Directories in /proc
Common groups of information concerning the kernel is grouped into directories and sub-directories within /proc.
Process Directories
Every /proc directory contains quite a few directories named with a number. A listing of them starts off like this:
[root@bleach /]# ls -l /proc total 0 dr-xr-xr-x 3 root root 0 May 8 10:56 1 dr-xr-xr-x 3 truk truk 0 May 8 10:56 1038 dr-xr-xr-x 3 root root 0 May 8 10:56 518 dr-xr-xr-x 3 rpc rpc 0 May 8 10:56 532 dr-xr-xr-x 3 rpcuser rpcuser 0 May 8 10:56 547 dr-xr-xr-x 3 root root 0 May 8 10:56 7 dr-xr-xr-x 3 daemon daemon 0 May 8 10:56 708 dr-xr-xr-x 3 root root 0 May 8 10:56 8 dr-xr-xr-x 3 xfs xfs 0 May 8 10:56 880 [root@bleach /]# |
These directories are called process directories, as they refer to a process's ID and contain information specific to that process. The owner and group of each process directory is set to the user running the process. When the process is terminated, its /proc process directory vanishes. However, while the process is running, a great deal of information specific to that process is contained in the process directory's various files.
Each of the process directories contains the following files:
cmdline — Contains the command line arguments that started the process. The output of cmdline file for the sshd process looks like this:
/usr/sbin/sshd
cpu — Provides specific information about the utilization of each of the system's CPUs. A process running on a dual CPU system produces output similar to this:
cpu 11 3 cpu0 0 0 cpu1 11 3
cwd — A link to the current working directory for the process.
environ — Gives a list of the environment variables for the process. The environment variable is given in all upper-case characters, and the value is in lower-case characters.
exe — A link to the executable of this process.
fd — A directory containing all of the file descriptors for a particular process. These are given in numbered links:
[root@bleach /]# ls -l /proc/14466/fd total 0 lrwx------ 1 root root 64 May 8 11:31 0 -> /dev/null lrwx------ 1 root root 64 May 8 11:31 1 -> /dev/null lrwx------ 1 root root 64 May 8 11:31 2 -> /dev/null lrwx------ 1 root root 64 May 8 11:31 3 -> /dev/ptmx lrwx------ 1 root root 64 May 8 11:31 4 -> socket:[7774817] lrwx------ 1 root root 64 May 8 11:31 5 -> /dev/ptmx lrwx------ 1 root root 64 May 8 11:31 6 -> socket:[7774829] lrwx------ 1 root root 64 May 8 11:31 7 -> /dev/ptmx [root@bleach /]#
maps — Contains memory maps to the various executables and library files associated with this process. This file can be rather long, depending upon the complexity of the process, but sample output from the sshd process begins like this:
08048000-08080000 r-xp 00000000 03:05 226209 /usr/sbin/sshd 08080000-08082000 rw-p 00037000 03:05 226209 /usr/sbin/sshd 08082000-080c3000 rwxp 00000000 00:00 0 40000000-40016000 r-xp 00000000 03:05 304721 /lib/ld-2.2.2.so 40016000-40017000 rw-p 00015000 03:05 304721 /lib/ld-2.2.2.so 40017000-40018000 rw-p 00000000 00:00 0 40019000-4001b000 r-xp 00000000 03:05 144433 /lib/security/pam_stack.so 4001b000-4001c000 rw-p 00001000 03:05 144433 /lib/security/pam_stack.so
mem — The memory held by the process.
root — A link to the root directory of the process.
stat — A status of the process.
statm — A status of the memory in use by the process. Sample statm files look like this:
140 72 63 22 0 50 22
The seven columns relate to different memory statistics for the process. In order of how they are displayed, from right to left, they report different aspects of the memory used:
Total program size, in kilobytes
Size of memory portions, in kilobytes
Number of pages that are shared
Number of pages are code
Number of pages of data/stack
Number of pages of library
Number of dirty pages
status — Provides the status of the process in a form that is much more readable than stat or statm. Sample output for sshd looks similar to this:
Name: sshd State: S (sleeping) Pid: 14466 PPid: 723 TracerPid: 0 Uid: 0 0 0 0 Gid: 0 0 0 0 FDSize: 32 Groups: VmSize: 3596 kB VmLck: 0 kB VmRSS: 288 kB VmData: 552 kB VmStk: 28 kB VmExe: 224 kB VmLib: 2596 kB SigPnd: 0000000000000000 SigBlk: 0000000000000000 SigIgn: 8000000000001000 SigCgt: 0000000000012000 CapInh: 0000000000000000 CapPrm: 00000000fffffeff CapEff: 00000000fffffeff
Other than the process's name and ID, the state (such as S (sleeping) or R (running) and user/group ID running the process is available, as well as much more detailed data regarding memory usage.
