http://sysctl.enderunix.org/ EnderUnix Sysctl Sitesi tr Fri, 16 May 2008 01:21:33 +0300 EnderUNIX Free Software Development Team http://sysctl.enderunix.org/view.php?id=258 # sysctl vfs.usermount=1 This command enables non-privileged users to mount filesystems. 2008-04-07 10:42:50 http://sysctl.enderunix.org/view.php?id=257 # sysctl vfs.usermount=1 komutu ile root hakki olmayan kullanicilarin dosya sistemi mount etmesine izin verilir. 2008-04-07 10:41:08 http://sysctl.enderunix.org/view.php?id=252 The default is the value of the system\#039;s net.inet.ip.ttl MIB variable, which defaults to 64. OpenBSD man 8 traceroute 2007-12-18 09:17:40 http://sysctl.enderunix.org/view.php?id=245 You can check your maximum filedescriptors as follow below # sysctl -a | grep #039;kern.maxfile#039; You can increase them as follow below # sysctl -w kern.maxfiles=XXXX # sysctl -w kern.maxfilesperproc=XXXX 2007-06-16 00:26:15 http://sysctl.enderunix.org/view.php?id=244 Maksimum dosyatanimlayici sayisini ogrenebilmek icin # sysctl -a | grep #039;kern.maxfile#039; Dosyatanimlayici sayisini artirmak icin ise # sysctl -w kern.maxfiles=XXXX # sysctl -w kern.maxfilesperproc=XXXX 2007-06-16 00:25:22 http://sysctl.enderunix.org/view.php?id=238 Host üzerinde dinlenebilecek maximum igmp socket sayısı (multicast grubuna dahil olacak hostların sayısı da denebilir) 2007-01-30 16:18:52 http://sysctl.enderunix.org/view.php?id=237 Maximum number of listening igmp (multicast) sockets on the host 2007-01-30 16:08:37 http://sysctl.enderunix.org/view.php?id=235 Maximum number of messages in the system 2007-01-17 02:06:26 http://sysctl.enderunix.org/view.php?id=234 Maximum message size within the system 2007-01-17 02:05:30 http://sysctl.enderunix.org/view.php?id=233 Number of message queue identifiers present in the system 2007-01-17 02:04:26 http://sysctl.enderunix.org/view.php?id=232 Maximum number of bytes in a queue 2007-01-16 23:46:14 http://sysctl.enderunix.org/view.php?id=231 Number of message segments within a particular message queue. 2007-01-16 23:37:23 http://sysctl.enderunix.org/view.php?id=230 hw.ata.wc değri 1 yapılarak ATA disklerde yazılacak bilgilerin öncelikle önbellekte saklanması sağlanır. Ancak bu durumda sistemin aniden kapanması sonucu kaybedilecek canlı veri miktarı daha fazla olacaktır. 2006-12-13 22:01:38 http://sysctl.enderunix.org/view.php?id=223 Specifies the upper limit which can be set for net.bpf.bufsize. See also: http://sysctl.enderunix.org/view.php?id=222amp;lang=en Default value: 524288 2006-11-02 21:42:22 http://sysctl.enderunix.org/view.php?id=222 Berkeley Packet Filter (BPF), maintains an internal kernel buffer for storing packets received off the wire. This knob controls the size (in bytes) of that buffer. Default value: 4096 bytes. Please be noted that, there is an upper limit set by another BPF sysctl (net.bpf.maxbufsize). If you need much larger buffer space, you need to increase that one also. 2006-11-02 21:22:20 http://sysctl.enderunix.org/view.php?id=159 TCP protokolünde paket gönderimini kapsayan basit ince bir detay; # sysctl net.inet.tcp.sendspace=65536 (Default seçenekler de bu değer 32768dir.) Yapılan değişikliği kontrol etmek için # sysctl -a | grep sendspace komutunu kullanabilirsiniz.Eğer sistemimiz her açılışta bu değerle başlamasını istiyorsak önümüzde 2 değişik seçenek var. 1. Sysctl.conf dosyasına ekleyebil 2006-01-03 17:03:07 http://sysctl.enderunix.org/view.php?id=142 determine the cpu frequency 2005-12-01 15:45:01 http://sysctl.enderunix.org/view.php?id=141 Minimum Retransmission Timeout root@siseci[~]# sysctl net.inet.tcp.rexmit_min