hello

i've been reading about creating limits. one way is to edit /etc/limits according to man limits. does that work in slackware? do i have to enable something? /etc/limits does not exist. i created one and it doesn't seem to limit anything, here's what i put into it:

i can log in more then twice and ulimit -a doesn't show any extra limits

i am new to this security business

thanks in advance.

Have you tried looking in /etc/login.defs? There's a ulimit section in there.

--Dane

no. is that file used by `login`?

i just realized the file i created does work. only not over ssh. isn't that weird?

when loggin on directly at the machine or over telnet all the limits seem to be in place.

i have spent hours now trying to figure out why ssh logins ignore the /etc/limits file.

only suggestion i found was to enable UseLogin in sshd_config but then i cannot log in at all:
is securing a linux machine supposed to be this difficult? not that windows is any better...

maybe i just need some sleep

cheers

Exactly what kind of limit are you trying to put into place? Are you trying to stop forkbombs? A little clarification would be helpful.

--Dane

i have no specifics in mind. i want to make a secure linux system. people would have normal shell access (i hope that's possible)

forkbombs are one problem, but using up all the memory is just as bad. there are many things i want to take care of but for now the stuff described in `man limits`

Did you try in login.defs as DaneM suggested? That file is read everytime you authentificate.

the ULIMIT option in login.defs is entirely different.

the limits infrastracture exists in slackware as in every other linux distribution.
I don't know why slackware doesn't ship with a sample /etc/limits, but if you create it yourself it works perfectly.
/bin/login reads it.

I use it for a long time.

The most easy options are the following:
N: max number of open files
U: max number of processes (stop forkbombs)
L: max number of logins for this user.

(There are other very useful options too, but you can easily mess your system, that is why i don't mention them)

if you try "man limits" you get a very simple description of it.
If you google, there are very good tutorials for it.
If i remember correctly the PAM version of limits (limits.conf) uses a different syntax. I mention this so that when you
read some articles you don't get confused about what is written.
You can very easily convert the PAM syntax to yours.

Hope i helped.

looks like login.defs is a config file for `login`. `login` never runs (see my post above about what happens when i try to enable it with sshd)

i tried it anyway. it's ignored.

ooh.. please tell me you use ssh? i figured out how to use /etc/limits but it will not be used by ssh because ssh does not run /bin/login

thanks everyone for trying to help.