Procfs

procfs (process filesystem) is a virtual filesystem to output and change system and process information. It is generated by the kernel and mounted at. The information in the sysfs filesystem replaces more and more system information of procfs.

Kernel
Activate the following kernel options:

Configuration
Change the to mount procfs at boot time to :

Restricting access to process id directories
procfs provides the  mount option to restrict access to the  directories by other users. This is a hardening technique that can make it more difficult for malicious local users to gather information about running processes of other users.

This is the default.

This will protect files such as, which may contain sensitive information.

Since this will hide all process information from all users except root, it may be useful to allow access to privileged users such as those that belong to the wheel group.

Usage
See the Wikipedia article for the file's purpose.


 * Use cat to read the information, e.g. output the version of the currently running kernel:


 * To set values at runtime - if possible - use echo, e.g. to enable the magic SysRq key::

sysctl
sysctl is a mechanism to modify certain kernel parameters at runtime. It is part of procfs and the files are located at. contains documentation of most files.

sysctl work with keys, which can be assembled from the file path by removing the prefix and replace the backsplash with a point. So, e.g. becomes kernel.sysrq.

It is certainly possible to modify files in like performed above, however the sysctl tool (part of ) can modify  information in a much more structured way:


 * To enable the magic sysrq key:


 * To show all keys and their current values:

To configure kernel parameters at boot, add them to a file in. The recommended location for local settings is. The legacy file is also supported. To enable the magic SysRq key at boot:

OpenRC
The sysctl service reads the files at boot and executes settings. The service is enabled by default.

systemd
systemd knows beside also  for package-provided config files.

The systemd-sysctl service is enabled by default.