To view or edit any security-related parameter of Linux kernel, there is the /etc/sysctl.conf file. All the parameters are stored in this file and this is read during boot time. If you wish to see the available kernel parameters in this file, you can do so by running the command:
# sysctl -a
This command will display an extensive list of configuration settings. The kernel security parameters are also in this list. It has various options, as defined in the following table.
Option | Description |
---|---|
-a | Display all parameters and their current values. |
-w {parameter}={value} | Set a parameter value. |
-p [file name] | Load sysctl settings from the specified file, or /etc/sysctl.conf if no file name is provided. |
-e | Ignore errors about unknown keys. |
-r {pattern} | Apply a command to parameters matching a given pattern, using extended regular expressions. |
Syntax
The syntax of the sysctl command is:
# sysctl [options]
sysctl Command Examples
1. Show all available variables and their values:
# sysctl -a
2. Set a changeable kernel state variable:
# sysctl -w section.tunable=value
3. Get currently open file handlers:
# sysctl fs.file-nr
4. Get limit for simultaneous open files:
# sysctl fs.file-max
5. Apply changes from `/etc/sysctl.conf`:
# sysctl -p