infrastructure/mono-infrastructure
7
0
Fork 0
mirror of https://github.com/rocky-linux/infrastructure synced 2024-06-26 13:40:14 +00:00
Code Issues Projects Releases Wiki Activity

Use pam_limits module to set limits

Browse Source
This commit is contained in:
danielkubat 2020-12-12 02:52:30 +01:00
parent 3f85cb863a
commit 893c8a343b
2 changed files with 11 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
ansible/playbooks/tasks/harden.yml
View File

@ -20,14 +20,14 @@
- harden
- kernel
- name: security limits
copy:
- name: Security limits
pam_limits:
dest: "/etc/security/limits.d/cis.conf"
owner: root
group: root
mode: '0644'
content: |
* hard core 0
domain: "{{ item.domain }}"
limit_type: "{{ item.limit_type }}"
limit_item: "{{ item.limit_item }}"
value: "{{ item.value }}"
with_items: "{{ limits }}"
tags:
- harden

4
ansible/playbooks/vars/RedHat.yml
View File

@ -17,6 +17,10 @@ remove_packages:
- rsh
- lftp
# security limits
limits:
- { domain: '*', limit_type: hard, limit_item: core, value: 0 }
# sysctl settings
sysctl_config:
net.ipv4.ip_forward: 0