Kernel Configuration for Manuel IP Rejection by Iptables

I'm out to use manual iptables since ufw takes a damn 5 secs to load with just basic drop configurations. I'm almost done and stuck at the point of wiki where you block the incoming ssh connections which repeats itself and I guess iptables gives an error as `iptables: No chain/target/match by that name.` after the command of `iptables -A IN_SSH -m recent --name sshbf --rttl --rcheck --hitcount 3 --seconds 10 -j DROP`.
Do I need a kernel parameter or something? What's now?

Reboot was the answer. Sorry.

Similar Messages

[solved] Kernel configuration for Heavy Calculations Servers

Hello all,
I've been using Arch on half of the dual xeon workstations of the research lab i work to (these are the only ones under my supervision) and so far they have been continuously hailed for their greater performance compared to the other machines (same configuration) running fedora.
I did some minor tweaks on makepkg.conf (and using sugested compilation flags of the software i use) and on the bios to improve memory latency but i suppose i could squeeze even more juice from those boxes if i choose the right kernel options.
Finally my questions are:
- regarding the kernel, what options could i use to improve performance (i suppose using a home-pc kernel configuration is not the best option)?
- regarding the arch linux, what else can i do?
Usage:
- only to perform molecular modeling calculations (both molecular dynamics and quantum dynamics )
- data transfer using "scp"
Below are some important info about the hardware and config files:
-lspci
00:00.0 Host bridge: Intel Corporation 5000V Chipset Memory Controller Hub (rev b1)
00:02.0 PCI bridge: Intel Corporation 5000 Series Chipset PCI Express x8 Port 2-3 (rev b1)
00:03.0 PCI bridge: Intel Corporation 5000 Series Chipset PCI Express x4 Port 3 (rev b1)
00:08.0 System peripheral: Intel Corporation 5000 Series Chipset DMA Engine (rev b1)
00:10.0 Host bridge: Intel Corporation 5000 Series Chipset FSB Registers (rev b1)
00:10.1 Host bridge: Intel Corporation 5000 Series Chipset FSB Registers (rev b1)
00:10.2 Host bridge: Intel Corporation 5000 Series Chipset FSB Registers (rev b1)
00:11.0 Host bridge: Intel Corporation 5000 Series Chipset Reserved Registers (rev b1)
00:13.0 Host bridge: Intel Corporation 5000 Series Chipset Reserved Registers (rev b1)
00:15.0 Host bridge: Intel Corporation 5000 Series Chipset FBD Registers (rev b1)
00:16.0 Host bridge: Intel Corporation 5000 Series Chipset FBD Registers (rev b1)
00:1c.0 PCI bridge: Intel Corporation 631xESB/632xESB/3100 Chipset PCI Express Root Port 1 (rev 09)
00:1d.0 USB Controller: Intel Corporation 631xESB/632xESB/3100 Chipset UHCI USB Controller #1 (rev 09)
00:1d.1 USB Controller: Intel Corporation 631xESB/632xESB/3100 Chipset UHCI USB Controller #2 (rev 09)
00:1d.2 USB Controller: Intel Corporation 631xESB/632xESB/3100 Chipset UHCI USB Controller #3 (rev 09)
00:1d.3 USB Controller: Intel Corporation 631xESB/632xESB/3100 Chipset UHCI USB Controller #4 (rev 09)
00:1d.7 USB Controller: Intel Corporation 631xESB/632xESB/3100 Chipset EHCI USB2 Controller (rev 09)
00:1e.0 PCI bridge: Intel Corporation 82801 PCI Bridge (rev d9)
00:1f.0 ISA bridge: Intel Corporation 631xESB/632xESB/3100 Chipset LPC Interface Controller (rev 09)
00:1f.1 IDE interface: Intel Corporation 631xESB/632xESB IDE Controller (rev 09)
00:1f.2 IDE interface: Intel Corporation 631xESB/632xESB/3100 Chipset SATA IDE Controller (rev 09)
00:1f.3 SMBus: Intel Corporation 631xESB/632xESB/3100 Chipset SMBus Controller (rev 09)
01:00.0 PCI bridge: Intel Corporation 6311ESB/6321ESB PCI Express Upstream Port (rev 01)
01:00.3 PCI bridge: Intel Corporation 6311ESB/6321ESB PCI Express to PCI-X Bridge (rev 01)
02:00.0 PCI bridge: Intel Corporation 6311ESB/6321ESB PCI Express Downstream Port E1 (rev 01)
02:01.0 PCI bridge: Intel Corporation 6311ESB/6321ESB PCI Express Downstream Port E2 (rev 01)
02:02.0 PCI bridge: Intel Corporation 6311ESB/6321ESB PCI Express Downstream Port E3 (rev 01)
05:00.0 Ethernet controller: Intel Corporation 80003ES2LAN Gigabit Ethernet Controller (Copper) (rev 01)
05:00.1 Ethernet controller: Intel Corporation 80003ES2LAN Gigabit Ethernet Controller (Copper) (rev 01)
09:0c.0 VGA compatible controller: ATI Technologies Inc ES1000 (rev 02)
-cat /proc/cpuinfo - it's the same for the eight "processors"
processor : 0
vendor_id : GenuineIntel
cpu family : 6
model : 23
model name : Intel(R) Xeon(R) CPU E5410 @ 2.33GHz
stepping : 6
cpu MHz : 2331.000
cache size : 6144 KB
physical id : 0
siblings : 4
core id : 0
cpu cores : 4
apicid : 0
initial apicid : 0
fpu : yes
fpu_exception : yes
cpuid level : 10
wp : yes
flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx lm constant_tsc arch_perfmon pebs bts rep_good pni dtes64 monitor ds_cpl vmx est tm2 ssse3 cx16 xtpr pdcm dca sse4_1 lahf_lm tpr_shadow vnmi flexpriority
bogomips : 4656.91
clflush size : 64
cache_alignment : 64
address sizes : 38 bits physical, 48 bits virtual
power management:
-/etc/rc.conf
MOD_AUTOLOAD="yes"
MODULES=(acpi-cpufreq )
USELVM="no"
DAEMONS=(syslog-ng hal sensorsd sshd network netfs crond)
-free -m
total used free shared buffers cached
Mem: 7968 3094 4874 0 75 2784
-/+ buffers/cache: 233 7734
Swap: 19077 0 19077
- modifications i made to the /etc/makepkg.conf
# ARCHITECTURE, COMPILE FLAGS
CARCH="x86_64"
CHOST="x86_64-unknown-linux-gnu"
#-- Exclusive: will only run on x86_64
# -march (or -mcpu) builds exclusively for an architecture
# -mtune optimizes for an architecture, but builds for whole processor family
CFLAGS="-march=native -mtune=native -03 -pipe"
CXXFLAGS="-march=native -mtune=native -03 -pipe"
#LDFLAGS=""
#-- Make Flags: change this for DistCC/SMP systems
MAKEFLAGS="-j9"
Thanks in advance
Last edited by Duca (2009-09-28 04:30:04)

