infrastructure/mono-infrastructure
7
0
Fork 0
mirror of https://github.com/rocky-linux/infrastructure synced 2024-11-10 16:01:23 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #19 from danielkubat/limits

Browse Source 
Use pam_limits module to set limits
This commit is contained in:
Louis Abel 2020-12-11 19:04:47 -07:00 committed by GitHub
commit 70678528d0
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 11 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
ansible/playbooks/tasks/harden.yml
View File

@ -20,14 +20,14 @@
- harden - harden
- kernel - kernel
- name: security limits - name: Security limits
copy: pam_limits:
dest: "/etc/security/limits.d/cis.conf" dest: "/etc/security/limits.d/cis.conf"
owner: root domain: "{{ item.domain }}"
group: root limit_type: "{{ item.limit_type }}"
mode: '0644' limit_item: "{{ item.limit_item }}"
content: | value: "{{ item.value }}"
* hard core 0 with_items: "{{ limits }}"
tags: tags:
- harden - harden

4
ansible/playbooks/vars/RedHat.yml
View File

@ -17,6 +17,10 @@ remove_packages:
- rsh - rsh
- lftp - lftp
# security limits
limits:
- { domain: '*', limit_type: hard, limit_item: core, value: 0 }
# sysctl settings # sysctl settings
sysctl_config: sysctl_config:
net.ipv4.ip_forward: 0 net.ipv4.ip_forward: 0