/proc/self
The /proc/self directory is a link to the currently running process. This allows a process to look at itself without having to know its process ID.
Within a shell environment, a listing of the /proc/self directory produces the same contents as listing the process directory for that process.
/proc/bus
This directory contains information specific to the various busses available on the system. So, for example, on a standard system containing ISA, PCI, and USB busses, current data on each of these busses is available in its directory under /proc/bus.
The contents of the sub-directories and files available varies greatly on the precise configuration of your system. However, each of the directories for each of the bus types contains at least one directory for each bus of that type. These individual bus directories, usually signified with numbers, such as 00, contains binary files that refer to the various devices available on that bus.
So, for example, a system with a USB bus but no USB devices connected to it has a /proc/bus/usb directory containing several files:
[root@bleach /]# ls -l /proc/bus/usb total 0 dr-xr-xr-x 1 root root 0 May 3 16:25 001 -r--r--r-- 1 root root 0 May 3 16:25 devices -r--r--r-- 1 root root 0 May 3 16:25 drivers [root@thoth /]# ls -l /proc/bus/usb/001 total 1 -rw-r--r-- 1 root root 18 May 3 16:25 001 [root@bleach /]# |
The /proc/bus/usb directory contains files that track the various devices on any USB busses, as well as the drivers required to utilize them. The 001 directory contains all devices on the first (and only) USB bus. By looking at the contents of the devices file, we can see that it is the USB root hub on the motherboard:
[root@bleach /]# cat /proc/bus/usb/devices T: Bus=01 Lev=00 Prnt=00 Port=00 Cnt=00 Dev#= 1 Spd=12 MxCh= 2 B: Alloc= 0/900 us ( 0%), #Int= 0, #Iso= 0 D: Ver= 1.00 Cls=09(hub ) Sub=00 Prot=00 MxPS= 8 #Cfgs= 1 P: Vendor=0000 ProdID=0000 Rev= 0.00 S: Product=USB UHCI Root Hub S: SerialNumber=d400 C:* #Ifs= 1 Cfg#= 1 Atr=40 MxPwr= 0mA I: If#= 0 Alt= 0 #EPs= 1 Cls=09(hub ) Sub=00 Prot=00 Driver=hub E: Ad=81(I) Atr=03(Int.) MxPS= 8 Ivl=255ms [root@bleach /]# |
/proc/driver
This directory contains information for specific drivers in use by the kernel.
A common file found here is rtc, which provides output from the driver for the system's Real Time Clock (RTC), the device that keeps the time while the system is switched off. Sample output from /proc/driver/rtc looks like this:
rtc_time : 18:06:33 rtc_date : 2001-05-08 rtc_epoch : 1900 alarm : 02:01:19 DST_enable : no BCD : yes 24hr : yes square_wave : no alarm_IRQ : no update_IRQ : no periodic_IRQ : no periodic_freq : 1024 batt_status : okay |
For more information about the RTC, review /usr/src/linux-2.4/Documentation/rtc.txt.
/proc/fs
This directory contains specific filesystem, file handle, inode, dentry and quota information. This information is actually located in /proc/sys/fs.
/proc/ide
This directory holds an assorted array of information about IDE devices on the system. Each IDE channel is represented as a separate directory, such as /proc/ide/ide0 and /proc/ide/ide1. In addition, a drivers file is also available, providing the version number of the various drivers used on the IDE channels:
ide-cdrom version 4.59 ide-floppy version 0.97 ide-disk version 1.10 |
Many chipsets also provide an informational file in this directory that gives additional data concerning the drives connected through the various channels. For example, a generic Intel PIIX4 Ultra 33 chipset produces a /proc/ide/piix that will tell you whether DMA or UDMA is enabled for the devices on the IDE channels:
Intel PIIX4 Ultra 33 Chipset.
--------------- Primary Channel ---------------- Secondary Channel -------------
enabled enabled
--------------- drive0 --------- drive1 -------- drive0 ---------- drive1 ------
DMA enabled: yes no yes no
UDMA enabled: yes no no no
UDMA enabled: 2 X X X
UDMA
DMA
PIO |
Navigating into the directory for an IDE channel, such as ide0 for the first channel, provides additional information. The channel file provides the channel number, while the model tells you the bus type for the channel (such as pci).
