Linux configuration tuning

##This is the maximum number of unique process identifiers your system can support.
cat /proc/sys/kernel/pid_max
OR
[root@test3sft security]# sysctl kernel.pid_max
kernel.pid_max = 32768

##For completeness, you can change it temporarily by writing to /proc/syskernel/pid_max 
OR
 permanently by adding the following  to /etc/sysctl.conf.

4194303 is the maximum limit for x86_64 and 32767 for x86.
kernel.pid_max = 4194303

[root@test3sft security]# cat /proc/sys/kernel/pid_max
32768
[root@test3sft security]# ls -ltr /proc/sys/kernel/pid_max
-rw-r--r-- 1 root root 0 May  7 14:25 /proc/sys/kernel/pid_max


###/etc/sysctl.conf
[root@test3sft security]# cat /etc/sysctl.conf
[root@test3sft security]# sysctl -a | grep pid
kernel.core_uses_pid = 1
kernel.cad_pid = 1
kernel.pid_max = 32768

##fork bomb testing : https://www.cyberciti.biz/tips/linux-limiting-user-process.html
Save and close the file. Test your new system by dropping a fork bomb:
$ :(){ :|:& };:

##example how  /etc/security/limits.conf and /etc/security/limits.d/90-nproc.conf work together 

limits.conf was the base, /etc/security/limits.d/90-nproc.conf  is on top of it and can't exceed the config in limits.conf
eg 1. In the example below nproc limit is set as 2047 as there is a hard limit of 2047 in limits.conf.

# cat /etc/security/limits.conf | grep nproc | grep -v ^#
test hard nproc 2047
test soft nproc 16384


# cat /etc/security/limits.d/90-nproc.conf | grep nproc | grep -v ^#
* soft nproc 1024
root soft nproc unlimited
test soft nproc 10023


# ulimit -u
2047

eg 2. Here 1066 is used because the last entry is “test soft nproc 1066” and 1066 does not exceed the hard limit.

# cat /etc/security/limits.conf | grep nproc | grep -v ^#
test hard nproc 1001
test soft nproc 16384
# cat /etc/security/limits.d/90-nproc.conf | grep nproc | grep -v ^#

  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值