modify sysctl.conf on F17
FedoraForum.org - Fedora Support Forums and Community
Results 1 to 11 of 11
  1. #1
    Join Date
    Nov 2010
    Posts
    7
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    modify sysctl.conf on F17

    Hello everyone

    I've modified sysctl.conf and now
    reboot F17 gives me at start up

    Failed to start Apply Kernel Variables
    See 'systemctl status systemd-sysctl.service' for details.
    trying systemctl status systemd-sysctl.service gives me

    Loaded: loaded (/usr/lib/systemd/system/systemd-sysctl.service; static)
    Active: failed (Result: exit-code) since Thu, 30 Aug 2012 17:29:42 +0100; 17h ago
    Docs: man:systemd-sysctl.service(8)
    man:sysctl.d(5)
    Main PID: 669 (code=exited, status=1/FAILURE)
    CGroup: name=systemd:/system/systemd-sysctl.service

    what has changed for sysctl in F17 ?
    the reease notes says nothing about that

    thanks

  2. #2
    Join Date
    Aug 2009
    Location
    Waldorf, Maryland
    Posts
    7,345
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Re: modify sysctl.conf on F17

    Depends on what you modified. How about showing what it was.

  3. #3
    Join Date
    Nov 2010
    Posts
    7
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Re: modify sysctl.conf on F17

    here is my sysctl.conf:

    # Controls IP packet forwarding
    net.ipv4.ip_forward = 0

    # Controls source route verification
    net.ipv4.conf.default.rp_filter = 1

    # Controls the System Request debugging functionality of the kernel
    kernel.sysrq = 0

    # Controls whether core dumps will append the PID to the core filename.
    # Useful for debugging multi-threaded applications.
    kernel.core_uses_pid = 1

    #Prevent SYN attack
    net.ipv4.tcp_syncookies = 1
    net.ipv4.tcp_max_syn_backlog = 2048
    net.ipv4.tcp_synack_retries = 2

    # Disables IP source routing
    net.ipv4.conf.all.accept_source_route = 0
    net.ipv4.conf.lo.accept_source_route = 0
    net.ipv4.conf.eth0.accept_source_route = 0
    net.ipv4.conf.default.accept_source_route = 0

    # Enable IP spoofing protection, turn on source route verification
    net.ipv4.conf.all.rp_filter = 1
    net.ipv4.conf.lo.rp_filter = 1
    net.ipv4.conf.eth0.rp_filter = 1
    net.ipv4.conf.default.rp_filter = 1

    # Disable ICMP Redirect Acceptance
    net.ipv4.conf.all.accept_redirects = 0
    net.ipv4.conf.lo.accept_redirects = 0
    net.ipv4.conf.eth0.accept_redirects = 0
    net.ipv4.conf.default.accept_redirects = 0

    # Enable Log Spoofed Packets, Source Routed Packets, Redirect Packets
    net.ipv4.conf.all.log_martians = 1
    net.ipv4.conf.lo.log_martians = 1
    net.ipv4.conf.eth0.log_martians = 1

    # Disables IP source routing
    net.ipv4.conf.all.accept_source_route = 0
    net.ipv4.conf.lo.accept_source_route = 0
    net.ipv4.conf.eth0.accept_source_route = 0
    net.ipv4.conf.default.accept_source_route = 0


    # Disable ICMP Redirect Acceptance
    net.ipv4.conf.all.accept_redirects = 0
    net.ipv4.conf.lo.accept_redirects = 0
    net.ipv4.conf.eth0.accept_redirects = 0
    net.ipv4.conf.default.accept_redirects = 0


    # Modify system limits for Ensim WEBppliance
    fs.file-max = 65000

    # Decrease the time default value for tcp_fin_timeout connection
    net.ipv4.tcp_fin_timeout = 15

    # Decrease the time default value for tcp_keepalive_time connection
    net.ipv4.tcp_keepalive_time = 1800

    # Turn off the tcp_window_scaling
    net.ipv4.tcp_window_scaling = 0

    # Turn off the tcp_sack
    net.ipv4.tcp_sack = 0

    # Turn off the tcp_timestamps
    net.ipv4.tcp_timestamps = 0

    # Enable TCP SYN Cookie Protection
    net.ipv4.tcp_syncookies = 1

    # Enable ignoring broadcasts request
    net.ipv4.icmp_echo_ignore_broadcasts = 1

    # Enable bad error message Protection
    net.ipv4.icmp_ignore_bogus_error_responses = 1

    # Log Spoofed Packets, Source Routed Packets, Redirect Packets
    net.ipv4.conf.all.log_martians = 1

    # Set maximum amount of memory allocated to shm to 256MB
    kernel.shmmax = 268435456

    # Improve file system performance
    #vm.bdflush = 100 1200 128 512 15 5000 500 1884 2

    # Improve virtual memory performance
    #vm.buffermem = 90 10 60

    # Increases the size of the socket queue (effectively, q0).
    net.ipv4.tcp_max_syn_backlog = 1024

    # Increase the maximum total TCP buffer-space allocatable
    net.ipv4.tcp_mem = 57344 57344 65536

    # Increase the maximum TCP write-buffer-space allocatable
    net.ipv4.tcp_wmem = 32768 65536 524288

    # Increase the maximum TCP read-buffer space allocatable
    net.ipv4.tcp_rmem = 98304 196608 1572864

    # Increase the maximum and default receive socket buffer size
    net.core.rmem_max = 524280
    net.core.rmem_default = 524280