Device Directories
Some of the most useful data can be found in the device directories within the channel directory. Each device, such as a hard drive or CD-ROM, on that channel will have its own directory containing its own collection of information and statistics. The contents of these directories vary according to the type of device connected. Some of the more useful files common to different devices include:
cache — The device's cache.
capacity — The capacity of the device, in 512 byte blocks.
driver — The driver and version used to control the device.
geometry — The physical and logical geometry of the device.
media — The type of device, such as a disk.
model — The model name or number of the device.
settings — A collection of current parameters of the device. This file usually contains quite a bit of useful, technical information. A sample settings file for a standard IDE hard disk looks similar to this:
name value min max mode ---- ----- --- --- ---- bios_cyl 784 0 65535 rw bios_head 255 0 255 rw bios_sect 63 0 63 rw breada_readahead 4 0 127 rw bswap 0 0 1 r current_speed 66 0 69 rw file_readahead 0 0 2097151 rw ide_scsi 0 0 1 rw init_speed 66 0 69 rw io_32bit 0 0 3 rw keepsettings 0 0 1 rw lun 0 0 7 rw max_kb_per_request 64 1 127 rw multcount 8 0 8 rw nice1 1 0 1 rw nowerr 0 0 1 rw number 0 0 3 rw pio_mode write-only 0 255 w slow 0 0 1 rw unmaskirq 0 0 1 rw using_dma 1 0 1 rw
/proc/irq
This directory is used to set IRQ to CPU affinity, which allows you to connect a particular IRQ to only one CPU. Alternatively, you can exclude a CPU from handling any IRQs.
Each IRQ has its own directory, allowing for each IRQ to be configured different from any other. The /proc/irq/prof_cpu_mask file is a bitmask that contains the default values for the smp_affinity file in the IRQ directory. The values in smp_affinity specify which CPUs handle that particular IRQ.
More information is available in the /usr/src/linux-2.4/Documentation/filesystems/proc.txt file.
/proc/net
This directory provides a comprehensive look at various networking parameters and statistics. Each of the files covers a specific range of information related to networking on the system:
arp — Contains the kernel's ARP table. This file is particularly useful for connecting hardware address to an IP address on a system.
atm — A directory containing files with various Asynchronous Transfer Mode (ATM) settings and statistics. This directory is primarily used with ATM networking and ADSL cards.
dev — Lists the various network devices configured on the system, complete with transmit and receive statistics. This file will quickly tell you the number of bytes each interface has sent and received, the number of packets inbound and outbound, the number of errors seen, the number of packets dropped, and much more.
dev_mcast — Displays the various Layer2 multicast groups each device is listening to.
igmp — Lists the IP multicast addresses which this system joined.
ip_fwchains — Reveals any current firewall chains.
ip_fwnames — Lists all firewall chain names. By default, with no firewall chains configured, the three original chains are given:
input ACCEPT 1 0 93537 0 12626171 forward ACCEPT 1 0 0 0 0 output ACCEPT 1 0 14270 0 3796697
ip_masquerade — Provides a table of masquerading information.
ip_mr_cache — List of the multicast routing cache.
ip_mr_vif — List of multicast virtual interfaces.
netstat — Contains a broad yet detailed collection of networking statistics, including TCP timeouts, SYN cookies sent and received, and much more.
psched — List of global packet scheduler parameters.
raw — List of raw device statistics.
route — Displays the kernel's routing table.
rt_cache — Contains the current routing cache.
snmp — List of Simple Network Management Protocol (SNMP) data for various networking protocols in use.
sockstat — Provides socket statistics. For example:
sockets: used 105 TCP: inuse 7 orphan 0 tw 0 alloc 7 mem 1 UDP: inuse 3 RAW: inuse 0 FRAG: inuse 0 memory 0
tcp — Contains detailed TCP socket information.
tr_rif — The token ring RIF routing table.
udp — Contains detailed UDP socket information.
unix — Lists UNIX domain sockets currently in use.
wireless — Lists wireless interface data.
/proc/scsi
In the same way the /proc/ide directory only exists if an IDE controller is connected to the system, the /proc/scsi directory is only available if you have a SCSI host adapter.
