Home > Operation and Maintenance > Linux Operation and Maintenance > How to configure a CentOS system to limit security policies on process resource usage

How to configure a CentOS system to limit security policies on process resource usage

WBOY
Release: 2023-07-05 08:37:14
Original
1228 people have browsed it

How to configure the CentOS system to limit the security policy of process resource usage

Introduction:
In a multi-process system, it is very important to reasonably configure and limit the resource usage of the process, which can ensure System stability and security. This article will introduce how to use the tools and configuration files provided by the CentOS system to limit the resource usage of the process, and provide some practical code examples.

Part One: Configuration Files

CentOS system provides some files for configuring system resource limits, they are: /etc/security/limits.confand /etc/sysctl.conf.

  1. /etc/security/limits.conf File:
    limits.conf file is used to configure resource limits for users or user groups. We You can limit the resource usage of a process by editing this file.

Open the /etc/security/limits.conf file and you can see the following sample content:

#<domain>      <type>  <item>          <value>
#

*               soft    core            0
*               hard    rss             10000
*               hard    nofile          10000
*               soft    nofile          10000
*               hard    stack           10000
*               soft    stack           10000
Copy after login

Among them, <domain> can be the name of a user or user group, or a wildcard character *; <type> is the type of resource restriction; <item> is The name of the resource; <value> is the limit value of the resource.

Taking limiting the number of open files of a process as an example, we can add the following configuration at the end of the file:

*               soft    nofile          400
*               hard    nofile          600
Copy after login

After this configuration, all user processes must not exceed 400 open files, and exceed 600 requests to open files will be denied.

  1. /etc/sysctl.conf file:
    sysctl.conf file is used to configure kernel parameters, we can adjust it by editing this file System resource limits.

Open the /etc/sysctl.conf file and you can see the following sample content:

# Kernel sysctl configuration file for Red Hat Linux

# Disable source routing and redirects
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.all.send_redirects = 0

# Disable ICMP redirects
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.all.secure_redirects = 0

# Disable IP forwarding
net.ipv4.ip_forward = 0
Copy after login

Taking adjusting the memory limit of the system as an example, we can Add the following configuration at the end of the file:

# Adjust memory allocation
vm.overcommit_memory = 2
vm.swappiness = 10
Copy after login

After this configuration, the system will allocate memory resources more reasonably.

Part 2: Tools and Commands

In addition to configuration files, the CentOS system also provides some tools and commands for dynamically limiting the resource usage of the process.

  1. ulimit command: The
    ulimit command is used to display and set resource limits for user processes.

Example 1: Check the resource limit of the current process

ulimit -a
Copy after login

Example 2: Set the limit of the number of open files of the process to 1000

ulimit -n 1000
Copy after login
  1. sysctl command:
    sysctl command is used to display and set kernel parameters.

Example 1: View the current kernel parameters

sysctl -a
Copy after login

Example 2: Set the kernel parameters vm.swappiness to 10

sysctl -w vm.swappiness=10
Copy after login

Part 3 : Practical code examples

The following are some practical code examples for limiting process resource usage on CentOS systems.

  1. Limit the number of open files of a process

  2. soft nofile 400
  3. hard nofile 600

    If already The logged in user needs to get the new configuration immediately, please execute the following command

    ulimit -n 400

  4. Limit the memory usage of the process

    # 添加以下配置到/etc/sysctl.conf文件末尾
    # Adjust memory allocation
    vm.overcommit_memory = 2
    vm.swappiness = 10
    
    # 若需要立即生效,请执行以下命令
    sysctl -p
    Copy after login

    Conclusion:
    Limiting the resource usage of processes in the CentOS system through configuration files and commands can help improve the stability and security of the system. At the same time, we also provide some practical code examples for reference. I hope this article is helpful to you and I wish you good luck with your system.

    The above is the detailed content of How to configure a CentOS system to limit security policies on process resource usage. For more information, please follow other related articles on the PHP Chinese website!

source:php.cn
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template