Produced by Araxis Merge on 5/14/2018 1:18:38 PM Eastern Daylight Time. See www.araxis.com for information about Merge. This report uses XHTML and CSS2, and is best viewed with a modern standards-compliant browser. For optimum results when printing this report, use landscape orientation and enable printing of background images and colours in your browser.
| # | Location | File | Last Modified |
|---|---|---|---|
| 1 | MCCF_EDI_TAS_Infrastructure.zip\MCCF_EDI_TAS_Infrastructure\mag_sys_build\playbooks | limit_resources.yml | Tue Mar 27 23:51:10 2018 UTC |
| 2 | MCCF_EDI_TAS_Infrastructure.zip\MCCF_EDI_TAS_Infrastructure\mag_sys_build\playbooks | limit_resources.yml | Tue May 8 03:18:56 2018 UTC |
| Description | Between Files 1 and 2 |
|
|---|---|---|
| Text Blocks | Lines | |
| Unchanged | 2 | 194 |
| Changed | 1 | 2 |
| Inserted | 0 | 0 |
| Removed | 0 | 0 |
| Whitespace | |
|---|---|
| Character case | Differences in character case are significant |
| Line endings | Differences in line endings (CR and LF characters) are ignored |
| CR/LF characters | Not shown in the comparison detail |
No regular expressions were active.
| 1 | # Ansible Playbook | |
| 2 | # Erik van Oudheusde n PII - 28 Sep 2 017 | |
| 3 | # | |
| 4 | # 6.14.19 System Res ource Mana gement | |
| 5 | ||
| 6 | --- | |
| 7 | - name: Sy stem Resou rce Manage ment | |
| 8 | hosts: r hel7 | |
| 9 | become: yes | |
| 10 | tasks: | |
| 11 | - name: edit 50-cr isp.conf | |
| 12 | blocki nfile: | |
| 13 | path : /etc/sec urity/limi ts.d/50-cr isp.conf | |
| 14 | crea te: yes | |
| 15 | back up: yes | |
| 16 | mark er: "## {m ark} Added for VA CR ISP" | |
| 17 | owne r: root | |
| 18 | grou p: root | |
| 19 | mode : 0644 | |
| 20 | cont ent: | | |
| 21 | # CRISP Base line | |
| 22 | * hard core 0 | |
| 23 | * hard fsize 10 2400 | |
| 24 | * hard nproc 15 0 | |
| 25 | ro ot - fsize -1 | |
| 26 | ro ot - nproc -1 | |
| 27 | @w heel - fsize -1 | |
| 28 | @w heel - nproc -1 | |
| 29 | # End of fil e | |
| 30 | ||
| 31 | - name: edit 50-cr isp.conf | |
| 32 | blocki nfile: | |
| 33 | path : /etc/sys ctl.d/50-c risp.conf | |
| 34 | crea te: yes | |
| 35 | back up: yes | |
| 36 | mark er: "## {m ark} Added for VA CR ISP" | |
| 37 | owne r: root | |
| 38 | grou p: root | |
| 39 | mode : 0644 | |
| 40 | cont ent: | | |
| 41 | # Kernel sys ctl config uration fi le for Red Hat Linux | |
| 42 | # | |
| 43 | # For binary values, 0 is disabl ed, 1 is e nabled. | |
| 44 | ||
| 45 | # Controls t he System Request de bugging fu nctionalit y of | |
| 46 | # the kernel | |
| 47 | ke rnel.sysrq = 0 | |
| 48 | ||
| 49 | # Controls w hether cor e dumps wi ll append the PID to the core filename. | |
| 50 | # Useful for debugging multi-thr eaded appl ications. | |
| 51 | ke rnel.core_ uses_pid = 1 | |
| 52 | ||
| 53 | # CRISP Base line | |
| 54 | ||
| 55 | # ExecShield describes kernel fe atures tha t provide protection | |
| 56 | #a gainst exp loitation of memory corruption errors su ch as | |
| 57 | #b uffer over flows | |
| 58 | ke rnel.exec- shield=1 | |
| 59 | ||
| 60 | # Enable Ran domized La yout of Vi rtual Addr ess Space | |
| 61 | ke rnel.rando mize_va_sp ace = 2 | |
| 62 | ||
| 63 | #R estrict Ac cess to Ke rnel Messa ge Buffer | |
| 64 | ke rnel.dmesg _restrict = 1 | |
| 65 | ||
| 66 | #d isable cor e dumps fo r SUID pro grams | |
| 67 | fs .suid_dump able = 0 | |
| 68 | ||
| 69 | # Controls I P packet f orwarding | |
| 70 | ||
| 71 | ne t.ipv4.ip_ forward = 0 | |
| 72 | ||
| 73 | # Controls s ource rout e verifica tion | |
| 74 | ne t.ipv4.con f.default. rp_filter = 1 | |
| 75 | ne t.ipv4.con f.all.rp_f ilter = 1 | |
| 76 | ||
| 77 | # Do not acc ept source routing | |
| 78 | ne t.ipv4.con f.default. accept_sou rce_route = 0 | |
| 79 | ne t.ipv4.con f.all.acce pt_source_ route = 0 | |
| 80 | ||
| 81 | # Protect ag ainst SYN floods | |
| 82 | ne t.ipv4.tcp _max_syn_b acklog = 4 096 | |
| 83 | ne t.ipv4.tcp _syncookie s = 1 | |
| 84 | ||
| 85 | # Do not par ticipate i n SMURF at tacks | |
| 86 | ne t.ipv4.icm p_echo_ign ore_broadc asts = 1 | |
| 87 | ||
| 88 | # Do not be overly ver bose in lo gging | |
| 89 | ne t.ipv4.icm p_ignore_b ogus_error _responses = 1 | |
| 90 | ||
| 91 | # Do not acc ept or sen d redirect s | |
| 92 | ne t.ipv4.con f.default. accept_red irects =0 | |
| 93 | ne t.ipv4.con f.all.acce pt_redirec ts = 0 | |
| 94 | ne t.ipv4.con f.default. secure_red irects = 0 | |
| 95 | ne t.ipv4.con f.all.secu re_redirec ts = 0 | |
| 96 | ne t.ipv4.con f.default. send_redir ects = 0 | |
| 97 | ne t.ipv4.con f.all.send _redirects = 0 | |
| 98 |
Araxis Merge (but not the data content of this report) is Copyright © 1993-2016 Araxis Ltd (www.araxis.com). All rights reserved.