The primary file here is /proc/scsi/scsi, which contains a list of every recognized SCSI device. For example, if a system contains a SCSI CD-ROM, tape drive, hard drives, and RAID controller, this file will look similar to this:
Attached devices: Host: scsi1 Channel: 00 Id: 05 Lun: 00 Vendor: NEC Model: CD-ROM DRIVE:466 Rev: 1.06 Type: CD-ROM ANSI SCSI revision: 02 Host: scsi1 Channel: 00 Id: 06 Lun: 00 Vendor: ARCHIVE Model: Python 04106-XXX Rev: 7350 Type: Sequential-Access ANSI SCSI revision: 02 Host: scsi2 Channel: 00 Id: 06 Lun: 00 Vendor: DELL Model: 1x6 U2W SCSI BP Rev: 5.35 Type: Processor ANSI SCSI revision: 02 Host: scsi2 Channel: 02 Id: 00 Lun: 00 Vendor: MegaRAID Model: LD0 RAID5 34556R Rev: 1.01 Type: Direct-Access ANSI SCSI revision: 02 |
From this listing, the type of devices, as well as the model name, vendor, and SCSI channel/ID data is available.
In addition, each SCSI driver used by the system has its own directory in /proc/scsi, which contains files specific to each SCSI controller that uses that driver. So, for the example system above, aic7xxx and megaraid directories are present, as those two drivers are being utilized. The files in each of the directories typically contain IO address range, IRQ, and statistics for the particular SCSI controller that utilizes that driver. While each controller can report a different type and amount of information, expect the output from most of these files to be very helpful and easy to read. The Adaptec AIC-7880 Ultra SCSI host adapter's file in our example system produces the following output:
Adaptec AIC7xxx driver version: 5.1.20/3.2.4
Compile Options:
TCQ Enabled By Default : Disabled
AIC7XXX_PROC_STATS : Enabled
AIC7XXX_RESET_DELAY : 5
Adapter Configuration:
SCSI Adapter: Adaptec AIC-7880 Ultra SCSI host adapter
Ultra Narrow Controller
PCI MMAPed I/O Base: 0xfcffe000
Adapter SEEPROM Config: SEEPROM found and used.
Adaptec SCSI BIOS: Enabled
IRQ: 30
SCBs: Active 0, Max Active 1,
Allocated 15, HW 16, Page 255
Interrupts: 33726
BIOS Control Word: 0x18a6
Adapter Control Word: 0x1c5f
Extended Translation: Enabled
Disconnect Enable Flags: 0x00ff
Ultra Enable Flags: 0x0020
Tag Queue Enable Flags: 0x0000
Ordered Queue Tag Flags: 0x0000
Default Tag Queue Depth: 8
Tagged Queue By Device array for aic7xxx host instance 1:
{255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255}
Actual queue depth per device for aic7xxx host instance 1:
{1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1}
Statistics:
(scsi1:0:5:0)
Device using Narrow/Sync transfers at 20.0 MByte/sec, offset 15
Transinfo settings: current(12/15/0/0), goal(12/15/0/0), user(12/15/0/0)
Total transfers 0 (0 reads and 0 writes)
< 2K 2K+ 4K+ 8K+ 16K+ 32K+ 64K+ 128K+
Reads: 0 0 0 0 0 0 0 0
Writes: 0 0 0 0 0 0 0 0
(scsi1:0:6:0)
Device using Narrow/Sync transfers at 10.0 MByte/sec, offset 15
Transinfo settings: current(25/15/0/0), goal(12/15/0/0), user(12/15/0/0)
Total transfers 132 (0 reads and 132 writes)
< 2K 2K+ 4K+ 8K+ 16K+ 32K+ 64K+ 128K+
Reads: 0 0 0 0 0 0 0 0
Writes: 0 0 0 1 131 0 0 0 |
From this screen, you can see the transfer speed to the various SCSI devices connected to the controller based on channel ID, as well as detailed statistics concerning the amount and sizes of files read or written by that device. By referring to the /proc/scsi/scsi file, we can see that this controller is communicating with the CD-ROM at 20 megabits per second, while the tape drive is only connected at 10 megabits per second.
