Hi, On Wed, Jun 8, 2011 at 10:01 AM, Amar Akshat <amar.aks...@gmail.com> wrote:
> Hi All, > I have been lately disturbed by my fellow novice intern admins who have > been granted super user privileges. They are all trying the kiddish stuff and it > upsets the environment, and more over I am unable to hang around and see > what is happening and fix that. > > Lately some of them have discovered "fork bomb", example > > :(){ :|: & };: > > > and this works in my personal Ubuntu v-machines. I have figured out that if > run as root, this would keep on exhausting memory and system ultimately > goes > down very slow. > > Is there a way we can tweak the ulimit - user limit for all users. > http://www.linuxforums.org/forum/security/90836-user-limits-linux.html - > wasn't so helpful. > Try 'setrlimit' to set RLIMIT_NPROC to some agreeable value. NPROC is the number of processes a user can create. Limiting them will atleast leave you with enough resources to start a shell and kill the offending process (bash in this case). ulimit will not work if you don't have pam_limits module for your kernel (it's not built by default). Try loading pam_limits module manuallly and see if the limits in /etc/security/limits.conf are honored then. There is no definite solution to preventing a fork_bomb as such, but patches like this http://grsecurity.net/ may help you finding which user started the fork bomb, though it might be an overkill for single user systems. > > So typically in our environment, we all login as personal user (eg. > amarakshat) and then we do #sudo su - to become root. However root is still > logged in via a user, and if I can limit the user's memory, I can limit the > maximum memory this "FORK BOMB" can consume. > A fork bomb creates a large number of processes thereby draining the systems resources. Even if it is using a very small memory footprint, the sheer number of processes will always make your OS stall. Instead, you need to put a limit on the number of processes a user can create, somewhere around 200-400 is a decent range. > > Any comments ? > -- > Amar Akshat > Wells Fargo > > "Real Programmers always confuse Christmas and Halloween because Oct31 == > Dec25." > _______________________________________________ > Ilugd mailing list > Ilugd@lists.linux-delhi.org > http://frodo.hserus.net/mailman/listinfo/ilugd > -- -- Ankit Chaturvedi GPG: 05DE FDC5 468B 7D9F 9F45 72F1 F7B9 9E16 ECA2 CC23 <http://www.google.com/profiles/ankit.chaturvedi> _______________________________________________ Ilugd mailing list Ilugd@lists.linux-delhi.org http://frodo.hserus.net/mailman/listinfo/ilugd