Hi--
On 2/21/21 7:49 AM, John Wood wrote:
Signed-off-by: John Wood john.wood@gmx.com
security/brute/brute.c | 488 +++++++++++++++++++++++++++++++++++++++-- 1 file changed, 474 insertions(+), 14 deletions(-)
diff --git a/security/brute/brute.c b/security/brute/brute.c index 70f812bb7763..645bd6e02638 100644 --- a/security/brute/brute.c +++ b/security/brute/brute.c
+/**
- print_fork_attack_running() - Warn about a fork brute force attack.
- */
+static inline void print_fork_attack_running(void) +{
- pr_warn("Fork brute force attack detected [%s]\n", current->comm);
+}
Do these pr_warn() calls need to be rate-limited so that they don't flood the kernel log?
+/**
- print_exec_attack_running() - Warn about an exec brute force attack.
- @stats: Statistical data shared by all the fork hierarchy processes.
- The statistical data shared by all the fork hierarchy processes cannot be
- NULL.
- Before showing the process name it is mandatory to find a process that holds
- a pointer to the exec statistics.
- Context: Must be called with tasklist_lock and brute_stats_ptr_lock held.
- */
+static void print_exec_attack_running(const struct brute_stats *stats) +{
- struct task_struct *p;
- struct brute_stats **p_stats;
- bool found = false;
- for_each_process(p) {
p_stats = brute_stats_ptr(p);
if (*p_stats == stats) {
found = true;
break;
}}
- if (WARN(!found, "No exec process\n"))
return;
- pr_warn("Exec brute force attack detected [%s]\n", p->comm);
+}
thanks.