/proc/sys
This directory is special and different from the others in /proc, as it not only provides a lot of information about the system but also allows you to make configuration changes to a running kernel.
 | Warning |
|---|---|
Never attempt to tweak your kernel's settings on a production system using the various files in the /proc/sys directory. Occasionally, changing a setting may render the kernel unstable, requiring a reboot of the system. As this would obviously disrupt any users currently using the system, use a similar development system to try out changes before utilizing them on any production machines. Before attempting to change a value in /proc/sys, be sure you know the valid options for that file and the expected outcome. |
A good way to determine if a particular file can configured or is only designed to provide information is to list it. If the file is writable, you may use it to configure the kernel in a certain way. For example, a partial listing of /proc/sys/fs looks like this:
[root@bleach /]# ls -l /proc/sys/fs <snip> -r--r--r-- 1 root root 0 May 10 16:14 dentry-state -rw-r--r-- 1 root root 0 May 10 16:14 dir-notify-enable -r--r--r-- 1 root root 0 May 10 16:14 dquot-nr -rw-r--r-- 1 root root 0 May 10 16:14 file-max -r--r--r-- 1 root root 0 May 10 16:14 file-nr <snip> [root@bleach /]# |
In this listing, the files dir-notify-enable and file-max can be written to and, therefore, can be used to configure the kernel. The other files only provide feedback on the kernel's current settings.
Changing a value within a /proc/sys file is done by echoing the new value into the file. For example, to enable the System Request Key on a running kernel, type the command:
[root@bleach /]# echo "1" > /proc/sys/kernel/sysrq |
This will change the sysrq file's value from 0 to 1. By default, the System Request Key is enabled in the Red Hat Linux kernel, but the 0 value is passed to /proc/sys/kernel/sysrq at boot time by rc.sysinit calling sysctl to pass the /etc/sysctl.conf settings to the kernel via the /proc directory. This turns off the System Request Key feature, which may cause a security problem for an unattended console. However, it does permit the root user to enable the feature at any time on a running kernel, if necessary.
The purpose of the System Request Key is to allow you to immediately instruct the kernel to do a number of important activities by using a simple key combination, such as immediately shutting down or restarting a system, syncing all mounted filesystems, or dumping important information to your console. This feature is most useful when using a development kernel or if you are experiencing system freezes. For more information on the System Request Key, refer to /usr/src/linux-2.4/Documentation/sysrq.txt.
A few /proc/sys configuration files contain more than one value. In order to correctly send new values to them, place a space character between each value passed with the echo command, such as is done in this example:
[root@bleach /]# echo "4 2 45" > /proc/sys/kernel/acct |
 | Note |
|---|---|
Any configuration changes you make by echoing values into /proc/sys files will disappear when the system is restarted. To make your configuration changes take effect at the time the system is booted, see the section called Using sysctl. |
The /proc/sys directory contains several different directories that control different aspects of a running kernel.
/proc/sys/dev
This directory provides parameters for particular devices on the system. Most systems have at least two directories, cdrom and raid, but customized kernels can have others, such as parport, which provides the ability to share one parallel port between multiple device drivers.
The cdrom directory contains a file called info, which reveals a number of important CD-ROM parameters:
CD-ROM information, Id: cdrom.c 3.12 2000/10/18 drive name: hdc drive speed: 32 drive # of slots: 1 Can close tray: 1 Can open tray: 1 Can lock tray: 1 Can change speed: 1 Can select disk: 0 Can read multisession: 1 Can read MCN: 1 Reports media changed: 1 Can play audio: 1 Can write CD-R: 0 Can write CD-RW: 0 Can read DVD: 0 Can write DVD-R: 0 Can write DVD-RAM: 0 |
This file can be quickly scanned to discover the qualities of an unknown CD-ROM, at least in the eyes of the kernel. If multiple CD-ROMs are available on a system, each device is given its own column of information.
Various files in /proc/sys/dev/cdrom, such as autoclose and checkmedia, can be used to control the system's CD-ROM. Simply echo a 1 to the correct file to turn on the feature or a 0 to disable a feature.
If RAID support is compiled into the kernel, a /proc/sys/dev/raid directory will be available with at least two files in it: speed_limit_min and speed_limit_max. These settings come into play in order to throttle or accelerate the speed the RAID device is utilized for particularly I/O intensive tasks, such as resyncing the disks.
/proc/sys/fs
This directory contains an array of options and information concerning various aspects of the filesystem, including quota, file handle, inode, and dentry information.
The binfmt_misc directory is used to provide kernel support for miscellaneous binary formats.
