Prevent a fork bomb by limiting user process


 fork bomb is a denial-of-service attack whereby a process continually replicates itself to deplete available system resources. It can be prevented by limiting user processes.  Limiting user processes is important for running a stable system. To limit user process just add user name or group or all users to /etc/security/limits.conf file and impose process limitations.
Understanding /etc/security/limits.conf file

  • <domain> can be:
  • an user name
  • a group name, with @group syntax
  • the wildcard *, for default entry
  • the wildcard %, can be also used with %group syntax, for maxlogin limit
  • <type> can have the two values:
  • "soft" for enforcing the soft limits
  • "hard" for enforcing hard limits
  • <item> can be one of the following:
  • core - limits the core file size (KB)
  • <value> can be one of the following:
  • core - limits the core file size (KB)
  • data - max data size (KB)
  • fsize - maximum filesize (KB)
  • memlock - max locked-in-memory address space (KB)
  • nofile - max number of open files
  • rss - max resident set size (KB)
  • stack - max stack size (KB)
  • cpu - max CPU time (MIN)
  • nproc - max number of processes
  • as - address space limit
  • maxlogins - max number of logins for this user
  • maxsyslogins - max number of logins on the system
  • priority - the priority to run user process with
  • locks - max number of file locks the user can hold
  • sigpending - max number of pending signals
  • msgqueue - max memory used by POSIX message queues (bytes)
  • nice - max nice priority allowed to raise to
  • rtprio - max realtime priority
  • chroot - change root to directory (Debian-specific)
@student hard nproc 50 @faculty soft nproc 100 @pusers hard nproc 200

Each line describes a limit for a user in the form:
<domain> <type> <item> <value>
Where:
Login as the root and open configuration file:
# nano /etc/security/limits.conf
Following will prevent a "fork bomb":
hardeep hard nproc 300
Above will prevent anyone in the student group from having more than 50 processes, faculty and pusers group limit is set to 100 and 200. Hardeep can create only 300 process. Please note that KDE and Gnome desktop system can launch many process.
Save and close the file. Test your new system by dropping a form bomb:
$ :(){ :|:& };:
Source: cyberciti

#infizeal#infizealtechnologies#infizealdelhi#hardeepsingh


Comments

  1. Supreme Court’s 2018 choice that lifted a federal ban on sports gambling, clearing finest way|the way in which} for all 50 states to offer it. The amendments have been a part of} a sequence permitted by the Committee on Sport, Culture 솔카지노 and Tourism. In addition, a clause was added specifying that any particular person found in possession of documents related to illegal bookmaking shall be presumed to be operating an illegal gambling operation. PointsBet has a partnership with the Riverboat on the Potomac in Colonial Beach, one of Maryland’s 4 licensed off-track betting sites within the state, thus they already have partial entry to the MD market. Similarly to DraftKings, FanDuel also donated to the ‘Vote Yes to Question 2′ marketing campaign in MD that helped sports betting turn into authorized within the first place.

    ReplyDelete

Post a Comment

Popular posts from this blog

How to hack your xbox 360 completely

Autonomous mobile additive manufacturing robot runs circles around traditional 3D printers

Wii Remote IR Camera Hack with Arduino Interface