net.inet.tcp.rexmit_min: 30 2005-11-30 08:47:46 http://sysctl.enderunix.org/view.php?id=140 Maximum segment lifetime root@siseci[~]# sysctl net.inet.tcp.msl net.inet.tcp.msl: 30000 2005-11-30 08:47:07 http://sysctl.enderunix.org/view.php?id=139 Delay ACK to try and piggyback it onto a data packet root@siseci[~]# sysctl net.inet.tcp.delayed_ack net.inet.tcp.delayed_ack: 1 2005-11-30 08:44:17 http://sysctl.enderunix.org/view.php?id=138 Time before a delayed ACK is sent root@siseci[~]# sysctl net.inet.tcp.delacktime net.inet.tcp.delacktime: 100 2005-11-30 08:43:17 http://sysctl.enderunix.org/view.php?id=137 TCP statistics (struct tcpstat, netinet/tcp_var.h) 2005-11-30 08:41:01 http://sysctl.enderunix.org/view.php?id=136 Default TCP Maximum Segment Size 2005-11-30 08:40:40 http://sysctl.enderunix.org/view.php?id=135 Enable rfc1644 (TTCP) extensions http://rfc.net/rfc1644.html 2005-11-30 08:40:18 http://sysctl.enderunix.org/view.php?id=133 In NetBSD, a file system can only be mounted by an ordinary user who owns the point node and has access to the special device (at least read permissions). In addition, the vfs.generic.usermount sysctl must be set to 1 to permit file system mounting by ordinary users. mount(8) 2005-11-24 23:15:45 http://sysctl.enderunix.org/view.php?id=132 Some systems behind misconfigured firewalls try to use Path-MTU-Discovery, while their firewall blocks all ICMP messages. This is an illegal, but not uncommon, setup. Typically you will have no chance to fix this (remote, outside of your control) setup. And sometimes you will have to use such remote systems (to download data from them, or to do your online banking). Without special care systems 2005-11-24 21:20:20 http://sysctl.enderunix.org/view.php?id=131 Sistemdeki islemci sayisini gosterir. root@siseci# sysctl hw.ncpu hw.ncpu: 4 2005-11-16 10:36:17 http://sysctl.enderunix.org/view.php?id=118 TCP Send window size. 2005-10-14 14:35:10 http://sysctl.enderunix.org/view.php?id=117 TCP receive window size. 2005-10-14 14:26:57 http://sysctl.enderunix.org/view.php?id=115 To disable IP source routing set net.inet.ip.sourceroute and net.inet.ip.accept_sourceroute to 0. 2005-10-14 14:22:25 http://sysctl.enderunix.org/view.php?id=113 Disable ICMP router solicitations and advertisements, and ICMP subnet mask requests and replies. 2005-10-14 14:18:14 http://sysctl.enderunix.org/view.php?id=112 ARP onbelleginin temizlenme suresidir. Ontanimli degeri 1200 dur. 2005-10-14 14:14:45 http://sysctl.enderunix.org/view.php?id=111 Kernel configurasyon dosyasinda gecen ident satiridir. ident GENERIC Satiri degistirilerek degistirilebilir. 2005-10-14 09:54:41 http://sysctl.enderunix.org/view.php?id=109 A MIB to set system security level. The kernel runs with five different levels of security. Any super-user process can raise the security level, but no process can lower it. The security levels are: -1 Permanently insecure mode - always run the system in level 0 mode. This is the default initial value. 0 Insecure mode - immutable and append-only flags may 2005-08-23 14:45:17 http://sysctl.enderunix.org/view.php?id=108 Log processes quitting on abnormal signals (e.g. sig 11) to syslog(3) 2005-08-23 13:47:08 http://sysctl.enderunix.org/view.php?id=107 Enable fast vfork() by using RFMEM to share address space instead of copying it 2005-08-23 13:36:38 http://sysctl.enderunix.org/view.php?id=106 Enables logging of attempted connections to ports which do not have a server running. The dmesg will display the attempt and it it will be logged to /var/log/messages. For all udp datagrams, to ports on which there