The important files in /proc/sys/fs include:
dentry-state — Provides the status of the directory cache. The file looks similar to this:
57411 52939 45 0 0 0
The first number reveals the total number of directory cache entries, while the second number displays the number of unused entries. The third number tells the number of seconds between when a directory has been freed and when it can be reclaimed, and the fourth measures the pages currently requested by the system. The last two numbers are not used and currently display only zeros.
dquot-nr — Shows the maximum number of cached disk quota entries.
file-max — Allows you to change the maximum number of file handles that the kernel will allocate. Raising the value in this file can resolve errors caused by a lack of available file handles.
file-nr — Displays the number of allocated file handles, used file handles, and the maximum number of file handles, in that order.
overflowgid and overflowuid — Defines the fixed group ID and user ID, respectively, for use with filesystems that only support 16-bit group and user IDs.
super-max — Controls the maximum number of superblocks available.
super-nr — Displays the current number of superblocks in use.
/proc/sys/kernel
This directory contains a variety of different configuration files that directly affect the operation of the kernel. Some of the most important files include:
acct — Controls the suspension of process accounting based on the percentage of free space available on the filesystem containing the log. By default, the file looks like this:
4 2 30
The second value sets the threshold percentage of free space when logging will be suspended, while the first value dictates the percentage of free space required for logging to resume. The third value sets the interval in seconds that the kernel polls the filesystem to see if logging should be suspended or resumed.
cap-bound — Controls the capability bounding settings, which provide a list of capabilities that any process on the system can do. If a capability is not listed here, then no process, no matter how privileged, can do it. The primary idea is to make the system more secure by ensuring that certain things cannot happen, at least beyond a certain point in the boot process.
The various values that are possible here are beyond the scope of this manual, so consult the kernel documentation for more information.
ctrl-alt-del — Controls whether
[Ctrl] -[Alt] -[Delete] will gracefully restart the computer using init (value 0) or force an immediate reboot without syncing the dirty buffers to disk (value 1).domainname — Allows you to configure the system's domain name, such as domain.com.
hostname — Allows you to configure the system's host name, such as host.domain.com.
hotplug — Configures the utility to be used when a configuration change is detected by the system. This is primarily used with USB and Cardbus PCI. The default value of /sbin/hotplug should not be changed unless you are testing a new program to fulfill this role.
modprobe — Sets the location of the program to be used to load kernel modules when necessary. The default value of /sbin/modprobe signifies that kmod will call it to actually load the module when a kernel thread calls kmod.
msgmax — Sets the maximum size of any message sent from one process to another, which is set to 8192 bytes by default. You should be careful about raising this value, as queued messages between processes are stored in non-swappable kernel memory, and any increase in msgmax would increase RAM requirements for the system.
msgmnb — Sets the maximum number of bytes in a single message queue. By default, 16384.
msgmni — Sets the maximum number of message queue identifiers. By default, 16.
osrelease — Lists the Linux kernel release number. This file can only be altered by changing the kernel source and recompiling.
ostype — Displays the type of operating system. By default, this file is set to Linux, and this value can only be changed by changing the kernel source and recompiling.
overflowgid and overflowuid — Defines the fixed group ID and user ID, respectively, for use with system calls on architectures that only support 16-bit group and user IDs.
panic — Defines the number of seconds the kernel will postpone rebooting the system when a kernel panic is experienced. By default, the value is set to 0, which disables automatic rebooting after a panic.
printk — This file control a variety of settings related to printing or logging error messages. Each error message reported by the kernel has a loglevel associated with it that defines the importance of the message. The loglevel values break down in this order:
0 — Kernel emergency. The system is unusable.
1 — Kernel alert. Action must be taken immediately.
2 — Condition of the kernel is considered critical.
3 — General kernel error condition.
4 — General kernel warning condition.
5 — Kernel notice of a normal but significant condition.
6 — Kernel informational message.
7 — Kernel debug-level messages.
Four values are found in the printk file:
6 4 1 7
Each of these values defines a different rule for dealing with error messages. The first value, called the console loglevel, defines the lowest priority of messages that will be printed to the console. (Note that, the lower the priority, the higher the loglevel number.) The second value sets the default loglevel for messages without an explicit loglevel attached to them. The third value sets the lowest possible loglevel configuration for the console loglevel. The last value sets the default value for the console loglevel.
rtsig-max — Configures the maximum number of POSIX realtime signals that the system may have queued at any one time. The default value is 1024.
rtsig-nr — The current number of POSIX realtime signals queued by the kernel.
sem — This file configures semaphore settings within the kernel. A semaphore is a System V IPC object that is used to control utilization of a particular process.
shmall — Sets the total amount of shared memory that can be used at one time on the system, in bytes. By default, this value is 2097152.
shmmax — Sets the largest shared memory segment size allowed by the kernel, in bytes. By default, this value is 33554432. The kernel supports much larger values than this, however.
shmmni — Sets the maximum number of shared memory segments for the whole system. By default, this value is 4096
sysrq — Activates the System Request Key, if this value is set to anything other than the default of 0.
threads-max — Sets the maximum number of threads to be used by the kernel, with a default value of 4095.
version — Displays the date and time the kernel was last compiled. The first field in this file, such as #3, relates to the number of times a kernel was built from the source base.