graysky wrote:Your xfers are via scp... are the files large or numerous small files? Have you the ability to use jumbo frames on your network if the network is a GigLAN backbone? If so, you'll have to test to see if a non-standard 4000 or 9000 mtu size improves xfers.
thanks for your rapid response and i googled about it, but unfortunatelly i dont have a gigLan in the lab but usually all file transfered exceed 5GB of size.
Would the scheduler have a significant impact on performance? The servers are used individually (not sharing load like in a bewoulf cluster)
The disk I/O operations are mostly about writes into the output files (a few number of bytes per write), would reiserfs be superior to ext3 ?
PS.: i'm feeling really stupid for not reading more about the kernel26-lts for it has all the major options i was thinking about.
Last edited by Duca (2009-09-27 18:26:34)

[solved] kernel configuration for clarkdale server

Update: I guess since the arch kernel config works there's really nothing to improve.
Hey everyone,
i'm about to compile a kernel for a server with intel clarkdale hardware, intel i3-530.
Up to now i only compiled kernels for my consumer laptop.
1) Is there any option in particular i should pay attention to when compiling a kernel for a server system?
And regarding the i3-530:
2) Should i just pick x86 generic cpu support or something else?
3) Are there any patches right now to improve support for clarkdale?
Thanks,
demian
P.S.: I guess i should choose 2.6.33-rc7 since real clarkdale support is supposed to come with 2.6.33? Usually i just pick the latest stable version.
Last edited by demian (2010-02-12 11:39:48)

graysky wrote:Your xfers are via scp... are the files large or numerous small files? Have you the ability to use jumbo frames on your network if the network is a GigLAN backbone? If so, you'll have to test to see if a non-standard 4000 or 9000 mtu size improves xfers.
thanks for your rapid response and i googled about it, but unfortunatelly i dont have a gigLan in the lab but usually all file transfered exceed 5GB of size.
Would the scheduler have a significant impact on performance? The servers are used individually (not sharing load like in a bewoulf cluster)
The disk I/O operations are mostly about writes into the output files (a few number of bytes per write), would reiserfs be superior to ext3 ?
PS.: i'm feeling really stupid for not reading more about the kernel26-lts for it has all the major options i was thinking about.
Last edited by Duca (2009-09-27 18:26:34)

Workflow configuration for employee rejection

HI all,
Employee getting rejected the time sheet by this manager and message will sit in his SAP BUSINESS WORKPLACE.I want message to be stored in employees' own account than SAP BUSINESS WORKPLACE.please provide the configuration for that
Thanks
Amar

Pulled by Bertrand ...
I suggest you to check the online help linked to the customizing point SRM -->SRM Server --> Cross application basis settings --> Sap business Workflow --> Perform task specific customizing. This documentation is pretty well done and explain all about standard workflow in SRM.
Rgds,
Pierre

Prerequisites to configuration for ABAP Proxy -???

