Re: fork bomb protection
On Fri, 1 Feb 2002 06:16, martin f krafft wrote: also sprach Thedore Knab [EMAIL PROTECTED] [2002.01.31.1922 +0100]: Is there a way in the 2.4.17 kernel to prevent fork bombs from crashing a system ? have a look at the kernel patches at www.grsecurity.net. i believe a debian package is in the works. I first packaged the kernel patch for that in November last year. I have since passed it on to Jonathan McDowell. See http://www.earth.li/~noodles/grsec/ . but ulimit can also do wonders... Ulimit is that this person needs. I fear the students from the Operating Systems class. everyone does. and every students fears the operating systems class :) Wimps. When in OS class I killed two major time-sharing machines (the main staff machine and the main student machine) on a Friday night. The student machine was down for the entire weekend and caused dozens of students to be unable to complete their assignments on time. ;) I'd like to teach an OS class at uni. I'd divide the class into two groups. One group of sys-admins the other hostile-users, then they change sides at half time. It would be fun for everyone! -- http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/projects.html Projects I am working on http://www.coker.com.au/~russell/ My home page -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: fork bomb protection
On Fri, 1 Feb 2002 06:16, martin f krafft wrote: also sprach Thedore Knab [EMAIL PROTECTED] [2002.01.31.1922 +0100]: Is there a way in the 2.4.17 kernel to prevent fork bombs from crashing a system ? have a look at the kernel patches at www.grsecurity.net. i believe a debian package is in the works. I first packaged the kernel patch for that in November last year. I have since passed it on to Jonathan McDowell. See http://www.earth.li/~noodles/grsec/ . but ulimit can also do wonders... Ulimit is that this person needs. I fear the students from the Operating Systems class. everyone does. and every students fears the operating systems class :) Wimps. When in OS class I killed two major time-sharing machines (the main staff machine and the main student machine) on a Friday night. The student machine was down for the entire weekend and caused dozens of students to be unable to complete their assignments on time. ;) I'd like to teach an OS class at uni. I'd divide the class into two groups. One group of sys-admins the other hostile-users, then they change sides at half time. It would be fun for everyone! -- http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/projects.html Projects I am working on http://www.coker.com.au/~russell/ My home page
fork bomb protection
I am an admin of a Debian woody Linux box for computer science majors. The machine is running the 2.4.17 kernel with iptables and quotas. Although I have spent a lot of time securing things, I still fear that fork bombs may kill the box. Is there a way in the 2.4.17 kernel to prevent fork bombs from crashing a system ? I fear the students from the Operating Systems class. Ted Knab -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: fork bomb protection
On Thu, 31 Jan 2002, Thedore Knab wrote: Although I have spent a lot of time securing things, I still fear that fork bombs may kill the box. Is there a way in the 2.4.17 kernel to prevent fork bombs from crashing a system ? I think ulimit (builtin of bash) is your friend. Try ulimit -u. See bash(1). I fear the students from the Operating Systems class. Well, they can just sabotage themselves, or is there anything critical running on those machines? Alex -- Forgive me, but I'm talking to a politician. John Simpson, BBC World -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: fork bomb protection
also sprach Thedore Knab [EMAIL PROTECTED] [2002.01.31.1922 +0100]: Is there a way in the 2.4.17 kernel to prevent fork bombs from crashing a system ? have a look at the kernel patches at www.grsecurity.net. i believe a debian package is in the works. but ulimit can also do wonders... I fear the students from the Operating Systems class. everyone does. and every students fears the operating systems class :) -- martin; (greetings from the heart of the sun.) \ echo mailto: !#^.*|tr * mailto:; net@madduck it is only the modern that ever becomes old-fashioned. -- oscar wilde msg05150/pgp0.pgp Description: PGP signature
RE: fork bomb protection
Maybe PAM offer some features for this anders # -Original Message- # From: Thedore Knab [mailto:[EMAIL PROTECTED]] # Sent: 31. januar 2002 19:22 # To: [EMAIL PROTECTED] # Subject: fork bomb protection # # # I am an admin of a Debian woody Linux box for computer science majors. # # The machine is running the 2.4.17 kernel with iptables and quotas. # # Although I have spent a lot of time securing things, I still # fear that fork bombs may kill the box. # # Is there a way in the 2.4.17 kernel to prevent fork bombs # from crashing a system ? # # I fear the students from the Operating Systems class. # # Ted Knab # # # -- # To UNSUBSCRIBE, email to [EMAIL PROTECTED] # with a subject of unsubscribe. Trouble? Contact # [EMAIL PROTECTED] # # -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: fork bomb protection - thanks
Thanks for the tip. ted@albert:~$ ulimit -a core file size(blocks, -c) 0 data seg size (kbytes, -d) unlimited file size (blocks, -f) unlimited max locked memory (kbytes, -l) unlimited max memory size (kbytes, -m) unlimited open files(-n) 1024 pipe size (512 bytes, -p) 8 stack size(kbytes, -s) 8192 cpu time (seconds, -t) unlimited max user processes(-u) 50 virtual memory(kbytes, -v) unlimited Ted Knab -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: fork bomb protection
On Thu, 31 Jan 2002, Alexander List wrote: Is there a way in the 2.4.17 kernel to prevent fork bombs from crashing a system ? I think ulimit (builtin of bash) is your friend. Try ulimit -u. See bash(1). To add to this: Make sure this is done with hard limits, so they can't be raised. Also, consider setting values for memory, cpu time and others (not just processes). Set it in the /etc/profile; this system-wide config is used by bash, sh (ash), and ksh (and other shells). But your users may use chsh(1) to change their shell to bypass bash (and not use your defined limits). If using csh, look at /etc/csh.cshrc and /etc/csh.login; also it uses the limit command instead of ulimit. (Check your manual pages for the shells listed in /etc/shells.) For PAM, look at /etc/pam.conf, /etc/pam.d/*, pam_limits.so and /etc/security/limits.conf (or /etc/limits). Good luck, Jeremy C. Reed echo '9,J8HD,fDGG8B@?:536FC5=8@I;C5?@H5B0D@5GBIELD54DL@8L?:5GDEJ8LDG1' |\ sed ss,s50EBsg | tr 0-M 'p.wBt SgiIlxmLhan:o,erDsduv/cyP' -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]