6.2 Ensure that operating system resource limits are set for MongoDB

Information

Operating systems provide ways to limit and control the usage of system resources such as threads, files, and network connections on a per-process and per-user basis

Rationale:

These ulimits prevent a single user from consuming too many system resources.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

Every deployment may have unique requirements and settings. Recommended thresholds and settings are particularly important for MongoDB deployments:

f (file size): unlimited

t (cpu time): unlimited

v (virtual memory): unlimited [1]

n (open files): 64000

m (memory size): unlimited [1] [2]

u (processes/threads): 64000

Restart the mongod and mongos instances after changing the ulimit settings to ensure that the changes take effect.

Default Value:

Not configured

See Also

https://workbench.cisecurity.org/files/3560

Item Details

Category: ACCESS CONTROL, SYSTEM AND INFORMATION INTEGRITY

References: 800-53|AC-17(3), 800-53|SI-7

Plugin: Unix

Control ID: 9d53b623747e71bc383f3c97a2725ecacde61b81d90c36922baa60a9c6da0e75