PAM 이용한 리소스 관리
작성자 정보
- 보안 작성
- 작성일
컨텐츠 정보
- 3,159 조회
- 0 추천
-
목록
본문
안녕하세요
책 32페이지에서 PAM 질문입니다
ulimit는 잘됩니다
근데 PAM 않되는거 같습니다
[root@root ~]# cat /etc/pam.d/login
#%PAM-1.0
auth required pam_securetty.so
auth required pam_stack.so service=system-auth
auth required pam_nologin.so
account required pam_stack.so service=system-auth
password required pam_stack.so service=system-auth
# pam_selinux.so close should be the first session rule
session required pam_selinux.so close
session required pam_stack.so service=system-auth
session optional pam_console.so
# pam_selinux.so open should be the last session rule
session required pam_selinux.so multiple open
session required /lib/security/pam_limits.so -> 책에서 나온대로 추가했습니다
그다음에 limits.conf 파일 내용입니다
[root@root ~]# cat /etc/security/limits.conf
# /etc/security/limits.conf
#
#Each line describes a limit for a user in the form:
#
#<domain> <type> <item> <value>
#
#Where:
#<domain> can be:
# - an user name
# - a group name, with @group syntax
# - the wildcard *, for default entry
# - the wildcard %, can be also used with %group syntax,
# for maxlogin limit
#
#<type> can have the two values:
# - "soft" for enforcing the soft limits
# - "hard" for enforcing hard limits
#
#<item> can be one of the following:
# - core - limits the core file size (KB)
# - data - max data size (KB)
# - fsize - maximum filesize (KB)
# - memlock - max locked-in-memory address space (KB)
# - nofile - max number of open files
# - rss - max resident set size (KB)
# - stack - max stack size (KB)
# - cpu - max CPU time (MIN)
# - nproc - max number of processes
# - as - address space limit
# - maxlogins - max number of logins for this user
# - priority - the priority to run user process with
# - locks - max number of file locks the user can hold
#
#<domain> <type> <item> <value>
#
* soft core 0
* hard rss 10000
@student hard nproc 20
@faculty soft nproc 20
@faculty hard nproc 50
ftp hard nproc 0
@student - maxlogins 4
다음에 sshd 로 접속해 보았습니다
그리고 로그 확인
cat /var/log/messages
맨 아래 내용들만
nknown host to TCP port: 111 (accept failed)
Dec 9 20:21:01 root last message repeated 614 times
Dec 9 20:21:01 root crond(pam_unix)[3588]: session closed for user root
Dec 9 20:21:01 root portsentry[2690]: attackalert: Possible stealth scan from unknown host to TCP port: 111 (accept failed)
Dec 9 20:21:01 root last message repeated 10 times
Dec 9 20:21:01 root su(pam_unix)[3594]: session closed for user root
Dec 9 20:21:01 root crond(pam_unix)[3587]: session closed for user root
Dec 9 20:21:01 root portsentry[2690]: attackalert: Possible stealth scan from unknown host to TCP port: 111 (accept failed)
pam_limits 라는 모듈이 않올라왔는지 로그에 남지가 않네여
저는 페도라 3사용중입니다
관련자료
-
이전
-
다음