DF-0032 / dmesg.txt
================================================================================ DF-0032 — dmesg excerpt (kernel-side DoS evidence), captured from guest ================================================================================ $ dmesg | grep -iE "maxproc limit" | sort | uniq -c | tail -10 2 maxproc limit exceeded by uid 0, please see tuning(7) and login.conf(5). 26 maxproc limit exceeded by uid 1006, please see tuning(7) and login.conf(5). 26 maxproc limit exceeded by uid 1007, please see tuning(7) and login.conf(5). 26 maxproc limit of 969 exceeded by "exhaust" uid 1001, please see tuning(7) and login.conf(5). 26 maxproc limit of 969 exceeded by "exhaust" uid 1002, please see tuning(7) and login.conf(5). 26 maxproc limit of 969 exceeded by "exhaust" uid 1003, please see tuning(7) and login.conf(5). 26 maxproc limit of 969 exceeded by "exhaust" uid 1004, please see tuning(7) and login.conf(5). 26 maxproc limit of 969 exceeded by "exhaust" uid 1005, please see tuning(7) and login.conf(5). Note: "maxproc limit exceeded by uid 0" = ROOT was fork-blocked by the leaked nprocs. The "maxproc limit of 969" entries are the per-uid RLIMIT_NPROC ceiling for each attacker uid (969 == 1009 minus the 10-slot system reserve once nprocs approaches maxproc). These are emitted from kern_fork.c:404.