Shell Fork Bomb Protection Disabled

Mar 8, 2017
10
0
1
Bradford, West Yorkshire, UK
cPanel Access Level
Root Administrator
We are configuring a new server with a client with cPanel 94, CloudLinux and CSF on CentOS 7. The CSF Server Service Check script suggests that Shell Fork Bomb Protection should be enabled , but pressing the 'Enable Protection' button doesn't change the status from disabled. `/etc/profile` was a set to immutable but I have changed that with `chattr -i /etc/profile`, but it still doesn't work. The issue doesn't show up with the cPanel Security Advisor.
 

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
6,810
895
313
cPanel Access Level
Root Administrator
Hey there! Are you clicking this button in the WHM >> Shell Fork Bomb Protection page? If so, do you see anything come up in /usr/local/cpanel/logs/error_log when you try that work? That's the first place I would check for errors if the button is not behaving properly.
 

mtindor

Well-Known Member
Sep 14, 2004
1,391
70
178
inside a catfish
cPanel Access Level
Root Administrator
FYI - If you are running CL, last year in an email discussion I had with a CL tech he/she (i forget which) stated that it's better to have fork bomb protection disabled in cPanel since CL already has their own mechanisms in place to prevent that and having both active could cause issues.

With that said, I still have Shell FBP enabled on all of my CL servers.
 

A Hartonian

Active Member
May 22, 2018
43
8
8
Oman
cPanel Access Level
DataCenter Provider
Update for anyone late to the party: As of v98, the ability to manage this is disabled on CL servers.
That's exactly why I am here, installed a server and goot this messgae:
Code:
Fork Bomb Protection is not available on CloudLinux
Hopefully the fine folks at ConfigServer adjust the CSF Server Service Check in response.
True that, was checking server for firewall suggestions and I see that its showing up there. Hopefully this is working as intended.
 
  • Like
Reactions: cPRex and EEKdood

mtindor

Well-Known Member
Sep 14, 2004
1,391
70
178
inside a catfish
cPanel Access Level
Root Administrator
Back in January when I had an open ticket with CloudLinux about something else, the following was mentioned to me:

"I see that you have cPanel Shell Fork bomb protection enabled. CageFS provides the same functionality and even more. But keeping them both enabled can cause issues. Thus please disable Shell Fork bomb protection. "

So I disabled Shell Fork Bomb Protection at that time on my machines (all running CL / CageFS) and never looked back.