My scenario is file->XI->R/3(abap server proxy).
Xi and R/3 are 2 seperate business systems
-Abap server proxy created on R/3 business system. R/3 client 550
-Xi client 400.
-SLD is common for both XI and R/3
My question is in reference to the below message thread:
1.I understand all the below configuartaion has to be done on R/3 business system, tell me am I correct
2. are these configuartion needed for client proxy as well as server proxy also?
HTTP_RESP_STATUS_CODE_NOT_OK
The prerequisites to configuration for ABAP Proxy include: (landscape dependent)
1. The business systems should be based on SAP Web AS 6.20 and SAP Web AS 6.20 kernel patch level above 1253
2. You have installed the XI Add-On in each of these business systems as described in the Installation Guide SAP Exchange Infrastructure 3.0
3. The business systems and your central Integration Server are maintained in the System Landscape Directory (SLD).
Configuration required on the Business System:
1. Create HTTP connection in the business system.
Configuration Details:
Technical Setting:
1. Following Inputs are required for technical setting
1 Connection Type: H
2 Target Host: System name
3 Service Number: HTTP Port name
4 Path Prefix: /sap/XI/engine/?type=entry
Logon Security
On the Logon/Security tab page, enter the following logon data:
1 User: XIAPPLUSER (for example); this user should represent the sending business system (see also the SAP XI Security Guide under Service Users for Message Exchange).
2 Password: the password you have specified for this user
3 Client: SAP XI Integration server
4 Language: Language required
2. Configuration Business system as local Integration Engine.
1. Goto Transaction SXMB_ADM
2. Choose Edit --> Change Global Configuration Data.
3. Select Role of Business System: Application system
4. Corresponding Integration server: dest://<HTTPDESTINATION>. Here <HTTPDESTINATION> SAPISU_XID created in step 1. Dest://SAPISU_XID.
5. Under Specific Configuration Data you can specify additional configuration data
1.Select the relevant category under Specific Configuration Data.
2.Choose Change Specific Configuration Data.
For ABAP Proxies, Add the following configuration:
1.Category RUNTIME
2.Parameters: IS_URL
3.Current Value: dest://SAPISU_XID
Configuration of the Integration Engine
3. Connection between Business System and System Landscape Directory
1. Create RFC destination (TCP/IP) LCRSAPRFC and SAPSLDAPI for the SLD connection.
1.Execute transaction SM59 in the business system.
2.Choose Create.
3.Enter at least the following:
1.RFC Destination: LCRSAPRFC
2.Connection Type: T
3.Description: <your description>
4.Choose ENTER.
5.Choose the Technical settings tab page and do the following:
6.In the Program ID field under Registered Server Program, enter LCRSAPRFC
7.This program ID must correspond to a program ID specified in the RFC engine settings of the SAP J2EE Engine on the Integration Server host.
RFC Destination
2. Maintaining the SAP J2EE Connection Parameters for LCRSAPRFC and SAPSLDAPI in SAP J2EE engine
1. Goto J2EE Engine
2. Choose Cluster --> Server --> Services. JCo RFC provider
3. Under RFC destination specify the following:
Program ID: LCRSAPRFC
Gateway Host: <Integration Server host>
Gateway Service: <Integration Server gateway service>
Number of process: 3
4. Under Repository specify the following:
Application Server: <Integration Server host>
5. Choose Set.
3. Maintain SLD access details in Transaction SLDAPICUST
1. You can reuse this program ID for all Business systems
2. If there is HTTP error during connection, first run transaction SLDCHECK in the Business system. Also check that HTTP connection is working fine.
3. In XI Adapter use HTTP connection rather then giving R/3 input details as this is easier to transport and maintenance
4. One receiver adapter can be used for all Interfaces connecting to a Business system.
Thanks for your reply in adavnce.
KK

2. are these configuartion needed for client proxy as well as server proxy also?
>>>>
the configuration is one time thing and your R3 will act as a server or client according to the data being sent or received.
In R3 a point to be noted is that in SXMB_ADM -> Intg. Engine Confg. -> Role of Business System sud be as a Application System.
Ref: /people/vijaya.kumari2/blog/2006/01/26/how-do-you-activate-abap-proxies
Message was edited by: Shabarish Vijayakumar

