To view or edit any security-related parameter of Linux kernel, there is the /etc/sysctl.conf file. All the parameters are stored in this file and this is read during boot time. If you wish to see the available kernel parameters in this file, you can do so by running the command:
# sysctl -a
This command will display an extensive list of configuration settings. The kernel security parameters are also in this list.
Syntax
The syntax of the sysctl command is:
# sysctl [options]
It has various options, as defined in the following table.
| Option | Description |
|---|---|
| -a | Display all parameters and their current values. |
| -w {parameter}={value} | Set a parameter value. |
| -p [file name] | Load sysctl settings from the specified file, or /etc/sysctl.conf if no file name is provided. |
| -e | Ignore errors about unknown keys. |
| -r {pattern} | Apply a command to parameters matching a given pattern, using extended regular expressions. |
If you encounter the below error while running the sysctl command:
sysctl: command not found
you may try installing the below package as per your choice of distribution:
| OS Distribution | Command |
|---|---|
| Debian | apt-get install procps |
| Ubuntu | apt-get install procps |
| Alpine | apk add procps |
| Arch Linux | pacman -S procps-ng |
| Kali Linux | apt-get install procps |
| CentOS | yum install procps-ng |
| Fedora | dnf install procps-ng |
| Raspbian | apt-get install procps |
sysctl Command Examples
1. Show all available variables and their values:
# sysctl -a
2. Set a changeable kernel state variable:
# sysctl -w section.tunable=value
3. Get currently open file handlers:
# sysctl fs.file-nr
4. Get limit for simultaneous open files:
# sysctl fs.file-max
5. Apply changes from `/etc/sysctl.conf`:
# sysctl -p