From owner-freebsd-questions@FreeBSD.ORG  Sat Mar 19 01:38:08 2005
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id ACA7D16A4CE
	for <freebsd-questions@freebsd.org>;
	Sat, 19 Mar 2005 01:38:06 +0000 (GMT)
Received: from relay01.pair.com (relay01.pair.com [209.68.5.15])
	by mx1.FreeBSD.org (Postfix) with SMTP id 0B75143D49
	for <freebsd-questions@freebsd.org>;
	Sat, 19 Mar 2005 01:38:06 +0000 (GMT)
	(envelope-from ryan@confabulator.net)
Received: (qmail 30258 invoked from network); 19 Mar 2005 01:38:04 -0000
Received: from unknown (HELO ?192.168.0.83?) (unknown)
  by unknown with SMTP; 19 Mar 2005 01:38:04 -0000
X-pair-Authenticated: 209.197.24.227
Message-ID: <423B8314.1000606@confabulator.net>
Date: Fri, 18 Mar 2005 19:40:36 -0600
From: "Ryan J. Cavicchioni" <ryan@confabulator.net>
User-Agent: Mozilla Thunderbird 1.0 (Windows/20041206)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: FreeBSD Questions <freebsd-questions@freebsd.org>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Subject: How to avoid forkbomb?
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 19 Mar 2005 01:38:08 -0000

Hi,

After reading this article: 
http://www.securityfocus.com/cgi-bin/sfonline/columnists-item.pl?id=308, 
I decided to give the forkbomb script a try which is below:

#!/bin/sh

$0 & $0 &

The system was unresponsive for a couple minutes but then FreeBSD killed 
the script and the system was accessible.

I started looking around for what my process limit was set at but I 
found a couple different values.

ulimit -a outputs:

core file size        (blocks, -c) unlimited
data seg size         (kbytes, -d) 524288
file size             (blocks, -f) unlimited
max locked memory     (kbytes, -l) unlimited
max memory size       (kbytes, -m) unlimited
open files                    (-n) 7264
pipe size          (512 bytes, -p) 1
stack size            (kbytes, -s) 65536
cpu time             (seconds, -t) unlimited
max user processes            (-u) 3632


kern.maxproc is set to 4036


/etc/login.conf reads:

:maxproc=unlimited:\

My questions are:
Am I looking at the correct values?
Which is the actual process limit?
What would you recommend that I set it to in order to have my machine 
shrug off the fork bomb sooner?
What would be a good process limit for a LAMP webserver?
How would I set the process limits?

Thanks in advance.

- Ryan