mirror of https://git.envs.net/envs/ops.git
add /etc/security/limits.conf
This commit is contained in:
parent
3e826c3e15
commit
9b4d497572
3
Makefile
3
Makefile
|
@ -26,6 +26,7 @@ clean:
|
|||
@rm -fv /etc/init.d/S41firewall
|
||||
@rm -fv /etc/letsencrypt/renewal-hooks/deploy/envs.sh
|
||||
stow -t /etc/nginx -D -d etc nginx
|
||||
@rm -fv /etc/security/limits.conf
|
||||
@rm -fv /etc/ssh/ssh_config /etc/ssh/sshd_config
|
||||
stow -t /etc/sysctl.d -D -d etc sysctl.d
|
||||
stow -t /etc/systemd/system -D -d etc/systemd system
|
||||
|
@ -48,6 +49,7 @@ etc:
|
|||
@install -m 644 etc/etc/inputrc /etc
|
||||
@install -m 644 etc/etc/nanorc /etc
|
||||
@install -m 644 etc/etc/sudoers /etc
|
||||
@install -m 644 etc/etc/security/limits.conf /etcsecurity
|
||||
|
||||
cron:
|
||||
@printf "$(GREEN)--- cron -----------------------------------------------\n$(RESET)"
|
||||
|
@ -117,6 +119,7 @@ nuke:
|
|||
@rm -fv /etc/init.d/S41firewall
|
||||
@rm -fv /etc/letsencrypt/renewal-hooks/deploy/envs.sh
|
||||
@rm -rfv /etc/nginx/*
|
||||
@rm -fv /etc/security/limits.conf
|
||||
@rm -fv /etc/ssh/ssh_config /etc/ssh/sshd_config
|
||||
@rm -fv /etc/sysctl.d/10-kernel-hardening.conf /etc/sysctl.d/30-lxc-inotify.conf \
|
||||
/etc/sysctl.d/fs.conf /etc/sysctl.d/net.conf /etc/sysctl.d/panic.conf /etc/sysctl.d/protect-links.conf
|
||||
|
|
|
@ -0,0 +1,94 @@
|
|||
# /etc/security/limits.conf
|
||||
#
|
||||
#Each line describes a limit for a user in the form:
|
||||
#
|
||||
#<domain> <type> <item> <value>
|
||||
#
|
||||
#Where:
|
||||
#<domain> can be:
|
||||
# - a user name
|
||||
# - a group name, with @group syntax
|
||||
# - the wildcard *, for default entry
|
||||
# - the wildcard %, can be also used with %group syntax,
|
||||
# for maxlogin limit
|
||||
# - NOTE: group and wildcard limits are not applied to root.
|
||||
# To apply a limit to the root user, <domain> must be
|
||||
# the literal username root.
|
||||
#
|
||||
#<type> can have the two values:
|
||||
# - "soft" for enforcing the soft limits
|
||||
# - "hard" for enforcing hard limits
|
||||
#
|
||||
#<item> can be one of the following:
|
||||
# - core - limits the core file size (KB)
|
||||
# - data - max data size (KB)
|
||||
# - fsize - maximum filesize (KB)
|
||||
# - memlock - max locked-in-memory address space (KB)
|
||||
# - nofile - max number of open file descriptors
|
||||
# - rss - max resident set size (KB)
|
||||
# - stack - max stack size (KB)
|
||||
# - cpu - max CPU time (MIN)
|
||||
# - nproc - max number of processes
|
||||
# - as - address space limit (KB)
|
||||
# - maxlogins - max number of logins for this user
|
||||
# - maxsyslogins - max number of logins on the system
|
||||
# - priority - the priority to run user process with
|
||||
# - locks - max number of file locks the user can hold
|
||||
# - sigpending - max number of pending signals
|
||||
# - msgqueue - max memory used by POSIX message queues (bytes)
|
||||
# - nice - max nice priority allowed to raise to values: [-20, 19]
|
||||
# - rtprio - max realtime priority
|
||||
# - chroot - change root to directory (Debian-specific)
|
||||
#
|
||||
#<domain> <type> <item> <value>
|
||||
#
|
||||
|
||||
* soft nproc 65535
|
||||
* hard nproc 65535
|
||||
* soft nofile 65535
|
||||
* hard nofile 1048576
|
||||
#* soft memlock 5000000
|
||||
#* hard memlock 10000000
|
||||
|
||||
root soft nproc 65535
|
||||
root hard nproc 65535
|
||||
root soft nofile 65535
|
||||
root hard nofile unlimited
|
||||
|
||||
www-data soft nproc 10240
|
||||
www-data hard nproc 65535
|
||||
www-data soft nofile 65535
|
||||
www-data hard nofile 1048576
|
||||
|
||||
@envs soft nproc 200
|
||||
@envs hard nproc 225
|
||||
@envs soft nofile 4096
|
||||
@envs hard nofile 10240
|
||||
@envs soft memlock 5000000
|
||||
@envs hard memlock 10000000
|
||||
@envs soft maxlogins 10
|
||||
@envs hard maxlogins 25
|
||||
|
||||
|
||||
deploy soft nproc 65535
|
||||
deploy hard nproc unlimited
|
||||
deploy soft nofile 65535
|
||||
deploy hard nofile unlimited
|
||||
|
||||
creme soft nproc 65535
|
||||
creme hard nproc unlimited
|
||||
creme soft nofile 65535
|
||||
creme hard nofile unlimited
|
||||
|
||||
#* soft core 0
|
||||
#root hard core 100000
|
||||
#* hard rss 10000
|
||||
#@student hard nproc 20
|
||||
#@faculty soft nproc 20
|
||||
#@faculty hard nproc 50
|
||||
#ftp hard nproc 0
|
||||
#ftp - chroot /ftp
|
||||
#@student - maxlogins 4
|
||||
|
||||
# End of file
|
||||
|
Loading…
Reference in New Issue