| |
 |
|
|
Linux Forum Index » Linux Security » PSQL / Apache process memory cpu limits (prevent DOS)...
Page 1 of 1
|
| Author |
Message |
| ... |
 Posted: Sat Jun 28, 2008 2:01 pm |
|
|
|
Guest
|
Howdy,
As part of securing my Linux machine, i would like to impose limits on
PSQL database and Apache web server daemons (and others) from
consuming excessive memory, cpu, disk IO and child processes.
Basically i would like to prevent a DOS attack by way of limiting the
amount of memory cpu disk and processes daemons such as Apache and
Postgresql.
Preferably i would like to set the limits *external* to the daemon.
For example: the OS itself prevents the daemons from consuming
excessive resources. (e.g. not limiting the amount of child processes
from within Apache)
The security ideology that i am following is, if someone attempts a
buffer overflow that goes wrong, and the PSQL daemon begins to
increase memory consumption, i would not like it to consume all memory
available to my machine (as an example).
AFAIK xinetd is a TCP wrapper daemon that can prevent excessive tcp
connections (processes etc etc) - but i would like to include memory
consumption, disk io as well.
Any thoughts about if this is the correct path to take, how i could
accomplish this ideology, would be greatly appreciated.
Thanks in advance
dirk |
|
|
| Back to top |
|
| Fred Weigel... |
| Posted: Thu Jul 03, 2008 2:05 pm |
|
|
|
Guest
|
geemail99 at (no spam) gmail.com wrote:
Quote: Howdy,
As part of securing my Linux machine, i would like to impose limits on
PSQL database and Apache web server daemons (and others) from
consuming excessive memory, cpu, disk IO and child processes.
man ulimit
Quote:
Basically i would like to prevent a DOS attack by way of limiting the
amount of memory cpu disk and processes daemons such as Apache and
Postgresql.
Preferably i would like to set the limits *external* to the daemon.
For example: the OS itself prevents the daemons from consuming
excessive resources. (e.g. not limiting the amount of child processes
from within Apache)
The security ideology that i am following is, if someone attempts a
buffer overflow that goes wrong, and the PSQL daemon begins to
increase memory consumption, i would not like it to consume all memory
available to my machine (as an example).
AFAIK xinetd is a TCP wrapper daemon that can prevent excessive tcp
connections (processes etc etc) - but i would like to include memory
consumption, disk io as well.
Any thoughts about if this is the correct path to take, how i could
accomplish this ideology, would be greatly appreciated.
Thanks in advance
dirk
|
|
|
| Back to top |
|
| |
|
Page 1 of 1
All times are GMT - 5 Hours
The time now is Thu Nov 20, 2008 2:43 am
|
|