Ubuntu Security :: Prevent Fork Bombs From Bringing The System To Grinding Halt?
Mar 18, 2011
So I am basically just curious about this, but is there a way to prevent fork bombs from bringing the system to grinding halt in Ubuntu, without setting hard limits on the resources available to users? I read about fork bombs on Wikipedia, and being the masochist I am (and not having any unsaved work), I tried entering those 13 characters into terminal. Wow. I have never seen a computer freeze up so fast.What really peaked my curiosity is that the same fork bomb has almost no effect on the performance of Mac OSX (10.6). I know that one can limit the availability of resources to specific users. Is that essentially what Snow Leopard is doing?
View 9 Replies
ADVERTISEMENT
Feb 10, 2010
I have a small network with 4 users, a Win2003 server for LAN/security functions, and a Dell Blade server running Ubuntu 8.04.1 which runs as our web server on port 80. I manage the Ubuntu server with Webmin v1.42Yesterday, my users weren't able to access the internet nor were they able to receive mail, etc. and no one could access any of the website hosted on the webserver. However, the internal users could access each other's PCs and internal printers and devices - just nothing outside.
I began to troubleshoot: I could see a lot of activity on the Router/Firewall on the port connected to the Ubuntu server. When I unplugged the server, everyone could immedately connect to the internet. So, the problem was originating with that server.When I logged in to the Ubuntu server using Webmin, I checked System>Running Processes and right at the top of the list was the process:ID Owner CPU Command23184 www-data 98.1% ./s 174.120.164.186 7777When I drilled down on this process it said that the parent process was:/bin/sh -c ./s 174.120.164.186 7777I pressed the Trace Process button and it appears to be sending the following repeatedly:Time System Call Parameters Returnxxxx send 125,0123456789ABCDE,15,0 15So, I manually Killed the process and added a rule to my firewall/router to block an IP range that includes 174:120:164:186
A few hours later the same process stars again in Ubuntu,, effectively plugging up my pipeline to the internet and preventing access to the websites being hosted.It suspect that there is some kind of virus on my Ubuntu machine but have no idea how to locate and destroy it. I am relatively new to the Ubuntu world and would appreciate anyone's help immensely! I just don't know what to do!
View 9 Replies
View Related
Dec 12, 2010
Fork bombs can also very easily be standalone shell scripts? https://bugs.launchpad.net/ubuntu/+s...sh/+bug/689176
View 4 Replies
View Related
Feb 3, 2010
my server keeps grinding to a halt after a few days of running and then needs o be rebooted. Are there any logs I cant look at o post to try and figure out the cause?
View 1 Replies
View Related
Jul 14, 2011
Windows have many firewalls to prevent the system. But Ubuntu have few. Why is it so? Is it not needed to prevent Ubuntu or if it is prevented?
View 5 Replies
View Related
Mar 3, 2010
I'm using Gnome and I'd like to still have the ability to reboot/shutdown from one particular account as well as root. How would I modify the chmod command to add this ability?Also, I have a few users who just will hold the power button in to shutdown the machine. How can I keep them from doing this?// Pruned from the vintage 2007 Prevent a non-root user from shutting down, rebooting or suspend the system thread. Please create new threads instead of resurrecting ancient ones.
View 2 Replies
View Related
May 1, 2010
I wanted to know is there any way to prevent fork bomb on a server or understand who did it and how did it I mean how to track reference of fork bomb and find out how does it occur ?
View 3 Replies
View Related
Mar 15, 2010
I have never had this problem before but when i boot the system hangs for about 2 mins when brining up my harddrive I am using scsi disk support and the newer ATA driver for my Harddrive (the same as ive always used but for some reason the system just hangs for like 2 mins then boots normally
this is somthing that urks me and i know im missing somthing the platform is a hp nc8230 notebook please request any information or how to provide it as i am new to linux (kinda) but for the life of me i can't figure this one out
[Code]...
View 2 Replies
View Related
Apr 24, 2010
I'm running Slackware 13 with a custom kernel based off of 2.6.32.3. I tend to leave my system on 24/7, as well as my web browser. Originally it was Firefox and now it is Google's Chrome. Usually about a day of leaving the web browser open my HD activity spikes so high that I can barely do anything on the system until I kill the web browser. This has been happening with both Firefox AND Chrome! As soon as the browser processes are killed, the system returns back to normal.
View 10 Replies
View Related
May 23, 2009
I'm running V5.3 (newly installed) on an FJ E8020 laptop. The problem I have is when shutting down (*not* rebooting). NetworkManager fails to stop and after (during?) the postfix shutdown, the system seems to hang.I cannot access via another screen or remotely. I can't find any clues in the log files.
[Code]...
