Yura Gusev <[EMAIL PROTECTED]> writes: > On 4 Feb 2002, Bryan Paxton wrote: > > > As for the fork() bomb, well... A good system out of the box (or > > configured) shouldn't allow more than X amount of procs (40 is a good > > number, or 150 for SMP and higher). > > echo "* nproc 40" > /etc/security/limits.conf > > (or whatever number you prefer to limit your lusers to) > > > > Of course, this can be taken further with security patches (grsecurity, > > LIDS, etc...) > > > > Assuming is a bad idea ; ) > > Well can Mandrake add it to msec level >=3?
Maybe... Florin, fredl, what do you think ? Something like the following is really efficient, believe me I've tested it :-). Bad side is that you virtually can't do much (I think executing bzip2 for example, eats too much resource). ulimit -t 1 ulimit -u 5 ulimit -v 5000 ulimit -s 1000 ulimit -n 15 ulimit -f 1000 ulimit -d 1000 ulimit -l 1000 ulimit -m 500 -- Guillaume Cottenceau - http://people.mandrakesoft.com/~gc/