is no socket listening, log the connection attempt. There is also a net.inet.tcp.log_in_vain. 2005-07-23 23:50:05 http://sysctl.enderunix.org/view.php?id=105 [inflight.enable] - Enable TCP bandwidth-delay product limiting. An attempt will be made to calculate the bandwidth-delay product for each individual TCP connection, and limit the amount of inflight data being transmitted, to avoid building up unnecessary packets in the network. This option is re 2005-07-23 23:44:07 http://sysctl.enderunix.org/view.php?id=104 The syncache implements a number of variables in the net.inet.tcp.syncache branch of the sysctl(3) MIB. Several of these may be tuned by setting the corresponding variable in the loader(8). [hashsize] - Size of the syncache hash table, must be a power of 2. Read-only, tunable via loader(8). [bucketlimit] - Limit on the number of entries permitted in each bucket of the hash ta 2005-07-23 23:36:27 http://sysctl.enderunix.org/view.php?id=103 Determines whether or not SYN cookies should be generated for outbound SYN-ACK packets. SYN cookies are a great help during SYN flood attacks, and are enabled by default. (See syncookies(4).) 2005-07-23 23:31:20 http://sysctl.enderunix.org/view.php?id=102 Flush packets in the TCP reassembly queue if the system is low on mbufs. 2005-07-23 23:29:33 http://sysctl.enderunix.org/view.php?id=101 Assume that SO_KEEPALIVE is set on all TCP connections, the kernel will periodically send a packet to the remote host to verify the connection is still up. 2005-07-23 23:28:18 http://sysctl.enderunix.org/view.php?id=100 Timeout, in milliseconds, for new, non-established TCP connections. 2005-07-23 23:27:14 http://sysctl.enderunix.org/view.php?id=99 The interval, in milliseconds, between keepalive probes sent to remote machines. After TCPTV_KEEPCNT (default 8) probes are sent, with no response, the (tcp)connection is dropped. 2005-07-23 23:26:09 http://sysctl.enderunix.org/view.php?id=98 Amount of time, in milliseconds, that the (tcp) connection must be idle before keepalive probes (if enabled) are sent. 2005-07-23 23:24:54 http://sysctl.enderunix.org/view.php?id=97 The kern.random.sys.harvest.interrupt variable is used to select hardware interrupts as an entropy source. A 0 (zero) value means interrupts are not considered as an entropy source. Set the variable to 1 (one) if you wish to use them for entropy harvesting. All interrupt harvesting is setup by the individual device drivers. 2005-07-23 23:21:43 http://sysctl.enderunix.org/view.php?id=96 The kern.random.sys.harvest.point_to_point variable is used to select serial line traffic as an entropy source. (Serial line traffic includes PPP, SLIP and all tun0 traffic.) A 0 (zero) value means such traffic is not considered as an entropy source. Set the variable to 1 (one) if you wish to use it for entropy harvesting. 2005-07-23 23:20:53 http://sysctl.enderunix.org/view.php?id=95 The kern.random.sys.harvest.ethernet variable is used to select LAN traffic as an entropy source. A 0 (zero) value means that LAN traffic is not considered as an entropy source. Set the variable to 1 (one) if you wish to use LAN traffic for entropy harvesting. 2005-07-23 23:19:34 http://sysctl.enderunix.org/view.php?id=94 The kern.random.sys.burst variable instructs the kernel thread that processes the harvest queue to tsleep(9) briefly after that many events have been processed. This helps prevent the random device from being so compute-bound that it takes over all processing ability. A value of 0 (zero) is treated as infinity, and will only allow the kernel to pause if the queue is empty. Only values in the ra 2005-07-23 23:18:42 http://sysctl.enderunix.org/view.php?id=93 The kern.random.sys.seeded variable indicates whether or not the random device is in an acceptably secure state as a result of reseeding. If set to 0, the device will block (on read) until the next reseed (which can be from an explicit write, or as a result of entropy harvesting). A reseed will set the value to 1 (non-blocking). 