Dec 202009

When a kernel encounters certain errors it calls the “panic” function which results from a unrecoverable error. This panic results in LKCD (Linux Kernel Crash Dump) initiating a kernel dump where kernel memory is copied out to the pre-designated dump area. The dump device is configured as primary swap by default. The kernel is not completely functional at this point, but there is enough functionality to copy memory to disk. When the system boots back up, it checks for a new crash dump. If a new crash dump is found it is copied from the dump location to the file system, “/var/log/dump” directory by default. After copying the image, the system continues to boot normally and forensics can be performed at a later date.

By default after a kernel panic, system just waits there for a restart. This is because of the value set on “kernel.panic” parameter.

# cat /proc/sys/kernel/panic

To disable this and make the Linux OS reboot after a kernel panic, we have to set an integer value greater than zero to the paramter “kernel.panic”, where the value is the number of seconds to wait before a automatic reboot. For example , if you set it to “10” , then the system waits for 10 seconds before automatic reboot. To make this change permanent, edit

vim /etc/sysctl.conf

and add following line to end of the file.

kernel.panic = 10

 Posted by at 2:51 pm