Обсуждение: tcp_keepalives settings not being set
Hello,
We have PostgreSQL 10.5 installed on RHEL 6 and I’m new to both. I’m in the process of completing STIGs (Security Technical Implementation Guides) for the Department of Defense. One of the STIGs mentions that we must ensure our tcp_keepalives settings are configured in the postgresql.conf file. I currently have these settings set to:
Tcp_keepalives_idle = 60
Tcp_keepalives_interval = 60
Tcp_keepalives_count = 2
I restarted the database and then ran SHOW_ALL; but it showed all 3 parameters set to 0.
After looking online, I saw a post where possibly Linux is not allowing this to be configured and instead is using the OS parameters. When I ran the command: sysctl -A | grep net.ipv4, it returned:
Net.ipv4.tcp_keepalive_time = 7200
Net.ipv4.tcp_keepalive_probs = 9
Net.ipv4.tcp_keepalive_intvl = 75
Is it possible Linux is not allowing these parameters to be configured via the PostgreSQL config file?
Thanks in advance,
Dave Hughes
Dave Hughes <dhughes20@gmail.com> writes: > We have PostgreSQL 10.5 installed on RHEL 6 and I’m new to both. I’m in > the process of completing STIGs (Security Technical Implementation Guides) > for the Department of Defense. One of the STIGs mentions that we must > ensure our tcp_keepalives settings are configured in the postgresql.conf > file. I currently have these settings set to: > Tcp_keepalives_idle = 60 > Tcp_keepalives_interval = 60 > Tcp_keepalives_count = 2 > I restarted the database and then ran SHOW_ALL; but it showed all 3 > parameters set to 0. These will read as zeroes if you're using a non-TCP connection (ie Unix socket). Try it after "psql -h localhost" instead of just "psql". regards, tom lane
Dave Hughes <dhughes20@gmail.com> writes:
> We have PostgreSQL 10.5 installed on RHEL 6 and I’m new to both. I’m in
> the process of completing STIGs (Security Technical Implementation Guides)
> for the Department of Defense. One of the STIGs mentions that we must
> ensure our tcp_keepalives settings are configured in the postgresql.conf
> file. I currently have these settings set to:
> Tcp_keepalives_idle = 60
> Tcp_keepalives_interval = 60
> Tcp_keepalives_count = 2
> I restarted the database and then ran SHOW_ALL; but it showed all 3
> parameters set to 0.
These will read as zeroes if you're using a non-TCP connection (ie
Unix socket). Try it after "psql -h localhost" instead of just "psql".
regards, tom lane