The Linux “sysctl” command is used to read and modify the kernel runtime variables that control the behavior of the running system and during the boot. This way, you can manage and adjust network, I/O operations, and memory management settings in real-time.
If you’re a beginner, note that modifying the kernel variables can impact the behavior, speed, and security of the running system. Therefore, always practice in a controlled environment like Docker or a virtual machine.
In this guide, I’ll walk you through different use cases of the “sysctl” command, which you can later use to improve your system’s performance or security.
Tutorial Details
| Description | sysctl |
| Difficulty Level | Low |
| Root or Sudo Privileges | Yes |
| OS Compatibility | Ubuntu, Manjaro, Fedora, etc. |
| Prerequisites | – |
| Internet Required | No |
1. List all kernel variables and their values
To list all the variables as well as their values, run:
$ sysctl -aOutput:
To get the total count of all variables in your system, run:
$ sudo sysctl -a | wc -lOutput:
2. List all kernel variables without values
To only print the variable name without the value, run:
$ sysctl -a -NOutput:
3. Search for a specific kernel variable
The previous two commands returned a long list of kernel variables in your system. If you wish to search for a specific kernel variable, it can quickly become a tedious task. So, be a smart Linux user and use the grep command to filter out output for a specific variable name.
Let’s say you want to list down all kernel variables containing “icmp_echo” text, you can run.
$ sudo sysctl -a | grep icmp_echoOutput:
4. Display a specific kernel variable pair
If you remember the kernel variable name, you can use that to print the variable name and its value.
$ sysctl net.ipv4.icmp_echo_ignore_allOutput:
5. Display a specific kernel variable value
Instead of printing the variable name, you can use the “-n” option to print only the variable value.
$ sysctl -n net.ipv4.icmp_echo_ignore_allOutput:
6. Modify the kernel variable value
Let’s say you want to disable the ICMP request (that makes the ping possible) in the kernel configuration. To do that, you can set the kernel variable “net.ipv4.icmp_echo_ignore_all” value to “1” using the “-w” option, which will disallow any ICMP (or ping) request made to the host system.
$ sudo sysctl -w net.ipv4.icmp_echo_ignore_all=1Output:
7. Load configuration from a custom file
To load the setting from a custom file, you can use the “-p” option with the path of the configuration file.
$ sysctl -p /path/to/sysctl.confMake sure to replace the “/path/to/sysctl.conf” with the actual file path.
Final Word
The sysctl is quite useful for system administrators; it allows you to configure different types of network, system, and memory configurations for your system. You can even disable the ICMP (a ping) request using this command, as we previously discussed.
Now, if you have any questions or queries related to the article, do let us know in the comment section.
Till then, peace!
Join The Conversation
Users are always welcome to leave comments about the articles, whether they are questions, comments, constructive criticism, old information, or notices of typos. Please keep in mind that all comments are moderated according to our comment policy.