Ubuntu – /etc/sysctl.conf settings do not last after reboot

16.04kernelsystemd

Version: Ubuntu 16.04.4 LTS 32-bit

I am unable to get settings in /etc/sysctl.conf to stick around after a restart.

Here are the settings I am trying to implement (taken verbatim from sysctl.conf):

kernel.core_uses_pid=1
kernel.dmesg_restrict=1
kernel.kptr_restrict=2
kernel.sysrq=0
net.ipv4.conf.all.log_martians=1
net.ipv4.conf.all.send_redirects=0
net.ipv4.conf.default.log_martians=1
net.ipv4.tcp_syncookies=1
fs.suid_dumpable=0

I've checked /etc/init/procps.conf (which contains essentially nothing) and /etc/init/procps-instance.conf (which does contain the appropriate commands) and have come up empty.

If I use sysctl -p, the settings are loaded properly, but before issuing that command and immediately after a reboot, the commands are not set properly.

Ex:

username@servername:/etc$ sudo sysctl -a | grep sysrq
kernel.sysrq = 136
sysctl: reading key "net.ipv6.conf.all.stable_secret"
sysctl: reading key "net.ipv6.conf.default.stable_secret"
sysctl: reading key "net.ipv6.conf.enp2s0f0.stable_secret"
sysctl: reading key "net.ipv6.conf.enp2s0f1.stable_secret"
sysctl: reading key "net.ipv6.conf.lo.stable_secret"
username@servername:/etc$ sudo sysctl -p
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1
kernel.core_uses_pid = 1
kernel.dmesg_restrict = 1
kernel.kptr_restrict = 2
kernel.sysrq = 0
net.ipv4.conf.all.log_martians = 1
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.log_martians = 1
net.ipv4.tcp_syncookies = 1
fs.suid_dumpable = 0
username@servername:/etc$ sudo sysctl -a | grep sysrq
kernel.sysrq = 0
sysctl: reading key "net.ipv6.conf.all.stable_secret"
sysctl: reading key "net.ipv6.conf.default.stable_secret"
sysctl: reading key "net.ipv6.conf.enp2s0f0.stable_secret"
sysctl: reading key "net.ipv6.conf.enp2s0f1.stable_secret"
sysctl: reading key "net.ipv6.conf.lo.stable_secret"

I've also checked pm-utils, which is installed, but does not have any settings files in power.d other than 95hdparm-apm. As my previous statement indicated, laptop-power does not exist in power.d, that issue is irrelevant — please read the entire post before marking as duplicate.

One more thing I'd like to add, in /etc/sysctl.d, several files are present with a 10- prefix, but the 99-prefixed link to sysctl.conf is in place, so it should run last and the settings should still be set correctly. I am stumped.

Tried adding a sysctl reload command to crontab as recommended in https://bugs.launchpad.net/ubuntu/+source/procps/+bug/50093:

@reboot sleep 60 && sysctl --system

Still no dice.

What am I missing?

Best Answer

I was unable to find a definitive root cause, but I was able to resolve my issue by doing the following:

  • Remove custom net.* parameters from /etc/sysctl.conf and place in /etc/ufw/sysctl.conf

The issue persisted for kernel.sysrq no matter what I did with the config files, so I used the following workaround:

  • Create the following cron job for kernel.sysrq:

    @reboot sleep 5 && /sbin/sysctl --system

Related Question