mirror of
https://github.com/rocky-linux/infrastructure
synced 2024-11-22 05:01:27 +00:00
Use pam_limits module to set limits
This commit is contained in:
parent
3f85cb863a
commit
893c8a343b
@ -20,14 +20,14 @@
|
||||
- harden
|
||||
- kernel
|
||||
|
||||
- name: security limits
|
||||
copy:
|
||||
- name: Security limits
|
||||
pam_limits:
|
||||
dest: "/etc/security/limits.d/cis.conf"
|
||||
owner: root
|
||||
group: root
|
||||
mode: '0644'
|
||||
content: |
|
||||
* hard core 0
|
||||
domain: "{{ item.domain }}"
|
||||
limit_type: "{{ item.limit_type }}"
|
||||
limit_item: "{{ item.limit_item }}"
|
||||
value: "{{ item.value }}"
|
||||
with_items: "{{ limits }}"
|
||||
tags:
|
||||
- harden
|
||||
|
||||
|
@ -17,6 +17,10 @@ remove_packages:
|
||||
- rsh
|
||||
- lftp
|
||||
|
||||
# security limits
|
||||
limits:
|
||||
- { domain: '*', limit_type: hard, limit_item: core, value: 0 }
|
||||
|
||||
# sysctl settings
|
||||
sysctl_config:
|
||||
net.ipv4.ip_forward: 0
|
||||
|
Loading…
Reference in New Issue
Block a user