2005-07-23 23:17:31 http://sysctl.enderunix.org/view.php?id=92 From the blackhole(4) manual page: The blackhole sysctl(8) MIB is used to control system behaviour when connection requests are received on TCP or UDP ports where there is no socket listening. Normal behaviour, when a TCP SYN segment is received on a port where there is no socket accepting connections, is for the system to return a RST segment, and drop the connection. The connecting 2005-07-23 23:13:58 http://sysctl.enderunix.org/view.php?id=91 current domainname of the operating system (domainname) 2005-07-23 23:11:04 http://sysctl.enderunix.org/view.php?id=90 current hostname of the operating system (hostname -s) 2005-07-23 23:10:03 http://sysctl.enderunix.org/view.php?id=89 current release level of the operating system (uname -r) 2005-07-23 23:06:31 http://sysctl.enderunix.org/view.php?id=88 sysctl vm.stats will show you all the memory info you need in the vm system, as in: pageable memory. Its shown in number of pages (usually 4K: vm.stats.vm.v_page_size). 2005-07-20 14:02:55 http://sysctl.enderunix.org/view.php?id=87 Bilgisayarinizin fiziksel ramini byte cinsinden gosterir Örnegin; # sysctl hw.physmem hw.physmem: 263688192 2005-07-20 12:06:40 http://sysctl.enderunix.org/view.php?id=86 Gelişmiş tüm ses kartlarında bulunan çoklu sanal kanal özelliğini freebsd altında kullanmak için; sysctl hw.snd.maxautovchans=4 komutunu vermeniz yeterli. Bu sayede aynı anda birden fazla ses kaynağını dinleyebilirsiniz. 2005-07-06 15:31:25 http://sysctl.enderunix.org/view.php?id=85 This ysctl variable may be set to either 0 (off) or 1 (on); it is 1 by default. This variable controls how directories are cached by the system. It improves performance on servers with lots of i/o files such as mail servers, web caches and databases. Ref: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/book.html#AEN16786 2005-07-04 15:42:26 http://sysctl.enderunix.org/view.php?id=84 hw.ata.wc: (0/1) enable(1) / disable (0) ATA disk write caching. 2005-07-04 15:37:42 http://sysctl.enderunix.org/view.php?id=83 hw.model: specific machine model hw.model: Intel(R) Pentium(R) 4 CPU 1.80GHz 2005-07-04 15:25:22 http://sysctl.enderunix.org/view.php?id=82 hw.pagesize: System memory page size. 2005-07-04 15:24:11 http://sysctl.enderunix.org/view.php?id=81 hw.ncpu:number of cpus 2005-07-04 15:17:11 http://sysctl.enderunix.org/view.php?id=80 hw.physmem is a physical memory size in bytes. hw.physmem: 782921728 2005-07-04 15:14:29 http://sysctl.enderunix.org/view.php?id=79 displays supported cpu states for your cpu (for processors that support this) to set a desired frequency, use dev.cpu.0.freq=x 2005-06-10 00:44:03 http://sysctl.enderunix.org/view.php?id=78 net.inet.tcp.rfc1323: Enable rfc1323 (high performance TCP) extensions. http://rfc.net/rfc1323.html 2005-06-09 16:02:12 http://sysctl.enderunix.org/view.php?id=77 inet.ip.check_interface: Verify packet arrives on correct interface ip_checkinterface currently must be disabled if you use ipnat 150 to translate the destination address to another local interface. Also it must be disabled if you add IP aliases to the loopback interface instead of the interface where the packets for those addresses are received. 