Comment 1 for bug 14505

Revision history for this message
Martin Pitt (pitti) wrote : Re: Consider setting more restrictive default ulimits

(In reply to comment #0)
> /etc/security/limits.conf:
> * hard nproc 2048

This would prevent the easiest class of forkbombs from DoS'ing the computer, but
alone this really achieves not much more. In addition you need to limit the
number of logins, the memory, cpu time, etc. to provide a halfway effective DoS
protection.

Especially the maximum amount of allowed memory should be restricted dynamically
and depending on the size of available RAM; limits.conf does not offer this
functionality unfortunately.