Calculating Kernel parameters for Oracle 11g R2 db on solaris 10u9

Hi Everyone,
I have query regarding calculating the kernel parameters for deploying oracle 11g R2 db on solaris 10 v 5.10 update 09 machine , we have Ram size of 64gb.
My question is how to calculate shared memory ,shared memory identifiers,semaphores, semaphores identiifiers for creating resource control for the project(user.oracle).
And how to fine out the available semphore values allocated in system..
Thanks in Advance.
Edited by: 898979 on Dec 15, 2011 10:24 PM

Hi;
For those setting mention in installation guide which is already shared previous post.
I suggest also see:
Oracle Database on Unix AIX,HP-UX,Linux,Mac OS X,Solaris,Tru64 Unix Operating Systems Installation and Configuration Requirements Quick Reference (8.0.5 to 11.2) [ID 169706.1]
Regard
Helios

Kernel configuration Question

I have some questions on proper kernel configurations on a Sun SPARC server that we will be setting up here next month.
We are getting a Sun M5000 server.
We are going to installing 9i, 10g and 11g homes on this server to run our instances.
My main question is, with multiple versions of Oracle DB running on this server, what is the proper method for configuring the kernel parameters? I've poked around on metalink, but I cannot seem to find a definite guide on how to setup the parameters.
Anyone have any suggestions or recommendations?
I appreciate it.
_Jason

The kernel configuration requirement is per server basis, Or per project basis on new Solaris.
Just make sure your setting satisfy prerequisite set by Oracle document, since you have 3 different versions, whichever higher.
http://download.oracle.com/docs/cd/B19306_01/install.102/b15704/pre_install.htm#sthref258

[Solved] kernel configuration

Hi. I want to compile a custom kernel for my laptop. I want to build in kernel my required modules and not compile the modules i do not need(to speed up compilation times ).
I want to ask what method did you used(the one who made this) to generate a .config file that is tuned for your computer.(I tried to build into the kernel the modules listed by lsmod and remove the other modules but not all modules listed by lsmod are in the .config, ) I realy do not want to compile unneeded drivers as modules because on my machine it takes a lot of time , more then 2 hours to build a kernel
Thx for you reading ths
Last edited by simion314 (2008-09-19 05:51:45)

somedrew wrote:
Linux kernel in a nutshell offers some great tips and scripts on configuring the kernel for your hardware http://www.kroah.com/lkn/ .
Hwdetect, lspci, and some hunting around /sys can also help. Issues about not finding config options for lsmod output may be just due to naming; modinfo and modprobe -l can help with, that but you may need to go down to the individual Makefiles to get the exact config option (easier to just google methinks).
cheers,
EDIT:
Here's a nice script that I just came across. I haven't used it but it's seems like a great way to automagically trim your unused modules from your config: http://lkml.org/lkml/2008/9/18/203
Thx, this is a greath book.

