session required /lib/security/pam_limits.soConfiguration in /etc/security/limits.conf.
Disable core dumpsCore files can be created when a program crashes. They have been used in security exploits, overwriting system files, or by containing sensitive information (such as passwords).
* hard core 0
Maximum data sizePrevent an attacker from trying to fill up the partitions your log files are stored on (10Mb):
@notroot hard data 10240
Number of times a user can login
@users hard maxlogins 2
Maximum CPU timeThis is very useful for preventing run-away processes from eating up all the cpu time (in minutes).
@users hard cpu 15
Maximum number of processesTo prevent fork bombs:
* hard nproc 75
Maximum memory per processHere we limiting to 10Mb:
* hard rss 10240
Check users in groupThe output below shows who is in group users:
deby:~# grep ^users: /etc/group users:x:100:You can add user to this group:
usermod -a -G users user1The best way to go with limits is to make them as low as possible, monitor it and increase limits as needed if any.