Q. Explain following bash code or bash fork() bomb?
: () { : | :& };:
A. This is a bash function. It gets called recursively (recursive function). This is most horrible code for any Unix / Linux box. It is often used by sys admin to test user processes limitations (Linux process limits can be configured via /etc/security/limits.conf and PAM).
Once a successful fork bomb has been activated in a system it may not be possible to resume normal operation without rebooting, as the only solution to a fork bomb is to destroy all instances of it.
Understanding : (){ : | :& };: fork() bomb code
**********************************************************************************************************************************
WARNING! These examples may crash your computer if executed and please dont try this on any live servers
**********************************************************************************************************************************
: (){ : | :& };:
Understanding the above:
: () # define ':' -- whenever we say ':', do this:
{ # beginning of what to do when we say ':'
: # load another copy of the ':' function into memory...
| # ...and pipe it's output to...
: # ...another copy of ':' function, which has to be loaded into memory
# (therefore, ':|:' simply gets two copies of ':' loaded whenever ':' is called)
& # disown the functions -- if the first ':' is killed, all of the functions that it has started should NOT be auto-killed
} # end of what to do when we say ':'
; # Having defined ':', we should now...
: # ...call ':', initiating a chain-reaction: each ':' will start two more.
Given that ':' is an arbitrary name for the function, an easier to understand version would be:
Example forkbomb code:
forkbomb(){ forkbomb|forkbomb & } ; forkbomb
Here is more human readable code:
bomb() {
bomb | bomb &
}; bomb
How to prevent from fork bomb attack?
To protect a system against such attacks, there is a file for limiting the number of processes for each user. It is /etc/security/limits.conf. Add the following two lines to it:
@users soft nproc 100
@users hard nproc 150
The lines prevent anyone in the users group from having more than 150 processes, and issue a warning at 100 processes.
Your system may not have a users group, so you may need to edit the lines to suit your needs.
Enjoy
How can I quickly tell what file systems my current kernel can handle?
The kernel provides a list of file system types it is able to mount via the /proc file system. To view the list, run the command cat /proc/filesystems.
The output will look something like:
nodev proc
ext3
ext2
vfat
iso9660
nodev nfs
nodev smbfs
In this output, the entry vfat means you can mount FAT/VFAT (Microsoft Windows) partitions. The entries ending with smbfs and nfs mean you can interact with file servers that use SMBFS (Microsoft's Server Message Block File System, accessed via Samba) or NFS (Sun's Network File System). The iso9660 indicates that you can mount standard CD-ROM file systems, and ext3 and ext2 indicate that you can mount those kinds of Linux file systems.
In the first column, nodev indicates that the file system is not associated with a physical device, like the /proc file system itself, which has information about state of the running kernel.
How do I view the contents of a .iso file?
ISO files are whole disk images. They are single image files that are used for burning to a CD or DVD. Red Hat provides Update releases of Red Hat Enterprise Linux as ISO files. The Updates of Red Hat Enterprise Linux can be downloaded from Red Hat Network (RHN).
For example, if you have downloaded a file from RHN it will look similar to rhel-3-U3-i386-as-disc1.iso. To view the contents of a .iso file you need to mount the file as a loopback device with the following command:
mount -o loop /path/to/rhel-3-U3-i386-as-disc1.iso /mount/point
Now you can browse to /mount/point to view the contents of the rhel-3-U3-i386-as-disc1.iso file.
An example of where this can be useful could be when setting up an installation server. Download the required .iso files from RHN, mount them as loopback, copy all the files to a central repository, and perform an NFS installation.
For further information on loopback devices and how to download .iso files from RHN please see additional articles in the Knowledgebase.
I made some changes to my /etc/inittab file. How can I make those changes effective without rebooting?
To make changes to the /etc/inittab effective without a reboot, issue either of these two commands as the root user:
init q
telinit q
The init q or telinit q command wakes up init and tells it to re-examine the /etc/inittab file so changes to the file are effective immediately.
How do I view the perl or cgi errors in a browser?
You can insert the use CGI::Carp qw(fatalsToBrowser); line in your script to get your error messages to show up in your browser window instead of having to check your error log all the time.
Add the following two lines after the Shebang line (usually: #!/usr/bin/perl) in your script:
#####################################################
use CGI;
use CGI::Carp qw(warningsToBrowser fatalsToBrowser);
#####################################################
When you execute the script from the browser, it should generate any error messages in the browser display. Also be sure that the script does not send any header information before the print "Content-type text/html" line.
Note: This will not work if CGI::Carp module is not install with Perl. RPM for CGI::carp can be found at sites like rpmfind.net.
How do I prevent the reuse of old passwords?
The PAM module pam_unix.so can be configured to maintain a list of old passwords for every user prohibiting the reuse of old passwords. The list is located in the /etc/security/opasswd file. This is not a plain text file, but it should be protected the same as the /etc/shadow file. This is normally referred to as password history.
To remember the last 15 passwords, add the line below to the /etc/pam.d/system-auth file:
password sufficient /lib/security/pam_unix.so use_authtok md5 shadow remember=15
You can replace the number 15 used above with an integer you want, to enforce your password security policy.
How can I delete files with weird characters in the filename?
It is possible to create files with control characters or characters which are unable to be input on a keyboard. The simplest method for deleting them is to use the Nautilus file manager to browse to its location, highlight the file, then press the delete key.
If graphical access is not available to this machine or the file is not owned by a normal user, the solution to this problem is to find the "inode" number of the file then delete this file using that number.
Each file on a disk has an inode number. However, a file can be addressed using a symbolic link. To erase a file, all symbolic links must also be removed.
The first step is to find the inode number for the offending file. The inode number of any file can be found by running the command ls -i1 in the directory in which the offending file exists.
For example:
# ls -i1
622769 mygraphic.svg
4882544 anotherfile.txt
4882548 annual-report.gmc
4489301 -^H[[ac
The offending file in this circumstance has an inode number of 4489301.
Using the find command in the same directory modify the command below, replacing 4489301 with the inode number of the file from the ls command.
find . -inum 4489301 -ok rm '{}' ;
You should then be asked to confirm the removal of the file.
< rm ... ./nsmail.html > ?
Press Y to confirm removal of the file.
List command line history with timestamp
If the command line history could provides the date time of the commands being executed, that may really narrow down the scope of the user actions that cause the server malfunction. By default, history do not append with timestamp, but it is easy to configure it to display timestamp, you just need to set one environment variable HISTTIMEFORMAT.
export HISTTIMEFORMAT="%F %T "
Add the above line into ~/.bash_profile(for users) as well as/root/.bash_profile(for root).
Then run 'history' command
Output:
985 2009-08-02 08:01:15 ll
986 2009-08-02 08:01:21 rm -rvf lampp/
987 2009-08-02 08:02:01 tar -xvzf xampp-linux-1.7.1.tar.gz -C /opt
988 2009-08-02 08:02:36 /opt/lampp/lampp start
989 2009-08-02 08:03:24 nmap localhost
