Shell Fork Bomb Protection Disabled

Simon Greenwood

• March 30, 2021 06:19

We are configuring a new server with a client with cPanel 94, CloudLinux and CSF on CentOS 7. The CSF Server Service Check script suggests that Shell Fork Bomb Protection should be enabled, but pressing the 'Enable Protection' button doesn't change the status from disabled. `/etc/profile` was a set to immutable but I have changed that with `chattr -i /etc/profile`, but it still doesn't work. The issue doesn't show up with the cPanel Security Advisor.

• 

  cPRex Jurassic Moderator

  • March 30, 2021 15:33

  Hey there! Are you clicking this button in the WHM >> Shell Fork Bomb Protection page? If so, do you see anything come up in /usr/local/cpanel/logs/error_log when you try that work? That's the first place I would check for errors if the button is not behaving properly.

  0
• 

  Simon Greenwood

  • March 30, 2021 17:06

  Good suggestion! warn [whostmgr2] Failed to open and lock "/etc/bashrc": Operation not permitted at /usr/local/cpanel/Cpanel/LoginProfile.pm line 108
  So chattr -i /etc/bashrc
  fixed it.

  0
• 

  cPRex Jurassic Moderator

  • March 30, 2021 17:11

  Great - I'm glad that got you pointed in the right direction :D

  0
• 

  mtindor

  • March 30, 2021 19:31

  FYI - If you are running CL, last year in an email discussion I had with a CL tech he/she (i forget which) stated that it's better to have fork bomb protection disabled in cPanel since CL already has their own mechanisms in place to prevent that and having both active could cause issues. With that said, I still have Shell FBP enabled on all of my CL servers.

  0
• 

  EEKdood

  • August 15, 2021 02:49

  Update for anyone late to the party: As of v98, the ability to manage this is disabled on CL servers. Hopefully the fine folks at ConfigServer adjust the CSF Server Service Check in response.

  0
• 

  A Hartonian

  • August 15, 2021 13:49

  Update for anyone late to the party: As of v98, the ability to manage this is disabled on CL servers.

  
  That's exactly why I am here, installed a server and goot this messgae: Fork Bomb Protection is not available on CloudLinux
  

  Hopefully the fine folks at ConfigServer adjust the CSF Server Service Check in response.

  
  True that, was checking server for firewall suggestions and I see that its showing up there. Hopefully this is working as intended.

  0
• 

  cPRex Jurassic Moderator

  • August 16, 2021 12:11

  Thanks for the update, @EEKdood !

  0
• 

  mtindor

  • August 17, 2021 09:38

  Back in January when I had an open ticket with CloudLinux about something else, the following was mentioned to me: "I see that you have cPanel Shell Fork bomb protection enabled. CageFS provides the same functionality and even more. But keeping them both enabled can cause issues. Thus please disable Shell Fork bomb protection. " So I disabled Shell Fork Bomb Protection at that time on my machines (all running CL / CageFS) and never looked back.

  0

Please sign in to leave a comment.