10.3. The /proc/sys subdirectory

The role of this subdirectory is to report different kernel parameters, and to allow for changing in real time some of these parameters. As opposed to all other files in /proc, some files in this directory can be written to, but by root only.

A list of directories and files would be too long, all the more that they will depend in a large part on your system, and that most files will only be useful for very specialized applications. However, here are three common uses of this subdirectory:

  1. Allow routing: Even if the default kernel from Mandrake Linux is able to route, you must explicitly allow it to do so. For this, you just have to type the following command as root:
    $ echo 1 >/proc/sys/net/ipv4/ip_forward

    Replace the 1 by a 0 if you want to forbid routing.

  2. Prevent IP spoofing: IP spoofing consists in making one believe that a packet coming from the outside world comes from the interface by which it arrives. This technique is very commonly used by crackers[1], but you can make the kernel prevent this kind of intrusion for you. You just have to type:
    $ echo 1 >/proc/sys/net/ipv4/conf/all/rp_filter

    and this kind of attack becomes impossible.

  3. Increase the size of the table of open files and the inode table: The size of the table of open files and the inode table is dynamic under GNU/Linux. The default values are usually sufficient for normal use, but they may be too weak if your machine is a huge server (a database server for example). Indeed, the first obstacle is the fact that processes cannot open any more files because the table is full, therefore you must increase its size. Meanwhile, you must also increase the size of the inode table. These two lines will solve the problem:
    $ echo 8192 >/proc/sys/fs/file-max
    $ echo 16384 >/proc/sys/fs/inode-max

In order for these to be executed each time you boot the system, you can add all these lines to /etc/rc.d/rc.local so that you avoid typing them each time, but another solution is to fill in /etc/sysctl.conf, see sysctl.conf(5).

Notes

[1]

And not hackers!


Tux on Star from MandrakeSoft Linux is a registered trademark of Linus Torvalds. All other trademarks and copyrights are the property of their respective owners.
Unless otherwise stated, all the content of these pages and all images are Copyright MandrakeSoft S.A. and MandrakeSoft Inc. 2001.
http://www.mandrakelinux.com/