Modifying Kernel Parameters

30 minutes
  • 6 Learning Objectives

About this Hands-on Lab

The Linux kernel provides a wide array of parameters that can alter how the system behaves. In this lab, you will be tasked with modifying specific parameters for the current session and ensuring that these changes will persist through a reboot.

Learning Objectives

Successfully complete this lab by achieving the following learning objectives:

Modify the Swappiness Parameter to Equal 10 for the Current Session

Use sysctl to change the swappiness value to 10:

sysctl -w vm.swappiness=10

Ensure That the Changes Made to the Swappiness Parameter Will Persist through a Reboot

Create a file in /etc/sysctl.d/ called 60-swap.conf with the following contents:

vm.swappiness = 10

This can be done with a text editor or through the command line:

echo "vm.swappiness = 10" > /etc/sysctl.d/60-swap.conf

Disable icmp_echo_ignore_all and Enable icmp_echo_ignore_broadcast for the Current Session

Disable icmp_echo_ignore_all using the sysctl command:

sysctl -w net.ipv4.icmp_echo_ignore_all=0

Enable icmp_echo_ignore_broadcast using the sysctl command:

sysctl -w net.ipv4.icmp_echo_ignore_broadcasts=1

Ensure That the Changes Made to icmp_echo_ignore_all and icmp_echo_ignore_broadcast Persist through a Reboot

Create a file in /etc/sysctl.d/ called 60-icmp.conf with the following system variables:

icmp_echo_ignore_all = 0
icmp_echo_ignore_broadcasts = 1

This can be done with a text editor or from the command line using the echo command:

echo -e 'icmp_echo_ignore_all = 0nicmp_echo_ignore_broadcasts = 1' > /etc/sysctl.d/60-icmp.conf

Enable ip_forward for the Current Session

Enable ip_forward using the sysctl command:

sysctl -w net.ipv4.ip_forward=1

Ensure That the Changes Made to ip_forward will Persist through a Reboot

Create a file in /etc/sysctl.d/ called 60-ip.conf with the following text:

net.ipv4.ip_forward = 1

This can be done with a text editor or from the command line:

echo "net.ipv4.ip_forward = 1" > /etc/sysctl.d/60-ip.conf

Additional Resources

You work as a system reliability engineer for a large company which has data centers in several locations around the world. As part of your responsibilities, you help to ensure that systems run efficiently and are not vulnerable to exploitation. One of the hosts that you are responsible for requires some modifications to the kernel parameters, to bring it in line with the others. First, the swappiness will need to be changed to a value of 10, down from 80, so that the swap space is used less aggressively (which is causing some sluggish performance on the host).

Next, the ICMP echo parameters will need to be updated. The host is currently denying all ICMP echo requests, which must be changed in order to provide some needed functionality on the network. By allowing ICMP echo requests, we can become vulnerable to certain exploits. To prevent this, the ICMP broadcast request should be disabled. Finally, IP forwarding should be enabled to allow the host to act as a router on the network.

Additional Information:

  • sysctl configurations should not be added to the main sysctl.conf file. A separate .conf file should be added for each of the configurations in /etc/sysctl.d/ (see below for naming convention).
    • For swappiness, the configuration file should be called 60-swap.conf
    • For ICMP echo requests, the configuration file should be called 60-icmp.conf
    • For IP forwarding, the configuration should be called 60-ip.conf
  • All tasks should be performed as the root user.

What are Hands-on Labs

Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.

Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!

Get Started
Who’s going to be learning?