ULIMIT for root
Bruno Galindro da Costa
bruno.galindro at gmail.com
Tue Aug 14 22:01:40 UTC 2012
Hi!
The kernel process root's ulimit values? I'm trying to prevent forkbomb
with root account, but no success...
I've changed the max number of process in /etc/security/limits.conf for
root and non root users, rebooted the machine, verified that the limit is
correctly set (via ulimit -u) but the bash forkbomob still works even with
a 100 max process setted. But with a normal user, the kernel prevents the
attack. So, it was processing the ulimit values only for non root users.
root at ubuntu100464bits:~# cat /etc/pam.d/login
auth required pam_tally2.so deny=3 even_deny_root
unlock_time=120
auth optional pam_faildelay.so delay=3000000
auth required pam_securetty.so
auth requisite pam_nologin.so
session [success=ok ignore=ignore module_unknown=ignore
default=bad] pam_selinux.so close
session required pam_env.so readenv=1
session required pam_env.so readenv=1
envfile=/etc/default/locale
@include common-auth
auth optional pam_group.so
*session required pam_limits.so*
session optional pam_lastlog.so
session optional pam_motd.so
session optional pam_mail.so standard
@include common-account
@include common-session
@include common-password
session [success=ok ignore=ignore module_unknown=ignore
default=bad] pam_selinux.so open
root at ubuntu100464bits:~# cat /etc/security/limits.conf
*root - nproc 100*
* - nproc 100
root at ubuntu100464bits:~# lsb_release -a
No LSB modules are available.
Distributor ID:Ubuntu
*Description:Ubuntu 10.04.4 LTS*
Release:10.04
Codename:lucid
root at ubuntu100464bits:~# ulimit -u
*100*
root at ubuntu100464bits:~# uname -a
Linux ubuntu100464bits *2.6.32-41-generic* #94-Ubuntu SMP Fri Jul 6
18:00:34 UTC 2012 x86_64 GNU/Linux
root at ubuntu100464bits:~# *:(){ :|:& };:* <------- THIS IS THE FORK
BOMB.
I'm doing something wrong?
--
Att.
Bruno Galindro da Costa
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20120814/69591c46/attachment.html>
More information about the ubuntu-users
mailing list