envs
/
ops
mirror of https://git.envs.net/envs/ops.git
1
0
Fork 0
Code Releases Activity

add /etc/security/limits.conf

This commit is contained in:
creme 2020-05-23 19:25:55 +00:00
parent 3e826c3e15
commit 9b4d497572
2 changed files with 97 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
Makefile
View File

@ -26,6 +26,7 @@ clean:
@rm -fv /etc/init.d/S41firewall
@rm -fv /etc/letsencrypt/renewal-hooks/deploy/envs.sh
stow -t /etc/nginx -D -d etc nginx
@rm -fv /etc/security/limits.conf
@rm -fv /etc/ssh/ssh_config /etc/ssh/sshd_config
stow -t /etc/sysctl.d -D -d etc sysctl.d
stow -t /etc/systemd/system -D -d etc/systemd system
@ -48,6 +49,7 @@ etc:
@install -m 644 etc/etc/inputrc /etc
@install -m 644 etc/etc/nanorc /etc
@install -m 644 etc/etc/sudoers /etc
@install -m 644 etc/etc/security/limits.conf /etcsecurity
cron:
@printf "$(GREEN)--- cron -----------------------------------------------\n$(RESET)"
@ -117,6 +119,7 @@ nuke:
@rm -fv /etc/init.d/S41firewall
@rm -fv /etc/letsencrypt/renewal-hooks/deploy/envs.sh
@rm -rfv /etc/nginx/*
@rm -fv /etc/security/limits.conf
@rm -fv /etc/ssh/ssh_config /etc/ssh/sshd_config
@rm -fv /etc/sysctl.d/10-kernel-hardening.conf /etc/sysctl.d/30-lxc-inotify.conf \
/etc/sysctl.d/fs.conf /etc/sysctl.d/net.conf /etc/sysctl.d/panic.conf /etc/sysctl.d/protect-links.conf

94
etc/security/limits.conf Normal file
View File

@ -0,0 +1,94 @@
# /etc/security/limits.conf
#
#Each line describes a limit for a user in the form:
#
#<domain> <type> <item> <value>
#
#Where:
#<domain> can be:
# - a user name
# - a group name, with @group syntax
# - the wildcard *, for default entry
# - the wildcard %, can be also used with %group syntax,
# for maxlogin limit
# - NOTE: group and wildcard limits are not applied to root.
# To apply a limit to the root user, <domain> must be
# the literal username root.
#
#<type> can have the two values:
# - "soft" for enforcing the soft limits
# - "hard" for enforcing hard limits
#
#<item> can be one of the following:
# - core - limits the core file size (KB)
# - data - max data size (KB)
# - fsize - maximum filesize (KB)
# - memlock - max locked-in-memory address space (KB)
# - nofile - max number of open file descriptors
# - rss - max resident set size (KB)
# - stack - max stack size (KB)
# - cpu - max CPU time (MIN)
# - nproc - max number of processes
# - as - address space limit (KB)
# - maxlogins - max number of logins for this user
# - maxsyslogins - max number of logins on the system
# - priority - the priority to run user process with
# - locks - max number of file locks the user can hold
# - sigpending - max number of pending signals
# - msgqueue - max memory used by POSIX message queues (bytes)
# - nice - max nice priority allowed to raise to values: [-20, 19]
# - rtprio - max realtime priority
# - chroot - change root to directory (Debian-specific)
#
#<domain> <type> <item> <value>
#
* soft nproc 65535
* hard nproc 65535
* soft nofile 65535
* hard nofile 1048576
#* soft memlock 5000000
#* hard memlock 10000000
root soft nproc 65535
root hard nproc 65535
root soft nofile 65535
root hard nofile unlimited
www-data soft nproc 10240
www-data hard nproc 65535
www-data soft nofile 65535
www-data hard nofile 1048576
@envs soft nproc 200
@envs hard nproc 225
@envs soft nofile 4096
@envs hard nofile 10240
@envs soft memlock 5000000
@envs hard memlock 10000000
@envs soft maxlogins 10
@envs hard maxlogins 25
deploy soft nproc 65535
deploy hard nproc unlimited
deploy soft nofile 65535
deploy hard nofile unlimited
creme soft nproc 65535
creme hard nproc unlimited
creme soft nofile 65535
creme hard nofile unlimited
#* soft core 0
#root hard core 100000
#* hard rss 10000
#@student hard nproc 20
#@faculty soft nproc 20
#@faculty hard nproc 50
#ftp hard nproc 0
#ftp - chroot /ftp
#@student - maxlogins 4
# End of file