if i wanna to compile the unrealircd ircd server with max 150 users what i have to do i remember is on limits.conf the open filesbut i am comfusing the soft and hardmust have the same number !? or different?the second is if i wanna this shell when the user download the pack and he going to make compile to allow him to have only the option to compile in leaf mode and not hubso
View 1 RepliesI was searching around and I stumbled upon a Linux Kernelix Sockets Local Denial of Service exploit.I downloaded the exploit, compiled it ran it to check if I am vulnerable.As I was expecting, the exploit instantly "killed" my Maverick system and I had to use the power button to reset my computer...Is there any way to limit the numberof allowed open sockets?I don't think that this can be done using /etc/security/limits.conf in a similar way of preventing the fork bombs
View 1 Replies View RelatedLearning about the ulimit command, I came across something unexpected..
Checking the root account limits:
# ulimit -a
core file size (blocks, -c) 0
data seg size (kbytes, -d) unlimited
scheduling priority (-e) 0
file size (blocks, -f) unlimited
pending signals (-i) 16382
max locked memory (kbytes, -l) 64
max memory size (kbytes, -m) unlimited
[code]...
This is happening on Ubuntu 9.10 serverI'm trying to increase the number of open files allowed for a user. This is for an nginx webserver where the current limit of 1024 is not enough.According to the posts I've found so far, I should be able to put lines into /etc/security/limits.conf like this;
Code:
* soft nofile 4096
* hard nofile 4096
[code]...
I use CentOS 5.3 and trying to change limit of max. open files.I added in /etc/security/limits.conf
root soft nofile 50000
root hard nofile 50000
Running an nginx webserver on Ubuntu 10.04 lts In the process of trying to optimize the mysql, various tuning scripts keep telling me to raise the table cache. But they also say the table cache should stay below 1/3 of the open files limit. I can raise that in mysql, but I guess you're not supposed to raise it above the OS's open files max. So I'd like to raise it (found what appear to be solid instructions here: [URL] But... Post by Kees here says it's not safe to raise it [URL] at least, not safe under certain conditions. But I'm not clear on what the conditions are. is it safe or not? If I knew how to just raise it for mysql, I'd do that. But as you can probably see, I'm pretty new to all this. Don't want to wreck my server. (my current limit is the default 1024... wd like to go to 204
View 5 Replies View RelatedHow to configure SELinux to open PDF files only by Adobe Reader and other programs can't do that?
View 3 Replies View RelatedI'd like to limit ps aux command outputs to current user only(the one, who invoked "ps". I've recently saw this feature on FreeBSD systems and on at least one Linux system running on shell.sf.net. I run Linux 2.6.33, I wanted to know how to make that. Any advice? Googling around wasn't too successful, perhaps I don't know how to query that, recently tried with "limit ps outputs" "ps aux current user", etc... had no luck.
View 2 Replies View RelatedDist: Fedora 14
SSHD: OpenSSH 5.5p1
I need to limit the number of ssh connections a user has. All the users are using tunnel only so their shell is set to /sbin/nologin The logins do not open a shell they just create the tunnel so /etc/security/limits.conf has no effect on them at all.
I tried setting 'MaxSessions 1' in sshd_config but either that doesn't not do what I expect it to or it plain does not work as even with a normal user I was able to open an unlimited number of sessions. I need a good secure way to limit each user to 1 ssh session without them having a shell but Im unable to find a solution.
I would like to use a package manager to generate a list of all installed packages that are not depended on by any other installed package. That is to say, a list of installed packages that are not required by any other installed package. I believe these are referred to as packages with 0 forward dependencies. I believe they are also called "leaves."
I am on Red Hat, so a method of doing this with rpm, yum or smart would be optimal. I discovered the package-cleanup program that is a part of yum-utils. According to package-cleanup's man page, the option --leaves will "list leaf nodes in the local RPM database. Leaf nodes are RPMs that are not relied upon by any other RPM." I thought this would do what I wanted, but it seems to do a poor job. It listed only two packages. While those two packages are indeed required by nothing else, I am sure there are many more than two on my system. (For example, it did not list firefox)
I have a problem with open file limit. The software I'm installing claims "Open file limit (ulimit -H -n) too low (1014), need at least 6311" but when I check the linit I get the following
Code:
# uname -a
Linux server 2.6.32-5-amd64 #1 SMP Mon Mar 7 21:35:22 UTC 2011 x86_64 GNU/Linux
[code]...
