In light of the recent DDOS / Buffer overflow exploits that have popped up recently, I have been thinking,
Couldn't we just do a system wide CPU% usage limit, on every user... I have looked into /etc/security/limits.conf, as well as ulimit, but it seems these both work on a time spent, limit, as opposed to a %used limit. I want to say, don't let any process by user, httpd, collectively, or singularly, use more than 60% of the system cpu. Ulimit is of no use as the user doesn't login, and limits.conf, only seems to limit the amount of cpu time one process is allowed, as opposed to doing what I require. I would like to lock down a few users aswell, who run some perl scripts, which have the 'potential' to be used to resource starve the box... Anyone got any thoughts / recommendations on how to effectively, not allow user X to use more then Y% of the cpu, across all their processes? Thanks Jamie _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
