Postgres Pro
Downloads
Home   >   mailing lists

Thread: tcp_keepalives settings not being set

tcp_keepalives settings not being set

From
Dave Hughes
Date:

Hello,

We have PostgreSQL 10.5 installed on RHEL 6 and I’m new to both.  I’m in the process of completing STIGs (Security Technical Implementation Guides) for the Department of Defense.  One of the STIGs mentions that we must ensure our tcp_keepalives settings are configured in the postgresql.conf file.  I currently have these settings set to:

Tcp_keepalives_idle = 60

Tcp_keepalives_interval = 60

Tcp_keepalives_count = 2

 

I restarted the database and then ran SHOW_ALL; but it showed all 3 parameters set to 0.

 

After looking online, I saw a post where possibly Linux is not allowing this to be configured and instead is using the OS parameters.  When I ran the command: sysctl -A | grep net.ipv4, it returned:

Net.ipv4.tcp_keepalive_time = 7200

Net.ipv4.tcp_keepalive_probs = 9

Net.ipv4.tcp_keepalive_intvl = 75

 

Is it possible Linux is not allowing these parameters to be configured via the PostgreSQL config file?


Thanks in advance,

Dave Hughes

Re: tcp_keepalives settings not being set

From
Tom Lane
Date:
Dave Hughes <dhughes20@gmail.com> writes:
> We have PostgreSQL 10.5 installed on RHEL 6 and I’m new to both.  I’m in
> the process of completing STIGs (Security Technical Implementation Guides)
> for the Department of Defense.  One of the STIGs mentions that we must
> ensure our tcp_keepalives settings are configured in the postgresql.conf
> file.  I currently have these settings set to:
> Tcp_keepalives_idle = 60
> Tcp_keepalives_interval = 60
> Tcp_keepalives_count = 2
> I restarted the database and then ran SHOW_ALL; but it showed all 3
> parameters set to 0.

These will read as zeroes if you're using a non-TCP connection (ie
Unix socket).  Try it after "psql -h localhost" instead of just "psql".

            regards, tom lane

Re: tcp_keepalives settings not being set

From
Dave Hughes
Date:
Thank you!  That change allowed me to view those parameters.  I had no idea i wasn't connecting via TCP. 

Thanks again!  

On Wed, Dec 4, 2019 at 9:54 AM Tom Lane <tgl@sss.pgh.pa.us> wrote:
Dave Hughes <dhughes20@gmail.com> writes:
> We have PostgreSQL 10.5 installed on RHEL 6 and I’m new to both.  I’m in
> the process of completing STIGs (Security Technical Implementation Guides)
> for the Department of Defense.  One of the STIGs mentions that we must
> ensure our tcp_keepalives settings are configured in the postgresql.conf
> file.  I currently have these settings set to:
> Tcp_keepalives_idle = 60
> Tcp_keepalives_interval = 60
> Tcp_keepalives_count = 2
> I restarted the database and then ran SHOW_ALL; but it showed all 3
> parameters set to 0.

These will read as zeroes if you're using a non-TCP connection (ie
Unix socket).  Try it after "psql -h localhost" instead of just "psql".

                        regards, tom lane