I'm looking for a solution for sendmail to limit the number of emails send per miniute per IP. For example all my local computer user with ip 192.x.x.x need to able to send 10 emails/minite (emails, not connections!. The rest of the world can send for example 200 emails/minute to the mailserver. If the amount of emails per minute is exceeded, sendmail needs to block receiving emails from the spesific IP. I want to do this to stop spaming from my local network. Is it possible?
View 1 Replies View RelatedIt is known that binaries with the SetUID bit enabled are a threat for the system.I saw on this ArchLinux wiki[URL].tead_Of_Setuida way to limit the use of SetUID bit thanks to POSIX capabilities.It looks very interesting.Does anyone of you used it already?Is it a burden for the system afterwards (like binaries not working, needing to be fixed); or is it seamless
View 3 Replies View RelatedIs there a way to create a guest account and have Ubuntu "automagically" limit the amount of time the user can access the Internet? So, for example, could she set up an account for her son and limit his Internet access to an hour at a time?
View 9 Replies View RelatedI'm trying to limit the number of the ICMP packets reaching my server, so I'm using the limit module of iptables, unfortunately it seems the limit I set is totally ignored as I can easily send tens of ICMP packets and get a reply in less than 0.3 second Quote:
m3xican@m3xtop:~$ sudo ping -i0 -c20 x.x.x.x 20 packets transmitted, 20 received, 0% packet loss, time 230ms
rtt min/avg/max/mdev = 184.969/185.895/189.732/1.301 ms, pipe 16, ipg/ewma 12.138/186.232 ms This is the rule I'm using to accept ICMP packets (default setting is DROP)
Code:
iptables -A INPUT -p icmp -m limit --limit 1/s -j ACCEPT
And these are the kernel modules related to iptables
Code:
Module Size Used by
xt_limit 1382 0
[Code]...
I have a linux firewall. I want to limit a ssh connection number from local network to internet .
Example :
Internal pc (192.168.0.10) start a ssh scan to the external (internet) host.
I want that iptables limit that host (192.168.0.10) and block ssh connection from this host at 3 attempt.
I have been reading guides for a while now and so far have not found an exact solution to my problem.
I want a linux user (dave) to be able to switch to another account (patrol) without a password prompt, but dave must still be denied access to root. Patrol must also be denied root access.
In the sudoers file
Code:
User_Alias Patrol=dave,john
root ALL=(ALL) ALL
Patrol ALL=(patrol) NOPSSWD: ALL
[Code].....
I see on my webserver some logs as follows Quote:
203.252.157.98 - :25:02 "GET //phpmyadmin/ HTTP/1.1" 404 393 "-" "Made by ZmEu @ WhiteHat Team - www.whitehat.ro"
203.252.157.98 - :25:03 "GET //phpMyAdmin/ HTTP/1.1" 404 394 "-" "Made by ZmEu @
[code]....
I am searching for a program which may be used in order to display a list of "leaf" packages (i.e. installed packages upon which no other installed packages depend), but only those "leaf" packages which are not marked as being mandatory packages belonging to some installed group. For example, assume we have package group "Example" which comprises the following packages:
core-package-one [ MANDATORY; installed; ]
core-package-two [ MANDATORY; installed; ]
extra-package-alpha [ OPTIONAL; installed; not required by any other package; ]
extra-package-beta [ OPTIONAL; installed; required by extra-package-alpha; ]
extra-package-delta [ OPTIONAL; not installed; ]
Format: <package name> [ <group priority>; <install status>; <leaf status> ]
[Code]....
If such a tool does not exist, I would like to create it. However, I am new to RPM-based systems, and, as such, I am having difficulties finding the necessary documentation. Should I be reading the yum source code? Is there some sort of document describing the package database on RH/CentOS/etc. systems and how 3rd party applications are supposed to work with this database?
Last weekend i have increased the open file size (ulimit -n) for the application user id i have update the limits.conf file with necessary inputs restarted the service and the server as well, when i check the ulimit value for the specific user by switching user from other user it shows the new value (10240) but if i login directly using the application id the ulimit value shows as 1024 which one is the default one.