Kernel config for Transcend IDE Flash Module

I'm trying to build a minimal custom kernel for my set-top-box (very limited ressources), which I use as home server.
From a recent Arch Live (USB-stick) the Transcend Flash SSD (4GB, 40pin IDE) gets detected as /dev/sda (by the "sd"-driver, I think). The Problem now is that I can't find the kernel settings and always get a kernel panic because it can't find the root device.
Here's the data I have:
lspci (Intel ICH chipset):
00:00.0 Host bridge: Intel Corporation 82830 830 Chipset Host Bridge (rev 04)
00:02.0 VGA compatible controller: Intel Corporation 82830 CGC [Chipset Graphics Controller] (rev 04)
00:02.1 Display controller: Intel Corporation 82830 CGC [Chipset Graphics Controller]
00:1d.0 USB Controller: Intel Corporation 82801DB/DBL/DBM (ICH4/ICH4-L/ICH4-M) USB UHCI Controller #1 (rev 02)
00:1d.1 USB Controller: Intel Corporation 82801DB/DBL/DBM (ICH4/ICH4-L/ICH4-M) USB UHCI Controller #2 (rev 02)
00:1d.2 USB Controller: Intel Corporation 82801DB/DBL/DBM (ICH4/ICH4-L/ICH4-M) USB UHCI Controller #3 (rev 02)
00:1d.7 USB Controller: Intel Corporation 82801DB/DBM (ICH4/ICH4-M) USB2 EHCI Controller (rev 02)
00:1e.0 PCI bridge: Intel Corporation 82801 PCI Bridge (rev 82)
00:1f.0 ISA bridge: Intel Corporation 82801DB/DBL (ICH4/ICH4-L) LPC Interface Bridge (rev 02)
00:1f.1 IDE interface: Intel Corporation 82801DB (ICH4) IDE Controller (rev 02)
00:1f.3 SMBus: Intel Corporation 82801DB/DBL/DBM (ICH4/ICH4-L/ICH4-M) SMBus Controller (rev 02)
00:1f.5 Multimedia audio controller: Intel Corporation 82801DB/DBL/DBM (ICH4/ICH4-L/ICH4-M) AC'97 Audio Controller (rev 02)
01:06.0 Ethernet controller: Realtek Semiconductor Co., Ltd. RTL-8139/8139C/8139C+ (rev 10)
dmesg output from the live stick:
Linux version 2.6.30-ARCH (root@T-POWA-LX) (gcc version 4.4.1 (GCC) ) #1 SMP PREEMPT Fri Jul 31 18:10:38 UTC 2009
SCSI subsystem initialized
libata version 3.00 loaded.
ata_piix 0000:00:1f.1: version 2.13
ata_piix 0000:00:1f.1: enabling device (0005 -> 0007)
ata_piix 0000:00:1f.1: PCI INT A -> Link[LNKC] -> GSI 9 (level, low) -> IRQ 9
ata_piix 0000:00:1f.1: setting latency timer to 64
scsi0 : ata_piix
scsi1 : ata_piix
ata1: PATA max UDMA/100 cmd 0x1f0 ctl 0x3f6 bmdma 0xffa0 irq 14
ata2: PATA max UDMA/100 cmd 0x170 ctl 0x376 bmdma 0xffa8 irq 15
ata1.00: CFA: TRANSCEND, 20071207, max UDMA/66
ata1.00: 7831152 sectors, multi 0: LBA
ata1.00: limited to UDMA/33 due to 40-wire cable
ata1.00: configured for UDMA/33
scsi 0:0:0:0: Direct-Access ATA TRANSCEND 2007 PQ: 0 ANSI: 5
ata2: port disabled. ignoring.
Driver 'sd' needs updating - please use bus_type methods
sd 0:0:0:0: [sda] 7831152 512-byte hardware sectors: (4.00 GB/3.73 GiB)
sd 0:0:0:0: [sda] Write Protect is off
sd 0:0:0:0: [sda] Mode Sense: 00 3a 00 00
sd 0:0:0:0: [sda] Write cache: disabled, read cache: enabled, doesn't support DPO or FUA
sda: sda1 sda2 sda3
sd 0:0:0:0: [sda] Attached SCSI disk
sd 0:0:0:0: Attached scsi generic sg0 type 0
sd 2:0:0:0: Attached scsi generic sg1 type 0
ls -lh /dev/disk/by-id (the "USB_2.0_Memory_Adapter" is the live stick):
ata-TRANSCEND_20091118_500059E8 -> /dev/sda
ata-TRANSCEND_20091118_500059E8-part1 -> /dev/sda1
ata-TRANSCEND_20091118_500059E8-part2 -> /dev/sda2
ata-TRANSCEND_20091118_500059E8-part3 -> /dev/sda3
scsi-SATA_TRANSCEND_20091118_500059E8 -> /dev/sda
scsi-SATA_TRANSCEND_20091118_500059E8-part1 -> /dev/sda1
scsi-SATA_TRANSCEND_20091118_500059E8-part2 -> /dev/sda2
scsi-SATA_TRANSCEND_20091118_500059E8-part3 -> /dev/sda3
usb-USB_2.0_Memory_Adapter_AAAAA10062345-0:0 -> /dev/sdb
usb-USB_2.0_Memory_Adapter_AAAAA10062345-0:0-part1 -> /dev/sdb1
The kernel configuration I tried can be found here (from another box running Gentoo).
Any suggestions how I could find the right driver?
Thanks in advance,
lynix

Although I have compiled a custom kernel w/o any kind of automatic support, and it worked, I REALLY don' think that it is worth the effort. In the wiki it recommends: zcat /proc/config.gz > .config (from within the kernel directory), and I strongly recommend it as well. All it does is copy some information from your existing kernel into your .config, which vastly improves your odds of having a working kernel right off the bat. I would compile that, verify that it works, and from that point start taking out modules that you are confident have nothing to do with your system. (don't forget to select your processor type, and deselect smp if you don't have smp)
I know that it is dissappointing and you'd like to perfect your kernel in one go, but I really think that in the long run, this is your best option. I don't think that you are going to find anyone who is willing to take the time to tell you what options you personally need to compile in or as modules for you, however, there will be plenty of people who are willing to help.
I know that there are even smarter solutions, including scripts that can supposedly configure a kernel based on the modules and options that are already loaded, but I think results are mixed. Although, they might make a great starting point. I think (but could be wrong) that gentoo's 'genkernel' worked like that. Though I've used it years ago, I don't think that I fully understood how it worked at the time.
If you are dead set on minimizing all of the options that you compile for your kernel manually, your tools are lspci, lsmod, cat /proc* etc. You can save the output, figure out what options correspond with that output, and hope for the best!
Good luck
Last edited by Convergence (2009-03-13 11:51:01)