2005-06-09 15:57:31 http://sysctl.enderunix.org/view.php?id=76 kern.rootdev: root device of the system. # sysctl kern.rootdev kern.rootdev: da0s1a 2005-06-09 13:06:43 http://sysctl.enderunix.org/view.php?id=75 kern.openfiles: System-wide number of open files. 2005-06-09 13:01:03 http://sysctl.enderunix.org/view.php?id=74 kern.disks gets a list of all disks in the system. Output: # sysctl kern.disks kern.disks: ad0 md0 2005-06-09 12:58:13 http://sysctl.enderunix.org/view.php?id=73 net.inet.icmp.icmplim_output: If (0) you do not want to see messages about this in your log files, but you still want the kernel to do response limiting. 2005-06-06 17:50:09 http://sysctl.enderunix.org/view.php?id=72 net.inet.icmp.icmplim: the maximum number of ICMP Unreachable and also TCP RST packets that will be sent back every second. 2005-06-06 17:48:02 http://sysctl.enderunix.org/view.php?id=71 vfs.ufs.dirhash_minsize: minimum directory size in bytes for which to use hashed lookup vfs.ufs.dirhash_maxmem: maximum allowed dirhash memory usage vfs.ufs.dirhash_mem:current dirhash memory usage vfs.ufs.dirhash_docheck:enable extra sanity tests 2005-06-06 17:29:19 http://sysctl.enderunix.org/view.php?id=70 kern.nodump_coredump:Enable setting the NODUMP flag on coredump files Default value: kern.nodump_coredump: 0 2005-06-06 16:58:35 http://sysctl.enderunix.org/view.php?id=69 kern.coredump:Enable/Disable coredumps Default value: kern.coredump: 1 2005-06-06 16:57:12 http://sysctl.enderunix.org/view.php?id=68 kern.sugid_coredump: Enable coredumping set user/group ID processes Default value: kern.sugid_coredump: 0 2005-06-06 16:55:59 http://sysctl.enderunix.org/view.php?id=67 kern.corefile: core file name format string. Default value: kern.corefile: %N.core 2005-06-06 16:54:09 http://sysctl.enderunix.org/view.php?id=66 kern.smp.maxcpus: Max number of CPUs that the system was compiled for kern.smp.active:are the APs allowed to run? kern.smp.disabled: has smp been disabled? kern.smp.cpus: Number of CPUs online. kern.smp.forward_signal_enabled: Enable forwarding of a signal to a process running on a different CPU kern.smp.forward_roundrobin_enabled:Enable forwarding of roundrobin to all other cpus 2005-06-06 16:43:01 http://sysctl.enderunix.org/view.php?id=65 The maximum number of the processes for per user id. kern.maxprocperuid is changeable. 2005-06-05 13:51:35 http://sysctl.enderunix.org/view.php?id=64 The maximum number of processes a user may be running. kern.maxproc is read only 2005-06-05 13:43:28 http://sysctl.enderunix.org/view.php?id=63 the boot time of the kernel. 2005-06-05 13:38:05 http://sysctl.enderunix.org/view.php?id=62 A vnode is the internal representation of a file or directory. So increasing the number of vnodes available to the operating system cuts down on disk I/O kern.maxvnodes is changeable 2005-06-05 13:33:27 http://sysctl.enderunix.org/view.php?id=61 contains the type of the kernel. 2005-06-05 13:31:42 http://sysctl.enderunix.org/view.php?id=60 The cleanup interval for the IP route cache. Default value: 1200 2005-06-05 01:18:21 http://sysctl.enderunix.org/view.php?id=58 Gives the version of the twe driver. 