mirror of
https://github.com/rocky-linux/infrastructure
synced 2024-11-16 18:51:23 +00:00
Use pam_limits module to set limits
This commit is contained in:
parent
3f85cb863a
commit
893c8a343b
@ -20,14 +20,14 @@
|
|||||||
- harden
|
- harden
|
||||||
- kernel
|
- kernel
|
||||||
|
|
||||||
- name: security limits
|
- name: Security limits
|
||||||
copy:
|
pam_limits:
|
||||||
dest: "/etc/security/limits.d/cis.conf"
|
dest: "/etc/security/limits.d/cis.conf"
|
||||||
owner: root
|
domain: "{{ item.domain }}"
|
||||||
group: root
|
limit_type: "{{ item.limit_type }}"
|
||||||
mode: '0644'
|
limit_item: "{{ item.limit_item }}"
|
||||||
content: |
|
value: "{{ item.value }}"
|
||||||
* hard core 0
|
with_items: "{{ limits }}"
|
||||||
tags:
|
tags:
|
||||||
- harden
|
- harden
|
||||||
|
|
||||||
|
@ -17,6 +17,10 @@ remove_packages:
|
|||||||
- rsh
|
- rsh
|
||||||
- lftp
|
- lftp
|
||||||
|
|
||||||
|
# security limits
|
||||||
|
limits:
|
||||||
|
- { domain: '*', limit_type: hard, limit_item: core, value: 0 }
|
||||||
|
|
||||||
# sysctl settings
|
# sysctl settings
|
||||||
sysctl_config:
|
sysctl_config:
|
||||||
net.ipv4.ip_forward: 0
|
net.ipv4.ip_forward: 0
|
||||||
|
Loading…
Reference in New Issue
Block a user