Sample Web Portal Linux Security Limits configuration script for Linux kernels 3.0 and newer
This script is provided only as a sample and should be tested before production implementation!
#!/bin/sh
# are we running as root
CU=`whoami`
if [ "$CU" != "root" ]; then
echo "This script must be executed as root"
exit
fi
# Prompt for a user name...
echo "Please enter the Apache user (e.g.: www-data):"
read USERNAME
echo "Your answer: ${USERNAME}"
if [ -z "$USERNAME" ]; then
echo "No Apache user provided";
exit
else
APACHE_USER=$USERNAME
fi
#validate the user exists
USR_EXISTS=`cat /etc/passwd | grep $APACHE_USER | cut -d: -f3 | wc -l`
if [ $USR_EXISTS -eq 0 ]; then
echo "User ${APACHE_USER} does not exit."
exit
fi
echo "###########################" > infratrack_limits.conf
echo "### Security Limits ###" >> infratrack_limits.conf
echo "###########################" >> infratrack_limits.conf
echo "${APACHE_USER} hard nofile 65536" >> infratrack_limits.conf
echo "${APACHE_USER} soft nofile 32768" >> infratrack_limits.conf
echo "${APACHE_USER} hard nproc 32768" >> infratrack_limits.conf
echo "${APACHE_USER} soft nproc 16384" >> infratrack_limits.conf
CURRENT=$(date +%Y%m%d%H%M%S)
cp /etc/security/limits.conf /etc/security/limits.conf.$CURRENT
mv infratrack_limits.conf /etc/security/limits.conf
Save the content to kernel_security.sh, make the file executable and run it as root user. The original file will be backed up as /etc/security/limits.conf.<%Y%m%d%H%M%S>
Restart your machine