store | blogs | forums | twitter | facebook | wiki | downloads | support portal
Atomic Secure Linux
It is currently Tue Sep 02, 2014 12:15 am

» Feed - Atomicorp

All times are UTC - 5 hours [ DST ]




Post new topic Reply to topic  [ 3 posts ] 
Author Message
 Post subject: Apache Rlimits
Unread postPosted: Tue Jan 13, 2009 4:26 pm 
Offline
Forum Regular
Forum Regular

Joined: Mon Oct 29, 2007 6:51 pm
Posts: 644
Much like the TraceEnable directive you added to the httpd.conf file I think having the RLimit directives added in could also be a good idea.

RlimitCPU
RLimitNPROC
RLimitMEM

CPU and MEM should be tailored to the users server based on the detected CPU and Memory (and arch).


Top
 Profile  
 
 Post subject:
Unread postPosted: Tue Jan 20, 2009 8:16 pm 
Offline
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
User avatar

Joined: Thu Feb 07, 2008 7:49 pm
Posts: 3626
Location: Chantilly, VA
Added to feature queue for feasibility research.

_________________
Michael Shinn
Atomicorp - Security For Everyone

Co-Author of Troubleshooting Linux Firewalls.


Top
 Profile  
 
 Post subject: Re: Apache Rlimits
Unread postPosted: Tue Mar 31, 2009 3:15 pm 
Offline
Forum Regular
Forum Regular

Joined: Mon Oct 29, 2007 6:51 pm
Posts: 644
What sort of limits do you think are good?
RLimitCPU - say 70-80% ?

RLimitNPROC should not be less than MaxClients, and for things like SuExec and possibly the new php-cgi it may spawn more child processes, so something like (MaxClients + 20)?

RLimitMEM is per process limit so I can suggest to find maximum value of virtual memory size and then double it
( (ps h -U apache -ovsz | sort -rn | head -1) * 2 ) * 1024)
(you have to multiply by 1024 because it reports back in KB and RLimitMEM is in bytes)

Across all of my systems:
this was the highest number of an individual system 4464189440
This was the average of several dozen 2981020558

So a Good(?) proposed limit:
RLimitCPU 75
RLimitNPROC 535 (assuming max clients is 512)
RLimitMEM 3500000000


Thoughts?


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 3 posts ] 

» Feed - Atomicorp

All times are UTC - 5 hours [ DST ]


Who is online

Users browsing this forum: No registered users and 2 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group