    # Increase the maximum and default send socket buffer size
    net.core.wmem_max = 524280
    net.core.wmem_default = 524280

    # Increase the tcp-time-wait buckets pool size
    net.ipv4.tcp_max_tw_buckets = 1440000

  4. #4
    Join Date
    Jan 2010
    Posts
    7,482
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Re: modify sysctl.conf on F17

    Please don't take this wrong, but perhaps you should look at http://www.catb.org/esr/faqs/smart-questions.html

    Don't you think it's somewhat unreasonable to go through their own config file to see what you changed?

    Many people looking through the forum are busy people, and the odds of you getting help are much higher if you save them time, with for example, I changed this line from X to Y in this file, and now I have this problem. When I changed it back, the problem went away. (Or didn't). Formerly, I used to make this change without issue.

  5. #5
    Join Date
    Aug 2009
    Posts
    8,486
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Re: modify sysctl.conf on F17

    I don't know what you changed, but even if it loads it, you probably just totally screwed up your TCP/IP performance.

    The defaults for the linux kernel are pretty much the best performing options you are going to get. Go monkeying around with them, you are going to trash your performance unless you know EXACTLY what each one does and what you need to change to improve it.

  6. #6
    Join Date
    Jun 2004
    Location
    Maryland, US
    Posts
    7,702
    Mentioned
    3 Post(s)
    Tagged
    0 Thread(s)

    Re: modify sysctl.conf on F17

    Looks like he added a whole bunch of stuff. I have the default sysctl.conf and mine is 25 lines long. His starts just like mine until the last three net.bridge.bridge-nf-call-* lines (which were removed), then all the remaining lines are new.

  7. #7
    Join Date
    Nov 2010
    Posts
    7
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Re: modify sysctl.conf on F17

    Hello

    i've replaced sysctl.conf with the original one that comes with f17, and I have the same problem
    "Failed to start Apply Kernel Variables" at startup

    See 'systemctl status systemd-sysctl.service' for details.

    systemd-sysctl.service - Apply Kernel Variables
    Loaded: loaded (/usr/lib/systemd/system/systemd-sysctl.service; static)
    Active: failed (Result: exit-code) since Sun, 02 Sep 2012 11:28:15 +0100; 5s ago
    Docs: man:systemd-sysctl.service(8)
    man:sysctl.d(5)
    Process: 2320 ExecStart=/usr/lib/systemd/systemd-sysctl (code=exited, status=1/FAILURE)
    CGroup: name=systemd:/system/systemd-sysctl.service

    so i don't know what's to do next ?

  8. #8
    Join Date
    Aug 2009
    Location
    Waldorf, Maryland
    Posts
    7,345
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Re: modify sysctl.conf on F17

    How did you replace it? Does it have the proper security label?

  9. #9
    Join Date
    Nov 2010
    Posts
    7
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Re: modify sysctl.conf on F17

    Quote Originally Posted by jpollard
    How did you replace it? Does it have the proper security label?
    cp sysctl.conf.old sysctl.conf

    ls -Z sysctl.conf :

    -rw-r--r--. root root system_u:object_r:system_conf_t:s0 sysctl.conf


    thanks

  10. #10
    Join Date
    Jun 2004
    Location
    Maryland, US
    Posts
    7,702
    Mentioned
    3 Post(s)
    Tagged
    0 Thread(s)

    Re: modify sysctl.conf on F17

    What happens if you circumvent systemctl and just do the load manually?

    Run
    sysctl -p /etc/sysctl.conf
    as root and see if there's an error

  11. #11
    Join Date
    Aug 2009
    Posts
    8,486
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Re: modify sysctl.conf on F17

    also, look in /etc/sysctl.d/ and make certain you don't have files in there that could have errors in them. They get loaded just like /etc/sysctl.conf does.

Similar Threads

  1. How to backup and restore Iptables rules and sysctl.conf?
    By Cylinder57 in forum Security and Privacy
    Replies: 0
    Last Post: 20th April 2012, 04:31 AM
  2. Changes to sysctl.conf not working
    By vonedaddy in forum Using Fedora
    Replies: 2
    Last Post: 2nd January 2012, 03:18 AM
  3. Question about /etc/sysctl.conf
    By icanfly0307 in forum Using Fedora
    Replies: 2
    Last Post: 4th February 2009, 03:18 AM
  4. Pls modify my grub.conf
    By FedoX in forum Using Fedora
    Replies: 1
    Last Post: 24th August 2005, 04:33 AM
  5. list of keywords used in /etc/sysctl.conf
    By fire-fly in forum Using Fedora
    Replies: 2
    Last Post: 20th May 2005, 02:56 AM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •