feat: add security/limits.conf, update lynis, close #2

2021-08-23 21:44:13 +02:00 · 2021-08-23 21:44:13 +02:00 · 31ff66c2d2
commit 31ff66c2d2
parent 3ed5844553
2 changed files with 65 additions and 1 deletions
--- a/lynis/etc/lynis/custom.prf
+++ b/lynis/etc/lynis/custom.prf
@ -3,11 +3,13 @@ skip-test=AUTH-9286
 skip-test=PRNT-2307
 skip-test=USB-1000
 skip-test=STRG-1846
+skip-test=STRG-1840
 skip-test=PRNT-2308
 skip-test=FILE-6310
 skip-test=BOOT-5122
 skip-test=BOOT-5260
-skip-test=BOOT-5260
+skip-test=KRNL-5788
+skip-test=AUTH-9308

 # Disable /etc/issue checking
 skip-test=BANN-7126
--- a/security/etc/security/limits.conf
+++ b/security/etc/security/limits.conf
@ -0,0 +1,62 @@
+# /etc/security/limits.conf
+#
+#This file sets the resource limits for the users logged in via PAM.
+#It does not affect resource limits of the system services.
+#
+#Also note that configuration files in /etc/security/limits.d directory,
+#which are read in alphabetical order, override the settings in this
+#file in case the domain is the same or more specific.
+#That means for example that setting a limit for wildcard domain here
+#can be overriden with a wildcard setting in a config file in the
+#subdirectory, but a user specific setting here can be overriden only
+#with a user specific setting in the subdirectory.
+#
+#Each line describes a limit for a user in the form:
+#
+#<domain>        <type>  <item>  <value>
+#
+#Where:
+#<domain> can be:
+#        - a user name
+#        - a group name, with @group syntax
+#        - the wildcard *, for default entry
+#        - the wildcard %, can be also used with %group syntax,
+#                 for maxlogin limit
+#
+#<type> can have the two values:
+#        - "soft" for enforcing the soft limits
+#        - "hard" for enforcing hard limits
+#
+#<item> can be one of the following:
+#        - core - limits the core file size (KB)
+#        - data - max data size (KB)
+#        - fsize - maximum filesize (KB)
+#        - memlock - max locked-in-memory address space (KB)
+#        - nofile - max number of open file descriptors
+#        - rss - max resident set size (KB)
+#        - stack - max stack size (KB)
+#        - cpu - max CPU time (MIN)
+#        - nproc - max number of processes
+#        - as - address space limit (KB)
+#        - maxlogins - max number of logins for this user
+#        - maxsyslogins - max number of logins on the system
+#        - priority - the priority to run user process with
+#        - locks - max number of file locks the user can hold
+#        - sigpending - max number of pending signals
+#        - msgqueue - max memory used by POSIX message queues (bytes)
+#        - nice - max nice priority allowed to raise to values: [-20, 19]
+#        - rtprio - max realtime priority
+#
+#<domain>      <type>  <item>         <value>
+#
+
+*               soft    core            0
+*               hard    core            0
+#*               hard    rss             10000
+#@student        hard    nproc           20
+#@faculty        soft    nproc           20
+#@faculty        hard    nproc           50
+#ftp             hard    nproc           0
+#@student        -       maxlogins       4
+
+# End of file