Linux configuration tuning

##This is the maximum number of unique process identifiers your system can support.
cat /proc/sys/kernel/pid_max
OR
[root@test3sft security]# sysctl kernel.pid_max
kernel.pid_max = 32768

##For completeness, you can change it temporarily by writing to /proc/syskernel/pid_max 
OR
 permanently by adding the following  to /etc/sysctl.conf.

4194303 is the maximum limit for x86_64 and 32767 for x86.
kernel.pid_max = 4194303

[root@test3sft security]# cat /proc/sys/kernel/pid_max
32768
[root@test3sft security]# ls -ltr /proc/sys/kernel/pid_max
-rw-r--r-- 1 root root 0 May  7 14:25 /proc/sys/kernel/pid_max


###/etc/sysctl.conf
[root@test3sft security]# cat /etc/sysctl.conf
[root@test3sft security]# sysctl -a | grep pid
kernel.core_uses_pid = 1
kernel.cad_pid = 1
kernel.pid_max = 32768

##fork bomb testing : https://www.cyberciti.biz/tips/linux-limiting-user-process.html
Save and close the file. Test your new system by dropping a fork bomb:
$ :(){ :|:& };:

##example how  /etc/security/limits.conf and /etc/security/limits.d/90-nproc.conf work together 

limits.conf was the base, /etc/security/limits.d/90-nproc.conf  is on top of it and can't exceed the config in limits.conf
eg 1. In the example below nproc limit is set as 2047 as there is a hard limit of 2047 in limits.conf.

# cat /etc/security/limits.conf | grep nproc | grep -v ^#
test hard nproc 2047
test soft nproc 16384


# cat /etc/security/limits.d/90-nproc.conf | grep nproc | grep -v ^#
* soft nproc 1024
root soft nproc unlimited
test soft nproc 10023


# ulimit -u
2047

eg 2. Here 1066 is used because the last entry is “test soft nproc 1066” and 1066 does not exceed the hard limit.

# cat /etc/security/limits.conf | grep nproc | grep -v ^#
test hard nproc 1001
test soft nproc 16384
# cat /etc/security/limits.d/90-nproc.conf | grep nproc | grep -v ^#

你可能感兴趣的:(Linux configuration tuning)