reputation: 135
Quote:
Originally Posted by pinga123 View Post
Hi i m using following kernal.
Code:
# uname -r
2.6.18-128.2.1.4.9.el5xen
According to security manual i need to incorporate following changes into kernal parameter but i m not sure when and how these changes will be implemented.

Code:
net.ipv4.conf.all.accept_source_route must be set to "0" 
net.ipv4.ip_forward must be set to "0" (zero) 
icmp_echo_ignore_broadcasts must be set to "1" 
net.ipv4.tcp_syncookies must be set to "1" 
net.ipv4.conf.all.rp_filter must be set to “1” 
The kernel parameter net.ipv4.conf.default.accept_redirects must be set to “0” 
net.ipv4.conf.all.send_redirects and net.ipv4.conf.default.send_redirects must both be set to “0”
To add to this i m not able to find the exact kernal parameter as they are not standerd throughout every linux distributions.
open /etc/sysctl.conf

and add the lines with its values,then run
Quote:
sysctl -P
which will load the changes.
 
Old 10-12-2010, 07:05 AM   #5
pinga123
Member
 
Registered: Sep 2009
Posts: 684
Blog Entries: 2

Original Poster
Rep: Reputation: 37
Quote:
Originally Posted by divyashree View Post
open /etc/sysctl.conf

and add the lines with its values,then run which will load the changes.
I m not able to find some of the parameter in /etc/sysctl.conf file but when i run sysctl with the parameter it shows the values of that parameter.
Also i m getting following error.
Please help.

Code:
# sysctl -P
error: Unknown parameter "-P"
usage:  sysctl [-n] [-e] variable ...
        sysctl [-n] [-e] [-q] -w variable=value ...
        sysctl [-n] [-e] -a
        sysctl [-n] [-e] [-q] -p <file>   (default /etc/sysctl.conf)
        sysctl [-n] [-e] -A
 
Old 10-12-2010, 07:07 AM   #6
prayag_pjs
Senior Member
 
Registered: Feb 2008
Location: Pune - India
Distribution: Fedora,RedHat,CentOS,Gentoo
Posts: 1,145
Blog Entries: 4

Rep: Reputation: 147Reputation: 147
Hi its

Quote:
sysctl -p
p--->is in lowercase
 
Old 10-12-2010, 09:13 AM   #7
divyashree
Senior Member
 
Registered: Apr 2007
Location: bbsr,orissa,India
Distribution: RHEL5 ,RHEL4,CENT OS5,FEDORA,UBUNTU
Posts: 1,363

Rep: Reputation: 135Reputation: 135
Oh, sorry I have written the capital P.
 
Old 10-14-2010, 09:06 AM   #8
gdejonge
Member
 
Registered: Aug 2010
Location: Netherlands
Distribution: Kubuntu, Debian, Suse, Slackware
Posts: 317

Rep: Reputation: 73
Quote:
Originally Posted by pinga123 View Post
I m not able to find some of the parameter in /etc/sysctl.conf file but when i run sysctl with the parameter it shows the values of that parameter.
Also i m getting following error.
Please help.
Only kernel parameters that need a different value than the values that have been compiled in to the kernel need to be entered in sysctl.conf
So if you can't find it, you can just add it to the file.

_______________
Gerrard
 
1 members found this post helpful.
Old 10-15-2010, 01:01 AM   #9
pinga123
Member
 
Registered: Sep 2009
Posts: 684
Blog Entries: 2

Original Poster
Rep: Reputation: 37
Quote:
Originally Posted by gdejonge View Post
Only kernel parameters that need a different value than the values that have been compiled in to the kernel need to be entered in sysctl.conf
So if you can't find it, you can just add it to the file.

_______________
Gerrard
Does this mean kernal parameters are same across the different versions of linux distribution?

I m reading this security manual which is in general applicable to linux .I m not sure if it is meant for my linux distribution.
Shall i add those parameters to my distributions sysctl.conf file?
 
Old 10-15-2010, 04:14 AM   #10
divyashree
Senior Member
 
Registered: Apr 2007
Location: bbsr,orissa,India
Distribution: RHEL5 ,RHEL4,CENT OS5,FEDORA,UBUNTU
Posts: 1,363

Rep: Reputation: 135Reputation: 135
Quote:
Originally Posted by pinga123 View Post
Does this mean kernal parameters are same across the different versions of linux distribution?

I m reading this security manual which is in general applicable to linux .I m not sure if it is meant for my linux distribution.
Shall i add those parameters to my distributions sysctl.conf file?
Yes.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
how to change a kernel parameter ? pkhetan Linux - Newbie 12 07-31-2009 11:59 AM
Change postional parameter mamtasahai1 Linux - General 2 06-10-2008 08:28 PM
Linux change TCP kernel Parameter for TCP DELAY ACK TICKS linux_mando Linux - Networking 5 08-22-2006 09:20 AM
How to change library parameter? blachan Linux - Newbie 0 07-12-2004 07:16 AM
Change parameter of /etc/sysconfig/network with a script philipina Linux - Hardware 1 03-11-2004 01:59 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 01:27 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration