6.2 Ensure that operating system resource limits are set for MongoDB

Information

Operating systems provide ways to limit and control the usage of system resources such as threads, files, and network connections on a per-process and per-user basis

These ulimits prevent a single user from consuming too many system resources.

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.

Solution

Every deployment may have unique requirements and settings. Recommended thresholds and settings are particularly important for MongoDB deployments:

- f (file size): unlimited
- t (cpu time): unlimited
- v (virtual memory): unlimited [1]
- n (open files): 64000
- m (memory size): unlimited [1] [2]
- u (processes/threads): 64000

Restart the mongod and mongos instances after changing the ulimit settings to ensure that the changes take effect.

See Also

https://workbench.cisecurity.org/benchmarks/15675

Item Details

Category: SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|SC-6

Plugin: Unix

Control ID: 4e3799499c11bdca0aead9ae93fd211691d0fbaf3577aacf6f2fb83be206a411