GeoffMost Linux and UNIX folks are familiar with the "fork bomb" there is a famous Perl example :(){ :|:& };:
This spawns processes in an unending loop until the machine dies.
The Perl notation is famous, the fix is not.
In Linux there used to be just a limits.conf file. Check /etc/security/limits.conf
Now, it's going to be multiple places for systemd.
Check /etc/systemd/system.conf
Then, check recursively the files in
/etc/security/limits.d/ and
/etc/sysctl.d/ and
/etc/systemd/system/
Next, what should the limits be? You want Prod applications to run, but prevent a malicious user forkbomb, or a process going wild and taking down the server.
Maybe try:
# /etc/security/limits.d/10-fork-protection.conf
# Interactive human users for normal work
@interactive hard nproc 2048
@interactive soft nproc 1024
# Unprivileged service accounts that don't need many threads (monitoring agents)
* hard nproc 2048
* soft nproc 1024
# Exemptions for known Prod workloads (tune accordingly)
MyDatabase hard nproc 26536
MyDatabase soft nproc 15536
MyServiceAccount hard nproc 25536
MyServiceAccount soft nproc 15536
# /etc/systemd/logind.conf.d/tasks-limit.conf
[Login]
UserTasksMax=2048
hashtag#InfoSec hashtag#Linux hashtag#BlueTeam hashtag#Protection hashtag#SelfHosting