[SOLVED] Arch Kernel Configuration

Hi, I'd like to compile recompile the Kernel but I would like to know wich are the default configuration settings that the compiled kernel26 of the core repository has. I would like to tweak some things but starting from that configuration not from the defaul Kernel configuration found in www.kernel.org.
I would like to know it ABS could be used to do it, or if I can get a configuration file somewhere and use it with ABS.
Thank you very much.
Last edited by KaoDome (2009-01-14 00:24:56)

KaoDome wrote:
Ok thank you very much! I've found the configuration within the ABS package. The I can edit it running make menuconfig (or the GUI configurator) and then save the edited file as config (in my case, if it was a x84_64 it would be config.x86_64.
I had to change the checksum for that file in the PKGBUILD file in order to it to work.
It's now compiling!
Another question... Does it uses the CFLAGS defined in /etc/makepkg.conf when compiling the Kernel? I hope so...
Once more, thank you very much for all!
You can also use the ABS PKGBUILD, and add the "make menuconfig" option to be able to change the -ARCH settings.... then when you press exit it will save (and use) your newly created .config.
# load configuration
make menuconfig
# build!
So it will load the default -ARCH generic setup and then you can modify to your hardware specs.
My AMD64 300HZ -Os Low-Latency kernel:
$ uname -osrpmi
Linux 2.6.28-ARCHtestAMD x86_64 AMD Turion(tm) 64 X2 Mobile Technology TL-60 AuthenticAMD GNU/Linux
Last edited by methuselah (2009-01-14 18:58:30)

Kernel Configuration

I am new to Unix and need to install Oracle 9.2.1.1.0 on SunOS 5.9
As per the documentation, I want to change the settings of the kernel in the OS.
I did a sysdef | grep SHM and sysdef | grep SEM
and got the following results:
8388608 max shared memory segment size (SHMMAX)
100 shared memory identifiers (SHMMNI)
10 semaphore identifiers (SEMMNI)
60 semaphore in system (SEMMNS)
30 undo structure in system (SEMMNU)
25 max semaphores per id (SEMMSL)
10 max operation per semop call (SEMOPM)
10 max undo entries per process (SEMUME)
32767 semaphore maximum value (SEMVMX)
16384 adjust on exit max value (SEMAEM)
Then I went to see the /etc/system file, but there was nothing in it
and the file size was 0 ( isn't it surprising? then from where did the OS is getting the Kernel values? are there some other files which have the KERNEL parameters settings too?). Anyway, I made the settings as per Oracle recommendations as follows in the etc/system file
set shmsys:shminfo_shmmax=2147483648
set shmsys:shminfo_shmmin=1
set shmsys:shminfo_shmseg=10
set shmsys:shminfo_shmmni=100
set semsys:seminfo_semmns=1000
set semsys:seminfo_semmni=100
set semsys:seminfo_semmsl=250
After making the changes, I re-booted the machine with "halt"
and "boot -a" command and got the following prompts (I took all the default values)
Enter file name (Kernel/sparcv9/unix)
Enter Default Directory for modules [platform/sunW,Ultra-2/kernel/platform/sun4u/kernel/kernel/usr/kernel]
Name of the system file /etc/system
Root file system type [ufs]
Enter physical name of root device [sbus@1f,0/sunW,fas@e,8800000/sd@0,0:a]
After this I logged on as root and when did a sysdef |grep SHM
I did not get any values whatsoever, i.e now its not even configuring the kernel with the default values which it was doing earlier
This is evident from the following message output of sysdef
IPC messages module is not loaded
IPC semaphores module is not loaded
IPC Shared Memory module is not loaded
Am I missing something here ? Am I suppose to rename the /etc/system file with some extension (e.g exe or sh ). Right now, when I do a ls -al system, I get the following
-rwxr-xr-x 1 root sys 215 Apr 2 11:32 system
Please help me out.
Thanks

The first values you saw are simply the defaults that come with Solaris. The values you put into /etc/system simply update the max values of things - those updates don't load anything drivers or anything. These messages:
IPC messages module is not loaded
IPC semaphores module is not loaded
IPC Shared Memory module is not loaded
simply mean that the kernel modules for IPC stuff haven't been loaded because no programs have requested semaphors, shared memory, or message queues be created for them. This isn't a problem. Its normal.
Once you start up a program that actually uses IPC objects (like Oracle), commands like "ipcs -a" will start showing stuff and the " ..... is not loaded" messages will go away.

