Question
How do you create custom Fork Bomb Protection settings?
Answer
The following can be implemented to set a custom set of ulimit settings by Fork Bomb Protection.
Note: When done, Fork Bomb Protection will show as disabled in WHM.
-
Make sure Fork Bomb Protection is disabled in WHM at Home / Security Center / Shell Fork Bomb Protection.
Note: Shell Fork Bomb protection is unavailable on CloudLinux servers since it uses LVEs.
-
Create the following file
/etc/profile.d/mylimits.shwith the following contents:CONFIG_TEXT: # Custom Shell Fork Bomb Protect
ulimit -n 4096 -u 14335 -m unlimited -d unlimited -s 8192 -c 1000000 -v unlimited 2>/dev/null
LIMITUSER=$USER
if [ -e "/usr/bin/whoami" ]; then
LIMITUSER=$(/usr/bin/whoami)
fi
# Limit the user only if we are not root and are a regular user (UID greater
# than or equal to UID_MIN).
if [ "$LIMITUSER" != "root" ] &&
! id -Gn | grep -qsP '(^| )wheel( |$)' &&
[ "$(id -u)" -ge "$( (grep -s '^UID_MIN' /etc/login.defs || echo 'x 500') | awk '{print $2}')" ]
then
ulimit -n 1200 -u 250 -m 200000 -d 200000 -s 8192 -c 200000 -v unlimited 2>/dev/null
else
ulimit -n 4096 -u 14335 -m unlimited -d unlimited -s 8192 -c 1000000 -v unlimited 2>/dev/null
fiThe main change so far is increasing the number of open files to 1200 and the number of user processes to 250.
-
Set permissions for
/etc/profile.d/mylimits.shwith the following command:# chmod 755 /etc/profile.d/mylimits.sh
-
Next we need this to be contained in
/etc/bashrcand/etc/profileby doing the following to concatenate to those files:# cat /etc/profile.d/mylimits.sh >> /etc/bashrc
# cat /etc/profile.d/mylimits.sh >> /etc/profile
At this point, the custom Fork Bomb Protection settings are enabled. Please keep in mind the user will need to log out and log in again so that the /etc/profile and /etc/bashrc files get loaded for the user.
Comments
0 comments
Article is closed for comments.