Security - No.of processes on Linux

[viking60]

When setting up a server (or Linux in general) the number of processes are mostly limited.
This is smart to avoid DOS attacks like the fork bomb
Just to chek the limitations on your box you could do a

Code: Select all

ulimit -u

On my Mandriva install that is 47000 on my Arch boxes it is about 16000 and on Centos in my Virtualbox it is about 14000.

Now to reduce the number of processes for a user I can simply write

Code: Select all

ulimit -u 200

that will reduce the possible simultaneous processes to 200 for that user.
This reduction only applies to the user and not to root. So I check all my running processes for all users except root:

Code: Select all

ps -U root -u root -N

On my overloaded Mandriva with "everything" I get 89 processes. On my servers without GUI I get less than 20.

My question is what would be a "right" value for that limitation on a server? Does anyone have experience?

[viking60]

I am experimenting a bit here with this bash fork bomb:
DO NOT RUN THIS

Code: Select all

:(){ :|:& };:

DO NOT RUN THIS unless you have limited your processes It will freeze your computer!
I limited the prcocesses to 1000 on one user

Code: Select all

ulimit -u 1000

And the fork bomb got the error:
-bash: fork: Resource temporarily unavailable
To get out of the loop hit <CTRL> + C
This is good!
I am beginning to think that 1000 is a fine number since I was able to log in to another user and work just fine while the bomb ran.
The only guidance I have found so far is this:

Gentoo Note: A too small number of processes can break the use of portage. So, don't be too strict.

One thing is certain: Anyone with shell access to your box can take it down with the above code if the processes are unlimited. Your system will become unresponsive and might even crash.

So I should probably not have posted it Thank God there are only responsible members here

[viking60]

Ok I have tested the limits:
With 14000 processes the fork bomb killed my Arch box. The GUI froze and no keys worked. It was thoroughly FUBARED. I had to cut the power.
With 5000 it worked And I could access the system even if it was slow. I now think that 5000 is the right value to use.
This is an Arch with Gnome and KDE installed.

Testing the ArchServer with 5000 now... And it stays responsive.

Based on the above I say that 5000 is the maximum processes that should be able to run for a user. I have not seen any others testing this. But I have learned that the default values from an installation are way to high.
Copy the Fork bomb above and paste it into your terminal and watch your system freeze up. Then you will agree with me
5000 it is! - for a computer with 2 Gig memory
Even if main box could take 10000 and stay responsive. I looks like a little less than a third of the default will work on all boxes.
Here is how you define it permanently:

Code: Select all

sudo nano /etc/security/limits.conf

Look for the section below and add your user:

#<domain> <type> <item> <value>
#

#* soft core 0
#* hard rss 10000
#@student hard nproc 20
viking60 hard nproc 5000
#@faculty soft nproc 20
#@faculty hard nproc 50
#ftp hard nproc 0
#@student - maxlogins 4

* - rtprio 0
* - nice 0
@audio - rtprio 50
@audio - nice -10

Log out and log back in and check the value with:

Code: Select all

ulimit -u

You can still reduce the no. of processes that should be allowed to run with

Code: Select all

ulimit -u 1000

but you can not increase it.
This last setting will disappear every time you log out.

More info here