Fork Bomb Defuser!
|rexFBD is a loadable kernel module for Linux which detects and disables 'fork bombs'|
|Fork Bombs are programs
or shell scripts which (either intentionally or accidently) create new
processes repeatedly (using the fork() system call.) New processes are
created so fast that within no time the process table gets filled up and
the system comes to a grinding halt.
No other process can then be started, not even 'ps' to see who triggered that fork bomb! Killing that fork bomb means yet another process, and thats exactly what is scarce! A fork bomb might mean pressing the big Red button!
Fork Bomb Defuser (rexFBD) allows you to configure the max_forks_per_second and max_tasks_per_user parameters, at the time of loading the module. Any possible Fork Bomb is detected using these parameters and is defused (deactivated) in real time. The uid of the user who started it, as well as the time it was started is logged in /var/log/messages for the system administrator to take action
|It's not there. Its
needed.. That's why.
Although the total number of processes which a user can create can be configured using configuration files in Linux, there is still no mechanism to set a limit on the rate of forking. This is what has been recetly exploited in some recent fork bombs (reported on the Linux Kernel mailing list)
$ tar xvzf rexFBD-0.6.tar.gz
$ cd rexFBD-0.6
This will create the rexFBD kernel module (rexFBD.o)
To install the module :
You can install the module with default parameters
(max_forks_per_second=50 max_tasks_per_user=100) without passing any command
# insmod rexFBD.o
To remove the module, just:
|For latest changes, please see changeLog
18th Dec'1999 : initial release
rexFBD-0.6 here (Released 06/01/2000)!
Download rexFBD-0.3 here (Released 26/12/1999)
Download rexFBD-0.2 here (Released 20/12/1999)
Download rexFBD-0.1 here (Released 18/12/1999)
All Please send comments, criticisms,
suggestions, bug-reports and patches to: firstname.lastname@example.org
It shall be my endeavour to remove any bugs ASAP