How to configure a CentOS system to limit security policies on process resource usage

How to configure the CentOS system to limit the security policy of process resource usage

Introduction:
In a multi-process system, it is very important to reasonably configure and limit the resource usage of the process, which can ensure System stability and security. This article will introduce how to use the tools and configuration files provided by the CentOS system to limit the resource usage of the process, and provide some practical code examples.

Part One: Configuration Files

CentOS system provides some files for configuring system resource limits, they are: /etc/security/limits.confand /etc/sysctl.conf.

1. /etc/security/limits.conf File:
   limits.conf file is used to configure resource limits for users or user groups. We You can limit the resource usage of a process by editing this file.

Open the /etc/security/limits.conf file and you can see the following sample content:

#<domain>      <type>  <item>          <value>
#

*               soft    core            0
*               hard    rss             10000
*               hard    nofile          10000
*               soft    nofile          10000
*               hard    stack           10000
*               soft    stack           10000

Among them, 9e6c6f86673efa96e9f4645ec38e5f75 can be the name of a user or user group, or a wildcard character *; 7674b22ef33c73b930516fd6bc30b7a3 is the type of resource restriction; 5083cbefc9e5095dae6431462e2af988 is The name of the resource; 8487820b627113dd990f63dd2ef215f3 is the limit value of the resource.

Taking limiting the number of open files of a process as an example, we can add the following configuration at the end of the file:

*               soft    nofile          400
*               hard    nofile          600

After this configuration, all user processes must not exceed 400 open files, and exceed 600 requests to open files will be denied.

2. /etc/sysctl.conf file:
   sysctl.conf file is used to configure kernel parameters, we can adjust it by editing this file System resource limits.

Open the /etc/sysctl.conf file and you can see the following sample content:

# Kernel sysctl configuration file for Red Hat Linux

# Disable source routing and redirects
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.all.send_redirects = 0

# Disable ICMP redirects
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.all.secure_redirects = 0

# Disable IP forwarding
net.ipv4.ip_forward = 0

Taking adjusting the memory limit of the system as an example, we can Add the following configuration at the end of the file:

# Adjust memory allocation
vm.overcommit_memory = 2
vm.swappiness = 10

After this configuration, the system will allocate memory resources more reasonably.

Part 2: Tools and Commands

In addition to configuration files, the CentOS system also provides some tools and commands for dynamically limiting the resource usage of the process.

1. ulimit command: The
   ulimit command is used to display and set resource limits for user processes.

Example 1: Check the resource limit of the current process

ulimit -a

Example 2: Set the limit of the number of open files of the process to 1000

ulimit -n 1000

2. sysctl command:
   sysctl command is used to display and set kernel parameters.

Example 1: View the current kernel parameters

sysctl -a

Example 2: Set the kernel parameters vm.swappiness to 10

sysctl -w vm.swappiness=10

Part 3 : Practical code examples

The following are some practical code examples for limiting process resource usage on CentOS systems.

1. Limit the number of open files of a process

2. soft nofile 400

3. hard nofile 600

   If already The logged in user needs to get the new configuration immediately, please execute the following command

   ulimit -n 400

4. Limit the memory usage of the process

   # 添加以下配置到/etc/sysctl.conf文件末尾
   # Adjust memory allocation
   vm.overcommit_memory = 2
   vm.swappiness = 10
   
   # 若需要立即生效，请执行以下命令
   sysctl -p

Conclusion:
Limiting the resource usage of processes in the CentOS system through configuration files and commands can help improve the stability and security of the system. At the same time, we also provide some practical code examples for reference. I hope this article is helpful to you and I wish you good luck with your system.

The above is the detailed content of How to configure a CentOS system to limit security policies on process resource usage. For more information, please follow other related articles on the PHP Chinese website!