On Tue, 2002-02-05 at 07:56, Frederic Lepied wrote:
> > > Well can Mandrake add it to msec level >=3?
> >
> > Maybe...
> >
> > Florin, fredl, what do you think ?
>
> In fact we haven't added this to msec because it breaks servers iirc.
> And now we have grsecurity patches in the kernel-secure which takes car of
> fork bombs...
> --
> Fred - May the source be with you
>
# ps aux | wc -l
119
# tail /etc/security/limits.conf
* hard core 0
* hard nproc 150
* hard fsize 40000
* hard memlock 40000
# cat /usr/src/linux/.config | grep FORKBOMB
CONFIG_GRKERNSEC_FORKBOMB=y
CONFIG_GRKERNSEC_FORKBOMB_GID=1005
CONFIG_GRKERNSEC_FORKBOMB_SEC=40
CONFIG_GRKERNSEC_FORKBOMB_MAX=20
# chkconfig --list | awk '{print $1 $5}' | sed s'/\:/ is /g'
gpm is on
crond is on
kheader is on
network is on
keytable is on
syslog is on
xfs is on
httpd is on
smb is on
inet is off
iptables is off
sshd is on
postfix is on
named is on
proftpd is on
mysql is on
random is on
hdparm is off
rawdevices is off
dhcpd is on
identd is on
sound is on
firewall is on
numlock is on
psacct is on
stunnel is on
usb is on
I think all that speaks for itself. Proper configuration, and things
will not break, yet be secure.
--
Bryan Paxton
Public PGP key: http://www.deadhorse.net/bpaxton.gpg
"What laughter, why joy, when constantly aflame? Enveloped in darkness,
don't you look for a lamp?"
Dhp. 163
