[2326] in linux-security and linux-alert archive
[linux-security] Re: IPMASQ and lock-up of all terminals ----
daemon@ATHENA.MIT.EDU (Pantalache Dalis-Adrian)
Sat Apr 8 12:24:33 2000
Date: Sat, 8 Apr 2000 10:22:44 +0000 (UCT)
From: Pantalache Dalis-Adrian <dalis@electron.upit.ro>
To: linux-security@redhat.com
In-Reply-To: <8cacuh$4n1$1@sana.furryterror.org>
Message-ID: <Pine.LNX.4.21.0004081013170.7640-100000@electron.upit.ro>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Resent-From: linux-security@redhat.com
On 3 Apr 2000, Zygo Blaxell wrote:
> >3) Is there a way of directly testing whether I am the victim of an
> >occasionally fork bomb or DOS attack? Is there a way I can correct this?
>
> Logging...lots of logging.
>
> You'd probably notice a fork bomb with tools as basic as 'ps' or 'top'--if
> you got there fast enough. If you're too late...well, you can't ask the
> machine if it's running a fork bomb because it's too busy forking to
> respond to you. ;-)
>
>
A solution is
put in
/etc/pam.d/login
session required /lib/security/pam_limits.so
and in other config pam ex.
/etc/pam.d/ssh
......
then
in /etc/security/limits.conf
* hard nproc 15
read the limits.conf for more
and try a fork bomb
try before zis
#!/bin/sh
$0&$0&
and after modification
15 is the number of the proces per user
--
Pantalache Dalis-Adrian
+---------------------------------+
| Linux Sysadmin |
| |
| dalis@electron.upit.ro |
| dalis@agersystems.ro |
+---------------------------------+
--
----------------------------------------------------------------------
Please refer to the information about this list as well as general
information about Linux security at http://www.aoy.com/Linux/Security.
----------------------------------------------------------------------
To unsubscribe:
mail -s unsubscribe linux-security-request@redhat.com < /dev/null
