How to: Prevent a fork bomb by limiting user process
Earlier, I wrote about fork bomb, few readers like to know about getting protection against such attacks:
How do I protect my system from a fork bomb under Linux?
Limiting user processes is important for running a stable system. To limit user process just add user name or group or all users to /etc/security/limits.conf file and impose process limitations.
Understanding /etc/security/limits.conf file
Each line describes a limit for a user in the form:
<domain> <type> <item> <value>
Where:
- <domain> can be:
- an user name
- a group name, with @group syntax
- the wildcard *, for default entry
- the wildcard %, can be also used with %group syntax, for maxlogin limit
- <type> can have the two values:
- "soft" for enforcing the soft limits
- "hard" for enforcing hard limits
- <item> can be one of the following:
- core - limits the core file size (KB)
- <value> can be one of the following:
- core - limits the core file size (KB)
- data - max data size (KB)
- fsize - maximum filesize (KB)
- memlock - max locked-in-memory address space (KB)
- nofile - max number of open files
- rss - max resident set size (KB)
- stack - max stack size (KB)
- cpu - max CPU time (MIN)
- nproc - max number of processes
- as - address space limit
- maxlogins - max number of logins for this user
- maxsyslogins - max number of logins on the system
- priority - the priority to run user process with
- locks - max number of file locks the user can hold
- sigpending - max number of pending signals
- msgqueue - max memory used by POSIX message queues (bytes)
- nice - max nice priority allowed to raise to
- rtprio - max realtime priority
- chroot - change root to directory (Debian-specific)
Login as the root and open configuration file:
# vi /etc/security/limits.conf
Following will prevent a "fork bomb":
vivek hard nproc 300
@student hard nproc 50
@faculty soft nproc 100
@pusers hard nproc 200
Above will prevent anyone in the student group from having more than 50 processes, faculty and pusers group limit is set to 100 and 200. Vivek can create only 300 process. Please note that KDE and Gnome desktop system can launch many process.
Save and close the file. Test your new system by dropping a form bomb:
$ :(){ :|:& };:
Want to stay up to date with the latest Linux tips, news and announcements? Subscribe to our free e-mail newsletter or RSS feed to get all updates.
You can Email this page to a friend.
You may also be interested in other helpful articles:
- Linux Setting processor affinity for a certain task or process
- Killing zombie process
- What is the difference between a daemon and a server process?
- Block outgoing network access for a single user from my server using iptables
- Understanding UNIX process creation
Discussion on This Article:
Leave a Reply
We encourage your comments, and suggestions. But please stay on topic, be polite, and avoid spam. Thank you very much for stopping by our site!
Tags: /etc/security/limits.conf, create stable system, fork bomb, limit processes, linux processes limitations



Could you tell me what it’s the difference between hard and soft limits?
People told me soft is like warning and hard is real max limit, but I’m not sure
@RuBiCK,
Yup, you are correct about soft and hard limit. For example, following will prevent anyone in the student group from having more than 50 processes, and a warning will be given at 30 processes.
@student soft nproc 30@student hard nproc 50
HTH
Could you explain how does that form bomb work?
Is there a reason to limit core dump file sizes? I am usually in the process of doing so mainly because I don’t like to set anything to unlimited
@Igor, see
http://www.cyberciti.biz/faq/understanding-bash-fork-bomb/
@JV,
Limit disk space.
is there a way to activate these settings on a running system? Currently i have not found any other solution that to reboot to make the settings active
(using debian etch)
man ulimit
google linux sysctl limit proccess
Actually soft limits work like hard limits except, that the user can change them up to the hard limit.
Say:
@student soft nproc 30@student hard nproc 50
@students can run 30 process. After that starting processes will fail. But an
ulimit -Su 50will make it possible for them to run 50 processes, in that shell until the next logout.
To make changes work, the user has to logout and login again. All user already logged in are able to work as before.
sandoz
Tried the Fork BOmb… Worked perfectly