hello, i've tried using this on my own box a couple of months back when i'm still
using the 2.2.x series kernel. it's really for the paranoid since you need to turn
off/on the capabilities that you want to perform such as changing network configs and
other system administrative tasks, even you're "root". you can also enable/disable
lids globally or only to a local console. you could also tell it to mail you for any
"security violations" though it was not really descriptive on the output.
along with different security mechanisms that back each other up, installing LIDS adds
additional layer of protection.
ronald
On Tue, 3 Jul 2001, Rafael R. Sevilla wrote:
>
> Anyone here using LIDS? I've been experimenting with it throughout most
> of today and have found that unless there's a serious bug in LIDS
> somewhere this box (203.176.75.250) should by now be as hard to crack as I
> can make it. Even if someone found a remote root exploit, there would be
> very little they could do. To do some serious damage they would need to
> have the LIDS administrator password, and with the way I've tried to
> configure it, physical access to my box. That's the only way to disable
> the protection LIDS gives.
>
> LIDS is a patch to the kernel that adds a lot of checking and logging.
> Programs need to be enabled by LIDS if they want setuid/setgid to become
> effective, kill processes they don't own, change immutable file status,
> bind to low ports, create network broadcasts or listen to multicasts,
> modify interface/firewall/routing parameters, open raw sockets, do chroot,
> do raw I/O, reboot the system, modify quotas, modify protected or hidden
> files, and so forth. Any program that tries is stopped and gets logged.
>
> The only trouble is it's a real pain to configure properly. It took me
> all day experimenting in order to get LIDS working on my (highly
> customized) Red Hat 7 box.
>
> http://www.lids.org/
>
> --
> Rafael R. Sevilla <[EMAIL PROTECTED]> +63(2) 8177746 ext. 8311
> Programmer, InterdotNet Philippines +63(917) 4458925
> http://dido.engr.internet.org.ph/
>
> -----BEGIN GEEK CODE BLOCK-----
> Version: 3.12
> GAT d- s:- a- C++++ UL+++ P+++ L+++ E++ W++ N+ o K- w---
> O- M-- V- PS+ PE Y+ PGP++ t+ 5 X+ R tv+ b+++ DI++ D+
> G e++ h! r++ y+
> ------END GEEK CODE BLOCK------
>
> _
> Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph
> To leave: send "unsubscribe" in the body to [EMAIL PROTECTED]
>
> To subscribe to the Linux Newbies' List: send "subscribe" in the body to
>[EMAIL PROTECTED]
>
_
Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph
To leave: send "unsubscribe" in the body to [EMAIL PROTECTED]
To subscribe to the Linux Newbies' List: send "subscribe" in the body to
[EMAIL PROTECTED]
