On Sun, 2007-08-05 at 16:06 -0400, Alan Cox wrote: > On Sun, Aug 05, 2007 at 04:31:48PM +0200, Miloslav Trmac wrote: > > Repeated SIGABRT terminations might indicate an ongoing DoS attack, but > > isolated SIGABRT terminations need to be ignored, IMHO. > > They probably want logging. You only need one attack. But you want to > log an abort/core dump of any system service/process anyway - because it > shouldn't be aborting and the dumb will be good gdb food getting things to dump core somewhere securily, and then do (semi)offline processing works quite ok. It would even be nice if there was a "a program dumped core. Can I send a backtrace to the distro vendor?" program that would allow fedora (and others) to get statistical information about where the most common crashes happen. (and if some little magic you can normally deduce attacks as well for local use) Example script from way-back attached that runs on a coredump and produces something that in theory can be used for this
Attachment:
bt.sh
Description: application/shellscript
-- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