The random directory stores a number of values related to generating random numbers for the kernel.
/proc/sys/net
This directory contains assorted directories of its own concerning various networking topics, including assorted protocols and centers of emphasis. Various configurations at the time of kernel compilation make available different directories here, such as appletalk, ethernet, ipv4, ipx, and ipv6. Within these directories, you can adjust the assorted networking values for that configuration on a running system.
Given the wide variety of possible networking options available with Linux and the great amount of space required to discuss them, only the most common /proc/sys/net directories will be discussed.
The core directory contains a variety of settings that control the interaction between the kernel and networking layers. The most important files there are:
message_burst — Tenths of seconds required to write a new warning message. This is used to prevent Denial of Service (DoS) attacks, and the default setting is 50.
message_cost — Also used to prevent DoS attacks by placing a cost on every warning message. The higher the value of this file (default of 5), the more likely the warning message will be ignored.
The idea is that an attacker could bombard your system with requests that generate errors and fill up your logs or require all of your system's resources to handle error logging. The settings in message_burst and message_cost are designed to be modified based on your system's acceptable risk versus the need for comprehensive logging.
netdev_max_backlog — Sets the maximum number of packets allowed to queue when a particular interface receives packets faster than the kernel can process them. The default value for this file is 300.
optmem_max — Configures the maximum ancillary buffer size allowed per socket.
rmem_default — Sets the receive socket buffer's default size in bytes.
rmem_max — Sets the receive socket buffer's maximum size in bytes.
wmem_default — Sets the send socket buffer's default size in bytes.
wmem_max — Sets the send socket buffer's maximum size in bytes.
Given the widespread use of IP networks with Linux, a look at the most important files in the ipv4 reveals additional, powerful, networking settings. Many of these settings, used in the proper conjunction with one another, are very useful in preventing attacks on your system.
 | Caution |
|---|---|
However, be sure you know what you are doing, as well as what you expect to happen, before changing any of these settings. In addition, you should make any changes locally, as an erroneous change may affect your remote connectivity to the system. |
Here are some of the most important files in the ipv4 directory:
icmp_destunreach_rate, icmp_echoreply_rate, icmp_paramprob_rate and icmp_timeexeed_rate — Sets the maximum ICMP send packet rate, in hundredths of a second on Intel systems, to hosts under different conditions. A setting of 0 removes any delay and is not a good idea.
icmp_echo_ignore_all and icmp_echo_ignore_broadcasts — Allows the kernel to ignore ICMP ECHO packets from every host or only those originating from broadcast and multicast addresses, respectively. A 0 allows the kernel to respond, while a 1 ignores the packets.
ip_default_ttl — Sets the default Time To Live (TTL), which limits the number of hops a packet may make before reaching its destination. Increasing this value can diminish system performance.
ip_forward — Permits interfaces on the system to forward packets to one other. By default, this file is set to 0 to disable forwarding, but setting this file to 1 will enable forwarding.
ip_local_port_range — Specifies the range of ports to be used by TCP or UDP when a local port is needed. The first number is the lowest port to be used, and the second number specifies the highest port. Any systems that expect to require more ports than the default 1024 to 4999 should use the 32768 to 61000 range in this file.
tcp_syn_retries — Provides a limit on the number of times your system will re-transmit a SYN packet when attempting to make a connection.
tcp_retries1 — Sets the number of permitted re-transmissions attempting to answer an incoming connection. Default of 3.
tcp_retries2 — Sets the number of permitted re-transmissions of TCP packets. Default of 15.
For a complete list of files and options available, see /usr/src/linux-2.4/Documentation/networking/ip-sysctl.txt.
A number of other directories exist within the /proc/sys/net/ipv4 directory cover specific topics. The conf directory allows each of the systems interfaces to be configured in different ways, including the use of a default settings for unconfigured devices (in the default subdirectory) and settings that override all special configurations (in the all subdirectory).
In order to control connections between direct neighbors, meaning any other system directly connected to your system, the neigh directory allows special configurations for each interface. This would allow you to treat systems differently that you might trust more due to their relatively proximity or relation to your system. At the same time, it also makes it easy to put strict rules in place for systems several hops away.
