Vuln kernel deter brute

From Atomicorp Wiki
Revision as of 19:16, 1 December 2013 by Mshinn (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

This means that your kernel can not protect itself from brute force attacks.

The ASL kernel contains a special protection system that will detect attempts to bruteforce exploits against forking daemons such as apache or sshd, as well as against suid/sgid binaries will be deterred. When a child of a forking daemon is killed by the kernel, because an exploit was attempted against it and the kernel protected the system from compromise, or if the application crashed due to an illegal instruction or other suspicious signal, the parent process will be delayed 30 seconds upon every subsequent fork until the administrator is able to assess the situation and restart the daemon.

In the suid/sgid case, the attempt is logged, the user has all their processes terminated, and they are prevented from executing any further processes for 15 minutes.

To enable this protection, if you are using the ASL kernel, please see this option:

https://www.atomicorp.com/wiki/index.php/ASL_Configuration#GRKERNSEC_DETER_BRUTEFORCE

It is recommended that you also enable signal logging in the auditing section so that logs are generated when a process triggers a suspicious signal.

https://www.atomicorp.com/wiki/index.php/ASL_Configuration#SIGNAL_LOGGING

Personal tools