Tuesday, December 22, 2009
Sunday, December 13, 2009
Why to edit /etc/security/limits.conf file
Edit /etc/security/limits.conf and add the following lines:
--------------------------------------------------------------------------------------
* soft nofile 4096
* hard nofile 65536
* soft nproc 2047
* hard nproc 16384
/etc/security/limits.conf:
Controlling resource usage can be very effective when trying to prevent a local Denial of
Service or restricting the maximum allowed logins for a group or user. However, too strict
settings will impede on your system's behavior and will result in program failures so make
sure that you check each setting first.
/etc/limits is very similar to the limit file /etc/security/limits.conf. The only difference is the
format and that it only works on users or wild cards (not groups). Let's have a look at a
sample configuration:
Here we set the default settings and a specific setting for the user kn. Limits are part of the
sys-apps/shadow package. It is not necessary to set any limits in this file if you have enabled
pam in /etc/make.conf.
You can protect against certain types of denial of service attacks by modifying
/etc/security/limits.conf. This file sets limits on system resources for each user. Since several
major daemons, including the web, name and ftp servers, may run as a particular user, this
has the effect of stopping many attacks against these applications from crippling the entire
machine. Further, many local DoS attacks should be defeated by this action.
Now lets open /etc/security/limits.conf...
Now what we're gonna do is limit how many processes a user may have/run, as well as limit
the maxium size of a file a user may have.
First we add these lines to restrict user processes to a specified amount given here.
# Limit user processes
* soft nproc 2047
* hard nproc 16384
Look above for at the beginning of /etc/security/limits.conf as to what this means.
Now we add the last line to restrict users from having a file over 40 megs in size.
# limits size of any one of users' files" /etc/security/limits.conf
* soft nofile 4096
* hard nofile 65536
--------------------------------------------------------------------------------------
* soft nofile 4096
* hard nofile 65536
* soft nproc 2047
* hard nproc 16384
/etc/security/limits.conf:
Controlling resource usage can be very effective when trying to prevent a local Denial of
Service or restricting the maximum allowed logins for a group or user. However, too strict
settings will impede on your system's behavior and will result in program failures so make
sure that you check each setting first.
/etc/limits is very similar to the limit file /etc/security/limits.conf. The only difference is the
format and that it only works on users or wild cards (not groups). Let's have a look at a
sample configuration:
Here we set the default settings and a specific setting for the user kn. Limits are part of the
sys-apps/shadow package. It is not necessary to set any limits in this file if you have enabled
pam in /etc/make.conf.
You can protect against certain types of denial of service attacks by modifying
/etc/security/limits.conf. This file sets limits on system resources for each user. Since several
major daemons, including the web, name and ftp servers, may run as a particular user, this
has the effect of stopping many attacks against these applications from crippling the entire
machine. Further, many local DoS attacks should be defeated by this action.
Now lets open /etc/security/limits.conf...
Now what we're gonna do is limit how many processes a user may have/run, as well as limit
the maxium size of a file a user may have.
First we add these lines to restrict user processes to a specified amount given here.
# Limit user processes
* soft nproc 2047
* hard nproc 16384
Look above for at the beginning of /etc/security/limits.conf as to what this means.
Now we add the last line to restrict users from having a file over 40 megs in size.
# limits size of any one of users' files" /etc/security/limits.conf
* soft nofile 4096
* hard nofile 65536
Linux Editors
Linux has a surprisingly large number of available editors, many of them inherited from UNIX.
1.
2.
3.
4.
5.
6.
7.
1.
ed Original UNIX line-based editor, useful in scripts.2.
emacs GNU editor and fully integrated user environment.3.
ex Powerful line-based editor (integrated with vi).4.
gawk GNU awk, powerful text editor for records containing fields.5.
sed Stream-oriented (non-interactive) line-based editor.6.
vi Classic screen-based editor for UNIX.7.
vim Vi IMproved, enhanced support for programmers
Subscribe to:
Posts (Atom)