Tuesday, January 3, 2012

A safe way to limit the number of processes on Debian Linux

A malicious software item can drain the resources of a computer by running many processes. It is safe to limit the maximum number of processes to 100000 for a user. 100000 processes are for the desktop use of Debian Linux.

To limit the number of processes of a user, I type su to assume the role of superuser and I type:
gedit /etc/security/limits.conf

I add the line below and save the file:

* hard nproc 100000

The file becomes:


# /etc/security/limits.conf
#
#Each line describes a limit for a user in the form:
#
#           
#
#Where:
# can be:
#        - an user name
#        - a group name, with @group syntax
#        - the wildcard *, for default entry
#        - the wildcard %, can be also used with %group syntax,
#                 for maxlogin limit
#        - NOTE: group and wildcard limits are not applied to root.
#          To apply a limit to the root user, must be
#          the literal username root.
#
# can have the two values:
#        - "soft" for enforcing the soft limits
#        - "hard" for enforcing hard limits
#
# can be one of the following:
#        - core - limits the core file size (KB)
#        - data - max data size (KB)
#        - fsize - maximum filesize (KB)
#        - memlock - max locked-in-memory address space (KB)
#        - nofile - max number of open files
#        - rss - max resident set size (KB)
#        - stack - max stack size (KB)
#        - cpu - max CPU time (MIN)
#        - nproc - max number of processes
#        - as - address space limit (KB)
#        - maxlogins - max number of logins for this user
#        - maxsyslogins - max number of logins on the system
#        - priority - the priority to run user process with
#        - locks - max number of file locks the user can hold
#        - sigpending - max number of pending signals
#        - msgqueue - max memory used by POSIX message queues (bytes)
#        - nice - max nice priority allowed to raise to values: [-20, 19]
#        - rtprio - max realtime priority
#        - chroot - change root to directory (Debian-specific)
#
#                
#

*               hard    nproc          100000

#*               soft    core            0
#root            hard    core            100000
#*               hard    rss             10000
#@student        hard    nproc           20
#@faculty        soft    nproc           20
#@faculty        hard    nproc           50
#ftp             hard    nproc           0
#ftp             -       chroot          /ftp
#@student        -       maxlogins       4

# End of file


I read the manual and got that idea of security.

Update: The following line was used after I had found out that the desktop use of Debian Linux had required many processes.
* hard nproc 100000 

No comments:

RSS