Kernel Config for Server

Arch's default kernel config is well suited to desktop performance, but what about the server? Ubuntu server lists these items on their Kernel Features page:
* The Server Edition uses the Deadline I/O scheduler instead of the CFQ scheduler used by the Desktop Edition.
* Pre-emption is turned off in the Server Edition.
* The timer interrupt is 100 Hz in the Server Edition and 250 Hz in the Desktop Edition.
* The Server Edition is optimised for i686 processors while the Desktop Edition is optimised for both the i586 and i686.
* Virtualization is better supported in the Server Edition through the enabling of IPC namespaces.
* Multiple routing tables for the IPv6 protocol are also supported in the Server Edition.
* For 32-bit systems the Server Edition is configured to use PAE which allows addressing up to 64GB of memory while the Desktop Edition is configured for 4GB.
So if you were making a "Server Edition" of Arch, what would you change?

imho, with all my respect to arch as a great desktop distribution, i would not run arch on any production server.

Hard Drive configuration for speed

I've got a question regarding the best hard drive configuration for my mac pro. I'm looking to increase the boot speed, application load speed and particularly the speed with which hard drive intensive photoshop processes complete. Right now I'm just using some normal SATA II drives. I'd appreciate it if you could give me some feedback on the various options I am currently considering.
-2x 64GB SSD in a RAID 0 for OS X and applications with some large SATA drives for storage
-4x 300GB VelociRaptor 10k RPM SATA HDD in a RAID 0
-2x 147GB SAS 15k RPM HDD in RAID 0 with some large SATA drives for storage
I am particularly in the dark about the controllers I'd use for each solution. Clearly, I would absolutely require a PCIe card for the SAS drives, but would there be a marked advantage to using a hardware RAID card for the SATA drives over the software RAID in OS X? Also, how easy is it to get the mac pro to boot off drives connected to a controller card rather than the standard setup? And lastly, if there is good reason to use a card, are there any in particular that you would recommend?
Thanks a lot!

