Changing operating system settings
Make changes to the operating system settings before you use IBM® Safer Payments.
- Log in as root.
- The default number of maximum open file descriptors on CentOS/RHEL systems is 1024 per process
for normal users. To verify the limit that is valid for your system, run the following command:
# cat /proc/sys/fs/file-max
- Open the file /etc/security/limits.conf.
- If the recommended limit of 16384/32768 is valid for your system, add the following
lines:
Where SPUser is the name of the user account that you intend to run IBM Safer Payments under.SPUser hard nofile 32768 SPUser soft nofile 16384
- To enable IBM Safer
Payments to run
priority-based thread scheduling, you must also add the following line:
SPUser - rtprio 20
- IBM Safer
Payments starts numerous CPU
threads for parallel processing of messages and simulations. To ensure that the operating system can
handle all threads, you must increase the number of maximum user processes. To do so, also add the
following line:
SPUser - nproc 8192
- IBM Safer
Payments locks some regions in
memory to prevent sensitive data like encryption keys from being swapped to disk. To allow this,
ensure that the
RLIMIT_MEMLOCK
resource limit has at least 16MB. Add the following lines:SPUser hard memlock 16384 SPUser soft memlock 16384
- Summary of necessary changes to /etc/security/limits.conf. In this example,
the user name of the process that is running IBM Safer
Payments is SPUser.
SPUser hard nofile 32768 SPUser soft nofile 16384 SPUser - rtprio 20 SPUser - nproc 8192 SPUser hard memlock 16384 SPUser soft memlock 16384
- Save /etc/security/limits.conf and restart.
- Verify the new settings (optional). Run:
ulimit -a
Firewall settings
Before you start IBM Safer Payments, check your firewall settings to allow IP messaging between the cluster instances and other systems.
To change your local firewall settings, use firewall-cmd on RHEL.
For more information about how to secure your operating system, see RHEL 8: Using and configuring Firewalld.