Sysctl

Introduction

The sysctl tool allows configuring kernel parameters or tunables. By changing related sysctl keys and their individual values, the system behavior can be changed. Several keys are related to security and can help with kernel hardening, or system hardening in general.

Files and locations

The configuration of sysctl is typically spread over multiple files and paths. Systems with systemd will have additional paths.

Files are read in order and the first match of a kernel setting is used.

  • /etc/sysctl.d/*.conf
  • /run/sysctl.d/*.conf
  • /usr/local/lib/sysctl.d/*.conf
  • /usr/lib/sysctl.d/*.conf
  • /lib/sysctl.d/*.conf
  • /etc/sysctl.conf

The actual kernel settings are usually available under the pseudo file system /proc. To see all all values, consult /proc/sys/.

Usage

To display all available kernel settings:

sysctl -a

To see limit the output to network class only:

sysctl --pattern '^net.'

To set a value:

sysctl --write KEY=VALUE

To make settings permanent, add them to a configuration file (e.g. /etc/sysctl.d/99-custom.conf). Then activate with sysctl -p /etc/sysctl.d/99-custom.conf.

To learn how settings are applied and with a pattern:

sysctl --system --pattern '^net.'

Articles for sysctl

Ipe

The sysctl settings starting with ipe define the configuration of IPE (Integrity Policy Enforcement) module. Learn about the settings and possible values.

Sysctl kernel.*

The Linux kernel has a range of settings that influence the behavior of the kernel itself. Learn about sysctl settings and values related to the kernel class.

Sysctl net.*

The kernel has a wide range of network settings. Learn about the sysctl command and the values related to the network class.

Relevant sysctl commands

Like to learn more about the commands used in this section? Have a look at the cheat sheets or the related command page.

  • sysctl