{"description": "To set the runtime status of the <code>kernel.pid_max</code> kernel parameter, run the following command: <pre>$ sudo sysctl -w kernel.pid_max=65536</pre>\nTo make sure that the setting is persistent, add the following line to a file in the directory <tt>/etc/sysctl.d</tt>: <pre>kernel.pid_max = 65536</pre>", "rationale": "The <tt>kernel.pid_max</tt> parameter configures upper limit on process\nidentifiers (PID). If this number is not high enough, it might happen that\nforking of new processes is not possible, because all available PIDs are\nexhausted. Increasing this number enhances availability.", "severity": "medium", "references": {"anssi": ["R9"]}, "control_references": {"anssi": ["R9"]}, "components": [], "identifiers": {}, "ocil_clause": "the correct value is not returned", "ocil": "The runtime status of the <code>kernel.pid_max</code> kernel parameter can be queried\nby running the following command:\n<pre>$ sysctl kernel.pid_max</pre>\n<code>65536</code>.\n", "oval_external_content": null, "fixtext": "", "checktext": "", "vuldiscussion": "", "srg_requirement": "", "warnings": [], "conflicts": [], "requires": [], "policy_specific_content": {}, "platform": "system_with_kernel", "platforms": ["system_with_kernel"], "sce_metadata": {"check-import": "stdout", "platform": ["multi_platform_all"], "environment": "any", "filename": "sysctl_kernel_pid_max.sh", "relative_path": "ubuntu2204/checks/sce/sysctl_kernel_pid_max.sh"}, "inherited_platforms": [], "cpe_platform_names": ["system_with_kernel"], "inherited_cpe_platform_names": [], "bash_conditional": null, "fixes": {}, "title": "Configure maximum number of process identifiers", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/system/permissions/restrictions/sysctl_kernel_pid_max/rule.yml", "template": {"name": "sysctl", "vars": {"sysctlvar": "kernel.pid_max", "sysctlval": "65536", "datatype": "int"}, "backends": {}}}