Posted January 19Jan 19 You are reading Part 13 of the 57-part series: Harden and Secure Linux Servers. [Level 2]This series covers progressive security measures, from fundamental hardening techniques to enterprise-grade defense strategies. Each article delves into a specific security practice, explaining its importance and providing step-by-step guidance for implementation.To explore more security best practices, visit the main guide for a full breakdown of all levels and recommendations.Resource limits prevent system abuse by restricting how many processes a user can run at once. Without limits, a malicious user or process could spawn excessive tasks, leading to denial-of-service (DoS) attacks, crashes, or server slowdowns.By defining user resource limits, you ensure stable performance and system reliability while mitigating potential attacks.Open the resource limits configuration file:sudo nano /etc/security/limits.conf Set user process limits by adding the following lines:* soft nproc 4096 * hard nproc 8192 soft nproc 4096 → Limits the number of processes a user can start at once to 4096.hard nproc 8192 → Sets a maximum limit of 8192 processes per user.Save and close the file.Additional Resource Limiting Methods✅ Restrict Maximum Open Files (File Descriptors)Open /etc/security/limits.conf:sudo nano /etc/security/limits.conf Add:* soft nofile 10240 * hard nofile 20480 (Limits the number of open files per user.)✅ Apply Limits System-Wide (For All Users) via PAMsudo nano /etc/pam.d/common-session Add:session required pam_limits.so ✅ Modify Kernel-Level Limits (For System-Wide Control)sudo nano /etc/sysctl.conf Add:kernel.threads-max = 100000 fs.file-max = 2097152 Apply changes immediately:sudo sysctl -p ✅ Verify Limits for a User:ulimit -a Best Practices for Resource Limits🔹 Set reasonable limits to balance performance and security.🔹 Monitor resource usage using htop or top to detect unusual activity.🔹 Adjust limits based on workload to prevent bottlenecks or over-restriction.By enforcing resource limits, you prevent DoS attacks, improve system stability, and protect critical server resources, ensuring smooth and secure operations.Security misconfigurations and vulnerabilities can leave your system exposed to attacks. Security scanners help identify weaknesses before attackers exploit them, ensuring your server is properly hardened.By regularly scanning your system, you can detect misconfigurations, outdated software, weak security settings, and other risks, allowing you to take corrective action before it's too late.
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.