Back to Commands

sysctl

system administrationLinux
The sysctl command is one of the most frequently used commands in Linux/Unix-like operating systems. sysctl Configure kernel parameters at runtime
See ExamplesView Syntax

Quick Reference

Command Name:

sysctl

Category:

system administration

Platform:

Linux

Basic Usage:

sysctl [options] [arguments]

Common Use Cases

    Syntax

    sysctl [options] [variable[=value]] [...]

    Options

    Option Description
    -a, --all Display all variables
    -A Alias of -a
    --deprecated Include deprecated parameters to --all
    -b, --binary Print values without new line
    -e, --ignore Ignore unknown variables errors
    -N, --names Print variable names only
    -n, --values Print values only
    -p, --load[=FILE] Read values from file
    -q, --quiet Do not display variable changes
    --system Read settings from all system configuration files
    -r, --pattern PATTERN Only apply settings matching pattern
    -w, --write Change sysctl setting
    -o Doesn't print variable name when printing values
    -d Show help instead of setting a variable
    -h, --help Display help and exit
    -V, --version Output version information and exit

    Examples

    How to Use These Examples

    The examples below show common ways to use the sysctl command. Try them in your terminal to see the results. You can copy any example by clicking on the code block.

    Basic Examples:

    Display all kernel parameters
    sysctl -a
    Display specific kernel parameter
    sysctl net.ipv4.ip_forward
    Set a kernel parameter temporarily (until reboot)
    sysctl -w net.ipv4.ip_forward=1
    Load settings from all system configuration files
    sysctl --system

    Advanced Examples:

    Enable IP forwarding for routing
    sysctl -w net.ipv4.ip_forward=1
    Verify the change
    sysctl net.ipv4.ip_forward
    Increase maximum open file descriptors
    sysctl -w fs.file-max=100000
    Check the new value
    sysctl fs.file-max
    Change swappiness (memory management)
    sysctl -w vm.swappiness=10
    Protect against TCP SYN flood attacks
    sysctl -w net.ipv4.tcp_syncookies=1
    Disable ICMP echo requests (ping)
    sysctl -w net.ipv4.icmp_echo_ignore_all=1
    Display kernel parameters related to IPv6
    sysctl -a | grep ipv6
    Modify multiple parameters at once
    sysctl -w net.ipv4.ip_forward=1 net.ipv6.conf.all.forwarding=1
    Load settings from a specific configuration file
    sysctl -p /etc/sysctl.d/99-custom.conf
    Add a custom parameter to a configuration file
    echo "net.ipv4.tcp_fin_timeout=15" >> /etc/sysctl.d/99-network-tuning.conf
    sysctl -p /etc/sysctl.d/99-network-tuning.conf
    Optimize network performance for high-traffic server
    sysctl -w net.core.somaxconn=4096
    sysctl -w net.ipv4.tcp_max_syn_backlog=4096 sysctl -w net.core.netdev_max_backlog=4096
    Enable kernel protection features
    sysctl -w kernel.kptr_restrict=1
    sysctl -w kernel.dmesg_restrict=1

    Try It Yourself

    Practice makes perfect! The best way to learn is by trying these examples on your own system with real files.

    Understanding Syntax

    Pay attention to the syntax coloring: commands, options, and file paths are highlighted differently.

    Notes

    The `sysctl` command is a powerful system administration tool in Linux that allows users to view and modify kernel parameters at runtime. These parameters control various aspects of the operating system's behavior, including networking, memory management, file system operations, and security features. The Linux kernel exposes a virtual file system called procfs, typically mounted at `/proc`, which provides an interface to kernel internal data structures. Within this file system, `/proc/sys` contains files representing various kernel parameters that can be viewed and modified. The `sysctl` command provides a convenient interface to read from and write to these files. Kernel parameters are organized hierarchically in a tree-like structure with dot-separated names. For example, `net.ipv4.ip_forward` controls whether the system can forward IP packets (essentially functioning as a router). Changes made using `sysctl -w` are temporary and will be lost after a system reboot. To make permanent changes, parameters should be added to configuration files in the `/etc/sysctl.d/` directory or to the `/etc/sysctl.conf` file. These changes can then be applied without a reboot using `sysctl -p` or `sysctl --system`. Some common kernel parameters frequently modified with `sysctl` include: 1. **Network parameters**: Controls like `net.ipv4.ip_forward` for packet forwarding, `net.ipv4.tcp_syncookies` for protection against SYN flood attacks, and various TCP/IP stack tuning parameters. 2. **Memory management**: Parameters like `vm.swappiness` to control how aggressively the kernel swaps memory to disk, and `vm.overcommit_memory` to control memory allocation policy. 3. **File system settings**: Settings such as `fs.file-max` to control the maximum number of file handles. 4. **Security features**: Parameters like `kernel.randomize_va_space` for address space layout randomization (ASLR) and `kernel.dmesg_restrict` to control access to kernel logs. The `sysctl` command is essential for system tuning and hardening, allowing administrators to optimize system performance for specific workloads and implement security best practices without requiring a system restart. However, it should be used with caution, as improper settings can negatively impact system stability and performance.

    Related Commands

    These commands are frequently used alongside sysctl or serve similar purposes:

    procfs
    modprobe
    lsmod
    dmesg
    systemctl
    proc
    Explore All Commands

    Use Cases

    Learn By Doing

    The best way to learn Linux commands is by practicing. Try out these examples in your terminal to build muscle memory and understand how the sysctl command works in different scenarios.

    See ExamplesTry Lab Exercises
    $ sysctl
    View All Commands