Linux Commands

Understanding the Fork Bomb :(){ :|:& };: in Linux

Malwares and errors can be expected while working on a system, if you are a Linux user then the most popular malware that is encountered by the user is Fork Bomb. Fork Bomb sabotages the system resources by generating repetitive tasks which eventually lead the system to crash. If you are a Linux or Unix operating system user and are unaware of Fork bomb or looking for a way out to avoid such virus attack, then read this guide:

Graphical user interface, text, application Description automatically generated

What is Fork Bomb

To prevent your Linux system from any specific virus or malware attacks it’s imperative to know how that virus generates and how it affects the system. Fork Bomb also known as Rabbit Virus is used by hackers to halt the system functioning by creating an infinite chain of tasks. These tasks start to run in the background and continue to generate until all the system resources are exhausted bringing the system to halt, in other words, one can name it as denial-of-service (DoS) attack.

Formation of Fork Bomb

The formation of Fork Bomb then is mentioned below:

To understand the Fork Bomb creation and its working see the given syntax below:

$ :(){ :|:& };:
  • :() is used to declares a function and is represented by : function
  • {} is the body of the function that contains commands to crash the system
  • :|: starts the replication of the function, here first : is the function called and then | replicates the function :
  • & Will move the whole function to background to prevent killing of any child process
  • ; separates the child processes and ends the statement
  • : Runs the created function

How to Prevent and Fix Fork Bomb

The potential solution for preventing Fork Bomb is to limit the number of process one can carry out on Linux system and to see what is by default limit on programs use:

<strong>$ ulimit -u</strong>

Graphical user interface, text, application, chat or text message Description automatically generated

Next add the limit of the programs using the syntax:

$ ulimit -S -u <limit>

For example, if you want to limit the number of processes to 10000 then use:

$ ulimit -S -u 10000

Graphical user interface, text, application Description automatically generated

If you want to limit the number of processes for a specific user, then open the configuration file using:

$ sudo nano /etc/security/limits.conf

Next add the number of background programs for any user by using the following syntax:

<user_name> hard nproc <limit>

For example, if I want to add a limit of 500 for any specific user then:

aaliyan hard nproc 1000

Next save the file and reboot the system to apply the changes:

So, this how one can prevent Liunx system from Denial of Service (DoS) attack, in case if your Linux system is attacked by the Fork Bomb just restart it to move it back to normal.


Fork Bomb is a denial of service (DOS) attack which create a chain of repetitive tasks to eat up all the resources of the system and keeps on generating tasks until the system crashes. The best way to prevent such malware attacks is to limit the number of background processes as it will stop the generation of repetitive tasks thus preventing the system from crashing.

About the author

Aaliyan Javaid

I am an electrical engineer and a technical blogger. My keen interest in embedded systems has led me to write and share my knowledge about them.