feat: add security/limits.conf, update lynis, close #2
This commit is contained in:
parent
3ed5844553
commit
31ff66c2d2
2 changed files with 65 additions and 1 deletions
|
@ -3,11 +3,13 @@ skip-test=AUTH-9286
|
||||||
skip-test=PRNT-2307
|
skip-test=PRNT-2307
|
||||||
skip-test=USB-1000
|
skip-test=USB-1000
|
||||||
skip-test=STRG-1846
|
skip-test=STRG-1846
|
||||||
|
skip-test=STRG-1840
|
||||||
skip-test=PRNT-2308
|
skip-test=PRNT-2308
|
||||||
skip-test=FILE-6310
|
skip-test=FILE-6310
|
||||||
skip-test=BOOT-5122
|
skip-test=BOOT-5122
|
||||||
skip-test=BOOT-5260
|
skip-test=BOOT-5260
|
||||||
skip-test=BOOT-5260
|
skip-test=KRNL-5788
|
||||||
|
skip-test=AUTH-9308
|
||||||
|
|
||||||
# Disable /etc/issue checking
|
# Disable /etc/issue checking
|
||||||
skip-test=BANN-7126
|
skip-test=BANN-7126
|
||||||
|
|
62
security/etc/security/limits.conf
Normal file
62
security/etc/security/limits.conf
Normal file
|
@ -0,0 +1,62 @@
|
||||||
|
# /etc/security/limits.conf
|
||||||
|
#
|
||||||
|
#This file sets the resource limits for the users logged in via PAM.
|
||||||
|
#It does not affect resource limits of the system services.
|
||||||
|
#
|
||||||
|
#Also note that configuration files in /etc/security/limits.d directory,
|
||||||
|
#which are read in alphabetical order, override the settings in this
|
||||||
|
#file in case the domain is the same or more specific.
|
||||||
|
#That means for example that setting a limit for wildcard domain here
|
||||||
|
#can be overriden with a wildcard setting in a config file in the
|
||||||
|
#subdirectory, but a user specific setting here can be overriden only
|
||||||
|
#with a user specific setting in the subdirectory.
|
||||||
|
#
|
||||||
|
#Each line describes a limit for a user in the form:
|
||||||
|
#
|
||||||
|
#<domain> <type> <item> <value>
|
||||||
|
#
|
||||||
|
#Where:
|
||||||
|
#<domain> can be:
|
||||||
|
# - a user name
|
||||||
|
# - a group name, with @group syntax
|
||||||
|
# - the wildcard *, for default entry
|
||||||
|
# - the wildcard %, can be also used with %group syntax,
|
||||||
|
# for maxlogin limit
|
||||||
|
#
|
||||||
|
#<type> can have the two values:
|
||||||
|
# - "soft" for enforcing the soft limits
|
||||||
|
# - "hard" for enforcing hard limits
|
||||||
|
#
|
||||||
|
#<item> can be one of the following:
|
||||||
|
# - core - limits the core file size (KB)
|
||||||
|
# - data - max data size (KB)
|
||||||
|
# - fsize - maximum filesize (KB)
|
||||||
|
# - memlock - max locked-in-memory address space (KB)
|
||||||
|
# - nofile - max number of open file descriptors
|
||||||
|
# - rss - max resident set size (KB)
|
||||||
|
# - stack - max stack size (KB)
|
||||||
|
# - cpu - max CPU time (MIN)
|
||||||
|
# - nproc - max number of processes
|
||||||
|
# - as - address space limit (KB)
|
||||||
|
# - maxlogins - max number of logins for this user
|
||||||
|
# - maxsyslogins - max number of logins on the system
|
||||||
|
# - priority - the priority to run user process with
|
||||||
|
# - locks - max number of file locks the user can hold
|
||||||
|
# - sigpending - max number of pending signals
|
||||||
|
# - msgqueue - max memory used by POSIX message queues (bytes)
|
||||||
|
# - nice - max nice priority allowed to raise to values: [-20, 19]
|
||||||
|
# - rtprio - max realtime priority
|
||||||
|
#
|
||||||
|
#<domain> <type> <item> <value>
|
||||||
|
#
|
||||||
|
|
||||||
|
* soft core 0
|
||||||
|
* hard core 0
|
||||||
|
#* hard rss 10000
|
||||||
|
#@student hard nproc 20
|
||||||
|
#@faculty soft nproc 20
|
||||||
|
#@faculty hard nproc 50
|
||||||
|
#ftp hard nproc 0
|
||||||
|
#@student - maxlogins 4
|
||||||
|
|
||||||
|
# End of file
|
Loading…
Reference in a new issue