View 6 Replies View RelatedI have a standard home set-up for my Ubuntu OS, and I would like to know whether its possible to cut out the repetitive prompts to enter the password, as when you connect to the internet or access files on a partition that's not home, or install new software.
View 1 Replies View RelatedI'd like to limit login attempts for specific user. I've found information in manpages: [URL]but I'm not sure if this '@' is purposly there, so would be that correct?
Code:
aparaho - maxlogins 4
or
Code:
@aparaho - maxlogins 4
Maybe '@' is a group syntax? I'm confused.
What happens after 4 failed loggins? Is it enough to restart system to get another login attempts?
Are there any other values that it is reasonable to limit for safety reasons?
I am at a loss how to prevent Denial of Service attacks to port 25 and not block legitimate connections from 2 Barracuda 800(s) and block smart phones such as iPhones/Blackberrys/iPhones that use the server smtp.server.com for email.
Presently for port 25
RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 25 -j ACCEPT
The 2 Barracuda 800(s) make port 25 connections all the time, plus users with smart_phones have the incoming server type:
IMAP
pop.server.com
smtp.server.com
Is there a way to keep Denial of Service attacks from happening with iptables rules without causing blocking to the Barracuda(s) that make constant port 25 connections & smart phones that poll? I was thinking if I allowed the Barracuda(s) in these lines
-s (barracuda)24.xx.xx.xx -d (emailserver)24.00.xx.xx -p tcp -m tcp --dport 25 -m state --state NEW -j ACCEPT
Where the source would be the Barracuda going to the email server. It would be allowed, then I am left with how to allow other connections like Smart_Phones that connect via Port 25. I am thinking if I put rules in place doing connection counts in a minute it would result in errors connecting to the server and people would start complaining. Plus any limiting may result in blocking real traffic. Then would I need to allow the ISP range in the above example to accept port 25, I am still left with how to drop a flood/denial of service attack.
Can I, with only the use of IPTABLES, limit the incoming bandwith for a protocol? We have for example servers that have a FTP and HTTP server running and whenever HTTP has a lot of connections open, the other uploads/downloads get a timeout. I know I can limit the number of connections but prefer to limit on protocol level. Is this possible using IPTABLES and if so, can someone indicate how to proceed or provide a link? If it's not possible can someone point me to the right tool for the job?
View 6 Replies View RelatedHow to number of connections for a single ip on port 80 to CentOS 5.5 with iptables? connlimit did not work on CentOS and nginx does not provide a module for that
View 4 Replies View RelatedI have an init script running as a special build user which performs an automated build that fails with (Too many open files).I updated /etc/security/limits to allow the special user more open files, but that didn't work - the init script still isn't allowed more open files.Here's a demonstration of the problem;
Code:
$ su - sbsbuild -c "ulimit -n"
Password:
[code]....
This might sound really stupid, so you'll all have to excuse my lacking knowledge. I read that USB attacks get more and more common, like putting in an USB stick with a malicious autorun script on it, and it's game over. Can AppArmor protect devices and limit their access to the file system?
View 5 Replies View RelatedI installed Gnome Nanny. I can choose the times when the computer can be used and limit the internet. However, these times are not being enforced. Is there some other settings that are used to enforce these settings?
View 9 Replies View RelatedI'm trying to limit access to port 8443 on our server to 2 specific IP addresses. For some reason, access is still being allowed even though I drop all packets that aren't from the named IP addresses. The default policy is ACCEPT on the INPUT chain and this is how we want to keep it for various reasons I wont get into here. Here's the output from iptables -vnL
[Code]...
Note the actual IP we are using is masked here with 123.123.123.123. Until I can get everything working properly, we're only allowing access from 1 IP instead of 2. We can add the other one once it all works right. I haven't worked with iptables very much. So I'm quite confused about why packets matching the DROP criteria are still being allowed.
I'm running Fedora 15, and am trying to run a program that uses gsoap/soapcpp2 2.7.17 to communicate with different parts of the program. As far as I know everything has compiled correctly and I am using the same versions of the required libraries as several working installations. However, every single time the program tries to open a port, the program is unable to do so. This happens no matter what port I specify.
if there is anything in fedora that would limit or disable the ability of the program to open a port to start communicating. I have tried disabling the firewall with no change to the behaviour.