Anyone here using LIDS? I've been experimenting with it throughout most
of today and have found that unless there's a serious bug in LIDS
somewhere this box (203.176.75.250) should by now be as hard to crack as I
can make it. Even if someone found a remote root exploit, there would be
very little they could do. To do some serious damage they would need to
have the LIDS administrator password, and with the way I've tried to
configure it, physical access to my box. That's the only way to disable
the protection LIDS gives.
LIDS is a patch to the kernel that adds a lot of checking and logging.
Programs need to be enabled by LIDS if they want setuid/setgid to become
effective, kill processes they don't own, change immutable file status,
bind to low ports, create network broadcasts or listen to multicasts,
modify interface/firewall/routing parameters, open raw sockets, do chroot,
do raw I/O, reboot the system, modify quotas, modify protected or hidden
files, and so forth. Any program that tries is stopped and gets logged.
The only trouble is it's a real pain to configure properly. It took me
all day experimenting in order to get LIDS working on my (highly
customized) Red Hat 7 box.
http://www.lids.org/
--
Rafael R. Sevilla <[EMAIL PROTECTED]> +63(2) 8177746 ext. 8311
Programmer, InterdotNet Philippines +63(917) 4458925
http://dido.engr.internet.org.ph/
-----BEGIN GEEK CODE BLOCK-----
Version: 3.12
GAT d- s:- a- C++++ UL+++ P+++ L+++ E++ W++ N+ o K- w---
O- M-- V- PS+ PE Y+ PGP++ t+ 5 X+ R tv+ b+++ DI++ D+
G e++ h! r++ y+
------END GEEK CODE BLOCK------
_
Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph
To leave: send "unsubscribe" in the body to [EMAIL PROTECTED]
To subscribe to the Linux Newbies' List: send "subscribe" in the body to
[EMAIL PROTECTED]
