Use pam_limits module to set limits

This commit is contained in:
danielkubat 2020-12-12 02:52:30 +01:00
parent 3f85cb863a
commit 893c8a343b
2 changed files with 11 additions and 7 deletions

View File

@ -20,14 +20,14 @@
- harden - harden
- kernel - kernel
- name: security limits - name: Security limits
copy: pam_limits:
dest: "/etc/security/limits.d/cis.conf" dest: "/etc/security/limits.d/cis.conf"
owner: root domain: "{{ item.domain }}"
group: root limit_type: "{{ item.limit_type }}"
mode: '0644' limit_item: "{{ item.limit_item }}"
content: | value: "{{ item.value }}"
* hard core 0 with_items: "{{ limits }}"
tags: tags:
- harden - harden

View File

@ -17,6 +17,10 @@ remove_packages:
- rsh - rsh
- lftp - lftp
# security limits
limits:
- { domain: '*', limit_type: hard, limit_item: core, value: 0 }
# sysctl settings # sysctl settings
sysctl_config: sysctl_config:
net.ipv4.ip_forward: 0 net.ipv4.ip_forward: 0