LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (http://www.linuxquestions.org/questions/linux-security-4/)
-   -   /etc/security/limits.conf (http://www.linuxquestions.org/questions/linux-security-4/etc-security-limits-conf-592570/)

reverse 10-17-2007 03:52 PM

/etc/security/limits.conf
 
I've decided I'd set up some extremely basic security on my laptop (running Debian GNU/Linux - unstable); so I've decided to follow the "Securing Debian Manual", along with "Linux Security Howto" and anything which seemed of interest from LinuxSecurity. Long story short, most 'general' security guides recommend the configuration of the limits.conf file.

However, whilst I have no problem understand items such as "nproc", "maxlogins", I can't generalize for all the other items described in the limits.conf manual page.

Nothing a google search can't handle; however, even understanding what the items mean, I can't figure out proper limits. I'm the only person actually using the laptop, I don't run SSH on it (but I *might*, one day).

So what I'm basically humbly asking for is some `copy/paste` work of your /etc/security/limits.conf file.

unSpawn 10-20-2007 02:55 AM

Quote:

Originally Posted by reverse (Post 2927716)
I can't figure out proper limits. I'm the only person actually using the laptop, I don't run SSH on it (but I *might*, one day).

Trial and error? Go with the defaults, then tweak values down one value a time until you hit a "weird" problem doing regular things. IIRC using SSH required nlogins to be $nlogins+1.

reverse 10-20-2007 04:33 AM

Thanks for replying. I suppose I could go that route, problem is.. I don't have any 'defaults', the default limits.conf file is empty.

unSpawn 10-20-2007 08:45 AM

If you 'ulimit -a' in a Bash shell, you get something like:
Code:

core file size        (blocks, -c) 0
data seg size        (kbytes, -d) unlimited
file size            (blocks, -f) unlimited
max locked memory    (kbytes, -l) unlimited
max memory size      (kbytes, -m) unlimited
open files                    (-n) 1024
pipe size          (512 bytes, -p) 8
stack size            (kbytes, -s) 8192
cpu time            (seconds, -t) unlimited
max user processes            (-u) 4088
virtual memory        (kbytes, -v) unlimited


reverse 10-20-2007 03:10 PM

True enough, thanks.


All times are GMT -5. The time now is 06:03 PM.