Routing over IPV4 also has its own directory, route. Unlike conf and neigh, the route directory contains specifications that apply to routing with any interfaces on the system. Many of these settings, such as max_size, max_delay, and min_delay, relate to controlling the size of the routing cache. To clear the routing cache, simply write any value to the flush file.
Additional information about these directories and the possible values for their configuration files can be found in /usr/src/linux-2.4/Documentation/filesystems/proc.txt.
/proc/sys/vm
This directory facilitates the configuration of the Linux kernel's virtual memory (VM) subsystem. The kernel makes extensive and intelligent use of virtual memory, which is commonly called swap space.
The following files are commonly found in the /proc/sys/vm directory:
bdflush — Sets various values related to the bdflush kernel daemon.
buffermem — Allows you to control the percentage amount of total system memory to be used for buffer memory. Typical output for this file looks like this:
2 10 60
The first and last values set the minimum and maximum percentage of memory to be used as buffer memory, respectively. The middle value sets the percentage of system memory dedicated to buffer memory where the memory management subsystem will begin to clear buffer cache more than other kinds of memory to compensate for a general lack of free memory.
freepages — Displays various values related to free pages of system memory. This file looks similar to this:
223 446 669
The first value shows the minimum number of free pages permitted before the kernel takes over control of allocating additional memory. The second value gives the number of free pages before the kernel begins swapping aggressively to preserve performance. The third value is the number of free pages that the system attempts to keep available at all times.
kswapd — Sets various values concerned with the kernel swap-out daemon, kswapd. This file has three values:
512 32 8
The first value sets the maximum number of pages that kswapd will attempt to free in a single attempt. The larger this number, the more aggressively the kernel can move to free pages. The second value sets the minimum number of times that kswapd attempts to free a page. The third value sets the number of pages kswapd attempts to write in a single attempt. Proper tuning of this final value can improve performance on a system using a lot of swap space by telling the kernel to write pages in large chunks, minimizing the number of disk seeks.
max_map_count — Configures the maximum number of memory map areas a process may have. In most cases, the default value of 65536 is appropriate.
overcommit_memory — Contains a value that, when set to something other than the default of 0, allows the kernel to skip a standard check to see if there is enough memory before allocating it.
pagecache — Controls the amount of memory used by the page cache. The values in pagecache are percentages, and they work in a similar way as buffermem to enforce minimums and maximums of available page cache memory.
page-cluster — Sets the number of pages read in a single attempt. The default value of 4, which actually relates to 16 pages, is appropriate for most systems.
pagetable_cache — Controls the number of page tables that are cached on a per-processor basis. The first and second values relate to the minimum and maximum number of page tables to set aside, respectively.
Additional information on these various files can be found in /usr/src/linux-2.4/Documentation/sysctl/vm.txt.
/proc/sysvipc
This directory contain information about System V IPC resources. The files in this directory relate to System V IPC calls for messages (msg), semaphores (sem), and shared memory (shm).
/proc/tty
This directory contains information about the available and currently used tty devices on the system. Originally called a teletype device, any character-based data terminals are called tty devices.
In Linux, there are three different kinds of tty
devices. Serial devices are used with serial
connections, such as over a modem or using a serial
cable. Virtual terminals create the common
console connection, such as the virtual consoles available when
pressing
The drivers file is a list of the current tty devices in use:
serial /dev/cua 5 64-127 serial:callout serial /dev/ttyS 4 64-127 serial pty_slave /dev/pts 136 0-255 pty:slave pty_master /dev/ptm 128 0-255 pty:master pty_slave /dev/ttyp 3 0-255 pty:slave pty_master /dev/pty 2 0-255 pty:master /dev/vc/0 /dev/vc/0 4 0 system:vtmaster /dev/ptmx /dev/ptmx 5 2 system /dev/console /dev/console 5 1 system:console /dev/tty /dev/tty 5 0 system:/dev/tty unknown /dev/vc/%d 4 1-63 console |
The /proc/tty/driver/serial file lists the usage statistics and status of each of the serial tty lines.
In order that tty devices can be used in a similar way as network devices, the Linux kernel will enforce line discipline on the device. This allows the driver to place a specific type of header with every block of data transmitted over the device, making it possible for the remote end of the connection to be able to see that block of data as just one in a stream of data blocks. SLIP and PPP are common line disciplines, and each are commonly used to connect systems to one other over a serial link.
Registered line disciplines are stored in the ldiscs file, with detailed information available in the ldisc directory.