2. No. Do not make two partitions unless you do not plan to use Boot Camp Assistant to install Windows on that partition. If you plan to create a Boot Camp partition then you must partition the drive as one Mac OS X volume. Boot Camp Assistant will then create the Windows volume.
3. This drive must be repartitioned and reformatted as follows:
Extended Hard Drive Preparation
1. Open Disk Utility in your Utilities folder.
2. After DU loads select your hard drive (this is the entry with the mfgr.'s ID and size) from the left side list. Click on the Partition tab in the DU main window.
3. Set the number of partitions from the drop down menu to two. Use the graphic resizer to set the desired sizes for each volume as you want. Set the format type to Mac OS Extended (Journaled.) Click on the Options button, set the partition scheme to GUID (only required for Intel Macs) then click on the OK button. Click on the Partition button and wait until the process has completed.
4. Select the first volume you just created (this is the sub-entry under the drive entry) from the left side list. Click on the Erase tab in the DU main window.
5. Set the format type to Mac OS Extended (Journaled.) Click on the Options button, check the button for Zero Data and click on OK to return to the Erase window.
6. Click on the Erase button. The format process can take up to several hours depending upon the drive size.
7. Select the second volume you created and repeat Steps 4-6.
4. Now here I don't know what you think is your best option. You can buy any two hard drives you want. The ones I identified were only an example of what you could purchase for under $300. There are others, slightly more expensive, that would work, and you would still be under your $300 budget. The Samsung drives are good drives and reasonably priced, but they are just one of several alternatives. You should do some checking on your own before making your decision. I'm just giving some guidance, not trying to tell you what you should do. I've provided three sites where you can read reviews and benchmarks before you decide. You need to "own" your decision.
As for how you configure these two drives that's a secondary issue. I would recommend using them for backup. Two possible arrangements are a Mirrored or a Striped RAID array. A mirrored RAID array would create one volume that has a 1 TB capacity. Everything saved to that volume is essentially saved twice - once on one drive then a copy is mirrored to the other drive. This is not what you described in your Item 4. That's not how it works. Anything saved to the mirrored RAID array is saved the way I described it just above. It makes no difference where the files come from.
Now you can use the mirrored RAID array as a Time Machine backup drive if you want, but then you should not use it for other data storage. You would need the entire capacity as backup for both of the 500 GB drives you currently have. A mirrored RAID provides some data redundancy by having a copy of everything one each drive. Thus, if one drive fails the other drive still functions and your data backup is intact. Mirrored RAIDs are generally no faster than an individual drive that makes up the array.
The second suggestion was to make a Striped RAID array. This type of array produces one volume that is twice the size of the the two drives that make up the array. Thus, you would have a single volume that is 2 TBs in size. You can use this volume for your Time Machine backups also. Striped RAIDs do not provide any data redundancy. If one drive fails all the data stored on the RAID will be lost. However, Striped RAIDs are nearly twice as fast as either drive that makes up the array. This would give you very fast storage and backup.
You could also just leave the two drives to operate independently. Use on for Time Machine backups, use the other for more storage space.
Other possibilities abound. It's pretty much up to you to decide what will fit best into your needs today and in the future. Don't feel obliged to do what one person tells you. Five different users on the Discussions will give five different opinions.
I suggest you educate yourself a bit on backup and restore by reading the FAQ about backup and restore at The XLab FAQs.
Following is more information on RAIDs:
RAID Basics
For basic definitions and discussion of what a RAID is and the different types of RAIDs see RAIDs. Additional discussions plus advantages and disadvantages of RAIDs and different RAID arrays see:
RAID Tutorial;
RAID Array and Server: Hardware and Service Comparison>.
Hardware or Software RAID?
RAID Hardware Vs RAID Software - What is your best option?
RAID is a method of combining multiple disk drives into a single entity in order to improve the overall performance and reliability of your system. The different options for combining the disks are referred to as RAID levels. There are several different levels of RAID available depending on the needs of your system. One of the options available to you is whether you should use a Hardware RAID solution or a Software RAID solution.
RAID Hardware is always a disk controller to which you can cable up the disk drives. RAID Software is a set of kernel modules coupled together with management utilities that implement RAID in Software and require no additional hardware.
Pros and cons
Software RAID is more flexible than Hardware RAID. Software RAID is also considerably less expensive. On the other hand, a Software RAID system requires more CPU cycles and power to run well than a comparable Hardware RAID System. Also, because Software RAID operates on a partition by partition basis where a number of individual disk partitions are grouped together as opposed to Hardware RAID systems which generally group together entire disk drives, Software RAID tends be slightly more complicated to run. This is because it has more available configurations and options. An added benefit to the slightly more expensive Hardware RAID solution is that many Hardware RAID systems incorporate features that are specialized for optimizing the performance of your system.
For more detailed information on the differences between Software RAID and Hardware RAID you may want to read: Hardware RAID vs. Software RAID: Which Implementation is Best for my Application?
OS X has software for creating RAIDs by using Disk Utility. Open Disk Utility and select DU Help from the Help menu. Search for "raid" without quotes. You will find information on how to set up mirrored and striped RAIDs using Disk Utility.

Tiger kernel compiled for allow any to any ipfw firewall rules?

Hi everyone,
I was wondering about the kernel state for firewall connections in ipfw. If you run an ipfw list, you will see the last command as an allow any to any. This appears to be a default open state firewall configuration.
The man pages for ipfw state the following:
"An ipfw ruleset always includes a default rule (numbered 65535) which cannot be modified or deleted, and matches all packets. The action associated with the default rule can be either deny or allow depending on how the kernel is configured."
Is there a way to implement a default closed firewall with ipfw in the kernel in Tiger? Default allow any to any appears to be a bit of a security hole.
Thanks for your input, I greatly appreciate it!
-Allen

Ok, perhaps this is silly, for me to reply to my own thread, but I think the following will work:
in the firewall.conf, add a deny any to any before the default allow any to any... something like:
add 5400 deny log all from any to any in via en0
kudos goes to a user on macosxhints for suggesting this. Since ipfw rules will be run in order, this line will run before the default allow, and should trap all ip traffic not explicitly allowed in the firewall list already.
Hope this helps someone!
-Allen

Kernel Recompile for RH6.1?

I am currently running RH6.1 on a Compaq Proliant 2500R using kernel "linux-2.2.12-i686.smp". I would like to recompile the kernel changing shared memory and semephores. Is it possible to make changes to the shmparam.h and sem.h then use the "make oldconfig"? I am not wanting to rebuild the entire kernel and the linux-2.2.12 readme is not real helpful in making this happen. Are there any more decisive docuements out there for doing what I am attempting Instead of the generic kernel build documents?
Thanks,

Make oldconfig is used when you upgrade the kernel version (For ex. 2.2.13 -> 2.2.14)
You will have to do a make config, or better yet make xconfig or make menuconfig to configure your new kernel because the default source tree is unconfigured.
null

Kernel Configuration for Manuel IP Rejection by Iptables

Similar Messages

Maybe you are looking for