View 1 Replies
View Related
Jun 22, 2011
Just installed OpenSuse 11.4 successfully on my machine (E-machines T6212). Previously attempted to install Ubuntu 11.4 on it as well. Both OS have resulted in my computer screen turning white with blue lines and the entire system freezing; unresponsive to keystrokes and even keyboard CAPS/NUM lights don't respond. Only way I can get system to come back is to physcially unplug it, not even power it off with Power button.
I believe there is something with my graphics card that may be the culprit; ATI Radeon™ Xpress 200M - ATI Radeon™ Xpress 200M Specifications
Because for both OpenSuse and Ubuntu this problem came up.
However with OpenSuse I am able to get to the Terminal Screen via : 1- On startup typing '3' into the screen and getting into 'grub' I think it is called.
I am not able to GUI.
I have read: Configuring Graphics Forum Page l in the forums here as well as looked into the Radeon page for the drivers.
I have also found the following thread here dealing with my particular graphics card but :
1-In my 'xorg.conf.new' file in my /root the correct driver "radeon" seems to be listed.
2-I added "radeon" to my 50-device.conf file in /etc/X11/xorg-conf.d/.. directory
View 3 Replies
View Related
Aug 21, 2011
I'm running Fedora 14. I'm running a Athlon X2 with 4gb memory and nVidia 8400. I'm using the nvidia drivers ver 260. I'm running KDE 4.6. I've disabled desktop effects (when turnt on they work a charm, performance issues are the same either way). If I open any more than a few applications at once, the system grinds to a halt. even working with Kwrite is painful and it can take several seconds just to move the cursor, browsing the file is almost impossible.
When I have even 7 windows open X goes into a frenzy and sticks around 90% cpu usage. Even with no windows open if I move my mouse between screens X cpu usage stays between 50% and 90%. The system is unbearably slow. i have a XP Pro system with the same spec, lower GPU and I have no problems having 2/3 Visual Studios open, Photoshop, a few skype windows, Eclipse and the android emulator the system remains responsive but with this Linux box I can't even do basic stuff in Kwrite without it grinding to a haltJust.
View 4 Replies
View Related
Mar 11, 2010
I have installed MoBlock as instructed here: [URL]
After installation I created my own list file in /etc/blockcontrol/custom-blocklist.p2p and have the following uncommented at the bottom of /etc/blockcontrol/blocklists.list:
Code:
locallist /etc/blockcontrol/custom-blocklist.p2p
The list contains the following 2 entries:
Code:
Yahoo:98.137.149.56
Google:74.125.47.147
When I do:
[Code].....
Recently I just noticed that the locallist rules seem to have no effect. I will always get "destination port unreachable" even if the locallist entry in blocklists.list is commented out.
However, whenever I try to browse to that IP, even when blockcontrol is on, even by typing the IP into Konqueror (not the domain name), it lets me go there every time. How can I know that my other applications will not to do the same thing? How can I lock this down and test it empirically to be sure?
View 1 Replies
View Related
Jul 16, 2010
I'm writing here because it's mainly a security issue even though it's rather kernel related.
I'm compiling my own vanilla kernel with an initramfs included in the bzImage. That image contains encryption keys for the rest of the system. Even though it's not for everybody the initramfs image can be extracted from the kernel, decompressed and the keys extracted.
I'm looking on a way to prevent this.
View 3 Replies
View Related
Feb 5, 2011
How do I prevent/disable a file from being copied?
I would want someone to be able to see the content of a directory, then open the relevant document, but just for viewing purpose. They cannot copy the file, either through copy + paste or File/Save As.
Is that possible under Ubuntu?
View 4 Replies
View Related
Jun 15, 2011
I am administrating a system with about 40 or 50 users, and we recently jumped ship from windows to ubuntu. Most of my users are getting along fine, but it seems every few days, i have to help someone who accidentally changed something, and now their account (or more rarely, the machine) is unusable, and has to be reset.
I know configuring /etc/sudoers is a huge step toward fixing my problem, but that still will not completely solve it. What I would like to do is prevent users from making ANY changes to the system (aside from their work files and the like), including themes, icons, desktop, background, etc.
View 2 Replies
View Related
Oct 8, 2010
I have been learning Linux for the past few months and just recently started with Bash programming. Using scripts it is possible to find users with duplicate UIDs but is there any way or script why which duplicate UIDs can be prevented altogether.
View 7 Replies
View Related
Jan 4, 2010
I have Ubuntu 8.04 as virtual host. On this host I have installed VirtualBox virtualization software. I have installed Windows XP as virtual machine and installed HTTP server.I would like temporally disable all network connections to host and virtual machine.So on Ubuntu host I have set firewall settings:
Code:
sudo iptables -F (to flush - delete all firewall settings)
sudo iptables -P INPUT DROP (to disable all input traffic)
[code]....
