From: John Wood <john.wood@xxxxxxx> Add a menu entry under "Security options" to enable the "Fork brute force attack mitigation" feature. Signed-off-by: John Wood <john.wood@xxxxxxx> --- security/Kconfig | 1 + security/fbfam/Kconfig | 10 ++++++++++ 2 files changed, 11 insertions(+) create mode 100644 security/fbfam/Kconfig diff --git a/security/Kconfig b/security/Kconfig index 7561f6f99f1d..00a90e25b8d5 100644 --- a/security/Kconfig +++ b/security/Kconfig @@ -290,6 +290,7 @@ config LSM If unsure, leave this as the default. source "security/Kconfig.hardening" +source "security/fbfam/Kconfig" endmenu diff --git a/security/fbfam/Kconfig b/security/fbfam/Kconfig new file mode 100644 index 000000000000..bbe7f6aad369 --- /dev/null +++ b/security/fbfam/Kconfig @@ -0,0 +1,10 @@ +# SPDX-License-Identifier: GPL-2.0 +config FBFAM + bool "Fork brute force attack mitigation" + default n + help + This is a user defense that detects any fork brute force attack + based on the application's crashing rate. When this measure is + triggered the fork system call is blocked. + + If you are unsure how to answer this question, answer N. -- 2.25.1
