PSQL / Apache process memory cpu limits (prevent DOS) - Security

This is a discussion on PSQL / Apache process memory cpu limits (prevent DOS) - Security ; Howdy, As part of securing my Linux machine, i would like to impose limits on PSQL database and Apache web server daemons (and others) from consuming excessive memory, cpu, disk IO and child processes. Basically i would like to prevent ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: PSQL / Apache process memory cpu limits (prevent DOS)

  1. PSQL / Apache process memory cpu limits (prevent DOS)

    Howdy,

    As part of securing my Linux machine, i would like to impose limits on
    PSQL database and Apache web server daemons (and others) from
    consuming excessive memory, cpu, disk IO and child processes.

    Basically i would like to prevent a DOS attack by way of limiting the
    amount of memory cpu disk and processes daemons such as Apache and
    Postgresql.

    Preferably i would like to set the limits *external* to the daemon.
    For example: the OS itself prevents the daemons from consuming
    excessive resources. (e.g. not limiting the amount of child processes
    from within Apache)

    The security ideology that i am following is, if someone attempts a
    buffer overflow that goes wrong, and the PSQL daemon begins to
    increase memory consumption, i would not like it to consume all memory
    available to my machine (as an example).

    AFAIK xinetd is a TCP wrapper daemon that can prevent excessive tcp
    connections (processes etc etc) - but i would like to include memory
    consumption, disk io as well.


    Any thoughts about if this is the correct path to take, how i could
    accomplish this ideology, would be greatly appreciated.


    Thanks in advance
    dirk


  2. Re: PSQL / Apache process memory cpu limits (prevent DOS)

    geemail99@gmail.com wrote:
    > Howdy,
    >
    > As part of securing my Linux machine, i would like to impose limits on
    > PSQL database and Apache web server daemons (and others) from
    > consuming excessive memory, cpu, disk IO and child processes.


    man ulimit

    >
    > Basically i would like to prevent a DOS attack by way of limiting the
    > amount of memory cpu disk and processes daemons such as Apache and
    > Postgresql.
    >
    > Preferably i would like to set the limits *external* to the daemon.
    > For example: the OS itself prevents the daemons from consuming
    > excessive resources. (e.g. not limiting the amount of child processes
    > from within Apache)
    >
    > The security ideology that i am following is, if someone attempts a
    > buffer overflow that goes wrong, and the PSQL daemon begins to
    > increase memory consumption, i would not like it to consume all memory
    > available to my machine (as an example).
    >
    > AFAIK xinetd is a TCP wrapper daemon that can prevent excessive tcp
    > connections (processes etc etc) - but i would like to include memory
    > consumption, disk io as well.
    >
    >
    > Any thoughts about if this is the correct path to take, how i could
    > accomplish this ideology, would be greatly appreciated.
    >
    >
    > Thanks in advance
    > dirk
    >


+ Reply to Thread