On Fri, Nov 30, 2001 at 11:31:08AM +1000, [EMAIL PROTECTED] wrote: > I just stumbled upon this LIDS (Linux Intrusion Detection/Defense > System) see: http://www.lids.org > > I just wanted to know if anyone is using this and what they think of it. > Is it hard to set up? What happens when you do an apt-get dist-upgrade > - will it refuse to change the binaries you want to upgrade? Is > something like Tripwire / AIDE better because it doesn't stop root > from changing/deleting files but will tell you later which ones have > changed. > > Anyone with any experience in using this LIDS?
I've been using lids for a while. It has the potential of giving you quite good security in the case you do get broken into (ie- it would be damn near impossible to install a usable root kit). It is also fairly easy to work with, all things considered. But it does come at a price: developing a system that is both secure and functional (even functioning at all) is tricky and a good deal of work. Having said that, I feel that lids is a pretty good product. For example, one of the big problem areas in using mandatory access controls (MACs) is system startup. With lids you can choose exactly when to start enforcing the controls, which is nice since that allows you to get most of your system up and running before activating lids. After that you can turn the access controls on or off by giving a passphrase, so if you need to install packages or whatever you can just turn them off for a bit. One really nice feature of lids when doing that is that permissions are relaxed for that tty only... access controls are still enforced for all other users. I recommend giving it a shot if you are interested in strong security and are willing to put in a fair amount of work for it. -- John Patton [EMAIL PROTECTED] "Everything should be as simple as it is, but not simpler." -Albert Einstein