2005-05-27 21:17:02 http://sysctl.enderunix.org/view.php?id=57 Bu parametre linux sisteminde açılabilecek dosya handle larının(bu da açılabilecek maksimum dosya sayisini gosterir) maksimum sayisini verir 2005-05-24 19:08:43 http://sysctl.enderunix.org/view.php?id=56 SEMMSL,SEMMNS, SEMOPM, SEMMNI parametrelerini içerir(örnek : 250 32000 32 128). SEMMSL : Bir semafor setinin içindeki maksimum semafor sayisini verir SEMMNS : Linux sistemimizdeki toplam semafor sayisini verir SEMOPM : Bu parametre semop(2) sistem çağrısının bir seferde yapabilecegi maksimum semafor operasyonlarinin sayisini verir SEMMNI : Linux sistemimizdeki maksimum semafor seti 2005-05-24 19:06:01 http://sysctl.enderunix.org/view.php?id=55 Sistemde bir anda sayfalarda(page) kullanılabilecek toplam paylasimli hafiza(shared memory) miktarini verir ve en az ceil(SHMMAX/PAGE_SIZE) kadar olmalidir 2005-05-24 18:57:15 http://sysctl.enderunix.org/view.php?id=54 Sistem genelindeki maksşmum paylasimli hafiza segment(shared memory segment) saysini belirler 2005-05-24 18:39:27 http://sysctl.enderunix.org/view.php?id=53 Paylaşılan bellek segmentinin(shared memory segment) byte cinsinden maksimum değeridir 2005-05-24 18:37:45 http://sysctl.enderunix.org/view.php?id=52 Shows current number of open files. 2005-05-18 05:29:05 http://sysctl.enderunix.org/view.php?id=51 hw.snd.maxautovchans=X where X is the number of virtual channels a new audio device is given when it is attached using kldload 2005-05-15 22:53:46 http://sysctl.enderunix.org/view.php?id=50 hw.snd.pcm0.vchans=X where X is the number of virtual channels pcm0 has 2005-05-15 22:52:20 http://sysctl.enderunix.org/view.php?id=49 This variable indicates the maximum number of file descriptors on your system. 2005-05-15 20:57:18 http://sysctl.enderunix.org/view.php?id=48 Boolean MIB The default is 0 (OFF) By setting this knob to 1 (ON) the kernel will log all ARP broadcasts from hosts that have a MAC address that is different then the on in the ARP cache on the localhost. This might help preventing and identifying ARP cache poisoning attacks. 2005-05-15 20:37:55 http://sysctl.enderunix.org/view.php?id=47 Boolean MIB The default is 0 (OFF) By setting this knob to 1 (ON) the kernel will log all arp packets arriving on the wrong interface. 2005-05-15 20:34:08 http://sysctl.enderunix.org/view.php?id=46 Boolean MIB 0 - off 1 - on The default is OFF (0). Normally (when this option is OFF) IP_ID of IP packets are numbered in an sequential manner. By setting this knob to 1 (ON) the IP_ID is set with a random number. This can help in preventing an information-gathering attack i.e. when an attacker tracks diffrent IP_IDs leaving a router to find how many hosts are behind the NAT. 2005-05-15 20:30:55 http://sysctl.enderunix.org/view.php?id=45 FreeBSD 4.x lerde çekirdeğinizde options IPFW2 varsa FreeBSD 5.x lerde çekirdeğinizde options IPFIREWALL varsa net.link.ether.ipfw=1 ile MAC adresine gore (Layer2) filtreleme yapabilirsiniz net.link.ether.ipfw=0 ise Layer2 filtrelemeyi iptal eder. (Standartta bu seçilidir) 2005-05-13 23:57:34 http://sysctl.enderunix.org/view.php?id=44 Çekirdeğinizi options IPFIREWALL ve options BRIDGE ile derlemişseniz; net.link.ether.bridge_ipfw=1 ile bridge paketlerini firewalldan gecirirsiniz. net.link.ether.bridge_ipfw=0 ise bridge paketleri firewalla ugramadan gecer. 2005-05-13 23:55:14 http://sysctl.enderunix.org/view.php?id=43 Uzerinde sunucu servis calismaya port`lara baglanti yapilmaya calisildiginda bunu gunluk dosyasina atmak icin kullanilabilir.dmesg bu baglantiyi gosterirken ayrica bu mesaj /var/log/messages altina yazilacaktir. Sadece SYN bayragi olan TCP paketlerinin kaydi tutulacaktir.Bunun yaninda ayrica net.inet.udp.log_in_vain bulunmaktadir. 2005-05-09 17:48:05 http://sysctl.enderunix.org/view.php?id=42 Belli bir ICMP mesaji aldiginda TCP`nin bir baglantiyi kesebilmesine olanak verir. (bakiniz: RFC 1122, 4.2.3.9, Destination unreachable 2-4). Baglanti TCP durumu ancak SYN_SENT ise iptal edilebilir. 2005-05-09 17:45:25