View 9 Replies
View Related
May 18, 2011
The ability to manually boot using the Grub command-line constitutes a big security risk in Linux, IMO.Any OS can be booted in this manner from a PXE-LAN, USB, or CD/DVD drive, circumventing BIOS-imposed boot restrictions. (Once a foreign OS is booted, of course, it can be used to access any part of an unencrypted hard drive.) Placing passwords or locking menu items (in the Grub configuration files) does not prevent a user from booting manually using commands entered at the grub command-line.
As it stands now, when presented with the Grub menu (or after bringing up a hidden Grub menu with the "ESC" key), a user only needs to hit "c" to enter the Grub command-line mode to facilitate any type of bootup whatsoever. (They can then enter manually the Grub commands to boot an OS on any device.) This is extremely insecure and allows any passerby to boot the computer with a few keystrokes and a bootable USB drive. How do I configure Grub so that it will require a password in order to enter the command-line mode (and thereby restrict boot options to the menu, which can then be password protected/locked) ?
View 8 Replies
View Related
May 11, 2009
I am new to Fedora 10, and to SELinux too.
I would like to know how can I prevent from users with role user_r to connect to Internet with firefox.
View 2 Replies
View Related
Jan 25, 2011
recently my Apache server crashes very often; by watching the error log,I've notice several signs of intrusion.So, I think the problem can be a denial of service attack against my machine.My distribution is Debian Lenny.
View 2 Replies
View Related
May 23, 2010
how to prevent same user from ssh to multiple linux server at a same time , anyone of you have the script or how to do that ?
View 16 Replies
View Related
Oct 16, 2009
I just made a script to read out /dev/input/event3 into a file (My keyboard is identified here [ Machine is a laptop which runs on slax-atma distro ]). Then used a hexdump to convert the binary into hex. After that used a gwak script to print out the keys corresponding to each keyboard input. So now when I put this in my rc.local , It is taking down all the keys I press. Including login passwords (In short, each and every keys I press).Isn't this a big security risk, because intruder who has a physical access to my machine or has root password can put this file in rc.local and run a script to mail him all the details like my passwords, account and PIN numbers.
View 14 Replies
View Related
Oct 16, 2010
how to prevent the execution of the following commands or how to set a policy or rule that prevents the execution of the following malicious commands
dd if=/dev/zero of=/dev/sda
rm -rf /
View 3 Replies
View Related
Jul 17, 2010
I use the following method for preventing the users from changing their passwords , is there any other method other than this ?ls -l /usr/bin/passwd-rwsr-xr-x 1 root root 37140 2010-01-26 12:09 /usr/bin/passwdso we need to remove the suid for that command as follows :- chmod u-s /usr/bin/passwdnow normal users won't be able to change their own passwords - and only the root user will be able to do it for them.
View 9 Replies
View Related
Jun 12, 2010
Intrepid Ibex (U8.10) is what I am using presently and I would like to know if there are measures that I can take to prevent my ISP from keeping data that flows between my PC and it.
I am living in Australia, I am wanting to keep the bastards (read: Australian Government) ignorant about what I use my PC for.
Its them storing any of my personal information that I am worried about, but if I can keep my history from them completely, even better...
View 9 Replies
View Related
Dec 3, 2010
The title says it; I want to prevent users from viewing the wireless network password.
View 9 Replies
View Related
Dec 6, 2010
I was searching around and I stumbled upon a Linux Kernelix Sockets Local Denial of Service exploit.I downloaded the exploit, compiled it ran it to check if I am vulnerable.As I was expecting, the exploit instantly "killed" my Maverick system and I had to use the power button to reset my computer...Is there any way to limit the numberof allowed open sockets?I don't think that this can be done using /etc/security/limits.conf in a similar way of preventing the fork bombs
View 1 Replies
View Related
Mar 19, 2009
I'm doing a research to protect my pc from physical access. What I'm facing here is that my company created a program for fedora 8 and plans to sell the unit away. We created a function where you can configure the program using any web browser from a network so we do not want anybody to have access to the fedora except for out personnel.
Based on my research, I've found [URL] this guide to protect people from accessing grub and single user. I am currently researching on preventing others to clone the harddisk. I would like to know if there are any other methods to prevent people from unauthorized access to fedora.
View 14 Replies
View Related
Apr 22, 2010
This is an excerpt from the Linux man page for mktemp command: "mktemp is provided to allow shell scripts to safely use temporary files. Traditionally, many shell scripts take the name of the program with the PID as a suffix and use that as a temporary filename. This kind of naming scheme is predictable and the race condition. It creates is easy for an attacker to win. A safer, though still inferior approach is to make a temporary directory using the same naming scheme. While this does allow one to guarantee that a temporary file will not be subverted, it still allows a simple denial of service attack. For these reasons it is suggested that mktemp be used instead."
- How can a denial-of-service attack be carried out if a directory name is known?
- Why is it important to use mktemp to generate a sufficiently random file/directory name for temporary files?
View 1 Replies
View Related
