Linux Kernel Tuning involves adjusting the parameters of the Linux kernel to optimize system performance, stability, and security. This module will guide you through the essential concepts, practical examples, and exercises to help you master kernel tuning.

1. Kernel Parameters: Settings that control the behavior of the Linux kernel.
2. sysctl: A tool to modify kernel parameters at runtime.
3. /proc and /sys Filesystems: Virtual filesystems that provide an interface to kernel data structures.
4. Performance Tuning: Adjusting parameters to improve system performance.
5. Security Tuning: Adjusting parameters to enhance system security.

Kernel parameters can be set at boot time or modified at runtime. They control various aspects of system behavior, such as memory management, networking, and process scheduling.

Kernel parameters can be set at boot time by editing the bootloader configuration file (e.g., GRUB).

Example:

The sysctl command is used to modify kernel parameters at runtime.

Example:

The /proc and /sys filesystems provide a way to interact with kernel data structures.

The /proc filesystem contains files that represent kernel data structures.

Example:

The /sys filesystem provides a more structured way to interact with kernel data.

Example:

Performance tuning involves adjusting kernel parameters to optimize system performance.

• vm.swappiness: Controls the tendency of the kernel to swap out memory pages.

  # Set swappiness to 10 (less aggressive swapping)
  sudo sysctl -w vm.swappiness=10
  

• vm.dirty_ratio: The percentage of system memory that can be filled with "dirty" pages before the kernel starts writing them to disk.

  # Set dirty ratio to 15%
  sudo sysctl -w vm.dirty_ratio=15
  

• net.core.somaxconn: The maximum number of connections that can be queued for acceptance.

  # Increase the maximum number of queued connections
  sudo sysctl -w net.core.somaxconn=1024
  

• net.ipv4.tcp_fin_timeout: The time that a socket remains in the FIN-WAIT-2 state before being closed.

  # Reduce the FIN-WAIT-2 timeout
  sudo sysctl -w net.ipv4.tcp_fin_timeout=30
  

Security tuning involves adjusting kernel parameters to enhance system security.

• net.ipv4.ip_forward: Controls IP forwarding.

  # Disable IP forwarding
  sudo sysctl -w net.ipv4.ip_forward=0
  

• net.ipv4.conf.all.rp_filter: Enables reverse path filtering.

  # Enable reverse path filtering
  sudo sysctl -w net.ipv4.conf.all.rp_filter=1
  

• kernel.randomize_va_space: Controls address space layout randomization (ASLR).

  # Enable full randomization
  sudo sysctl -w kernel.randomize_va_space=2
  

1. Check the current value of vm.swappiness.

   sysctl vm.swappiness
   

2. Set vm.swappiness to 20.

   sudo sysctl -w vm.swappiness=20
   

3. Make the change persistent across reboots.

   echo "vm.swappiness=20" | sudo tee -a /etc/sysctl.conf
   

1. Check the current value of net.ipv4.conf.all.rp_filter.

   sysctl net.ipv4.conf.all.rp_filter
   

2. Enable reverse path filtering.

   sudo sysctl -w net.ipv4.conf.all.rp_filter=1
   

3. Make the change persistent across reboots.

   echo "net.ipv4.conf.all.rp_filter=1" | sudo tee -a /etc/sysctl.conf
   

• Not Making Changes Persistent: Always ensure that changes made with sysctl are added to /etc/sysctl.conf to persist across reboots.
• Incorrect Parameter Values: Double-check the values you set for kernel parameters to avoid system instability.
• Ignoring Security Implications: Be cautious when tuning parameters that affect system security.

In this module, you learned about Linux kernel tuning, including how to modify kernel parameters at boot time and runtime, interact with the /proc and /sys filesystems, and perform performance and security tuning. By mastering these skills, you can optimize your Linux system for better performance and security.