hi,
lids ... linux intrusion detection system does two things
1.)it makes files read-only
2.)it makes files readable and appendable
those files are handled by the kernel module, so even root
can't write to them (i.e. change a logfile)
it is installed by making a list of files you want to
protect, compile lids-enhanced kernel and run it
i don't compile it as a module ... makes me sleep better ;-)
this is obviously very cool for configuration files as well as
log files.
greetinx
rand
p.s.: for further information please refer to the lids webpage
http://www.soaring-bird.com.cn/oss_proj/lids/
On Mon, 6 Dec 1999, Tamas Arpad wrote:
> lits-kernel module?
> What is it? Sorry, I've never heard of it.
> Please give me an explanation.
> Thanks
> Arpi
>
> > hi,
> >
> > when setting up the system, don't forget to use the lits-kernel module
> > (linux intrusion detection system) ... it saves your logfiles from
> > manipulations (even superuser !).
> >
> > gx rand
> >
> > ________________________________________________________________________
> > Randolph Kepplinger | When Law is Tyranny,
> > Student of CS | Revolution is Order .
> > [EMAIL PROTECTED] | (Abraham Lincoln)
> > ________________________________________________________________________
> >
> > feed them kernels !
> > _________________________________________________________________________
> >
> > On Thu, 2 Dec 1999, Tony Turner wrote:
> >
> > >
> > >
> > > Hi
> > >
> > > All my message logs are empty i.e messages, messages 1 - 4, secure and
> > > boot logs. Why is this, they are normally full?
> > >
> > > Also If I try to telnet in and I should not be able to I get the
> > > message: ( I turnerd it off)
> > >
> > > Red Hat Linux release 5.1 (Manhattan)
> > > Kernel 2.0.34 on an i586
> > > telnetd: /bin/ttysnoops: No such file or directory
> > >
> > > I'm sure that when I turned off the telnet facility and later checked
> > > telnet hung as there was no active port for this. (that was correct)
> > >
> > > Also the file securetty has disappeared.(oh dear what's going on here)
> > >
> > > Cheers
> > >
> > > Tony
> > >
> > >
> > > -
> > > To unsubscribe from this list: send the line "unsubscribe linux-net" in
> > > the body of a message to [EMAIL PROTECTED]
> > >
> >
> > -
> > To unsubscribe from this list: send the line "unsubscribe linux-net" in
> > the body of a message to [EMAIL PROTECTED]
>
>
________________________________________________________________________
Randolph Kepplinger | When Law is Tyranny,
Student of CS | Revolution is Order .
[EMAIL PROTECTED] | (Abraham Lincoln)
________________________________________________________________________
feed them kernels !
_________________________________________________________________________
-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to [EMAIL PROTECTED]
