- Trending Categories
Data Structure
Networking
RDBMS
Operating System
Java
MS Excel
iOS
HTML
CSS
Android
Python
C Programming
C++
C#
MongoDB
MySQL
Javascript
PHP
Physics
Chemistry
Biology
Mathematics
English
Economics
Psychology
Social Studies
Fashion Studies
Legal Studies
- Selected Reading
- UPSC IAS Exams Notes
- Developer's Best Practices
- Questions and Answers
- Effective Resume Writing
- HR Interview Questions
- Computer Glossary
- Who is Who
Prevent fork bomb by limiting user process in linux
A Fork Bomb is a denial-of-service (DoS) attack against a Linux based system. It makes use of the fork operation to create infinite processes and is called as “Rabbit Virus or wabbit”. The system process continually replicates itself to deplete available system resources, causing resource starvation, slowing or crashing the system. This article gives insights on – how to prevent a fork bomb attack in Linux system.
Fork Bomb uses a bash code and gets executed repeatedly. Linux system admin often uses bash function to test the user process limitations and this specific process can be configured in /etc/security/limits.conf file. Once Fork Bomb is activated in Linux system, it may not possible to get back as a normal system un-till reboot the system.
Understanding Bash code
fork() can be defined in a Bash Code as follows-
:(){
:|:&
};::()– This is called as fork function and this function will not accept any arguments.
:|: – This is called as recursion and pipes. It is used to call itself and calls to another function too.
& – This is used to call in the background.
;– To terminate the function definition.
: – This is used to call the AKA function to set the Fork Bomb.
Understanding Fork () Bomb
Human readable fork () bomb code should be like this-
bomb() {
bomb | bomb &
}; bombPrevent a Fork Bomb by Limiting User Process
The limited user process is more important for running a stable system and the user process is composed in /etc/security/limits.conf file.
Understanding /etc/security/limits.conf file
The structure in limits.conf should be like this –
<domain><type> <item> <value>
The sample output should be like this –
#<domain> <type> <item> <value> #* soft core 0 #root hard core 100000 #* hard rss 10000 #@student hard nproc 20 #@faculty soft nproc 20 #@faculty hard nproc 50 #ftp hard nproc 0 #ftp - chroot /ftp #@student - maxlogins 4 ......
Configuring limits.conf
To prevent a “fork bomb” attack, It requires some changes in limits.conf file. To open limits.conf file, use the following command –
$ vi /etc/security/limits.conf
Add the following lines to prevent a “fork bomb” attack –
tp hard nproc 300 @student hard nproc 50 @faculty soft nproc 100 @pusers hard nproc 150
The above command describes that, tp user has only 300 processes, the student group has 50 processes, similarly the faculty group consists of 100 process and pusers group will have 150 processes. If the limit is overloaded, then Linux system automatically terminates the extra processes. Now save and exit from limits.conf file.
Use the following command to test a new system by dropping a fork bomb –
$ :(){ :|:& };:Congratulations! Now, you know “How to Prevent a fork bomb by limiting user process in Linux”. We’ll learn more about these types of commands in our next Linux post. Keep reading!
- Related Articles
- C vs BASH Fork bomb?
- C vs BASH Fork bomb in C/C++?
- What is Fork Bomb, aka Rabbit Virus?
- Limiting Process Resource Consumption in Unix
- Preventing Bash Fork Bombs in Linux
- Creating multiple process using fork() in C
- Creating child process using fork() in Python
- How to prevent a background process from being stopped after closing SSH client in Linux?
- Find Files Not Owned by a Specific User in Linux
- Calculation in parent and child process using fork() in C++
- How to Kill a Process by Name in Linux?
- Program to define data structure that supports rate limiting checking for user in Python
- Process Synchronization in Linux
- ‘DNF’ (Fork of Yum) Commands for RPM Package Management in Linux
- Linux Process Monitoring
