On Thu, Nov 29, 2001 at 08:41:25PM -0600, John Patton wrote: > On Fri, Nov 30, 2001 at 11:31:08AM +1000, mdevin@ozemail.com.au wrote: > > I just stumbled upon this LIDS (Linux Intrusion Detection/Defense > > System) see: http://www.lids.org > > > > I just wanted to know if anyone is using this and what they think of it. > > I've been using lids for a while. It has the potential of giving you > quite good security in the case you do get broken into (ie- it would be > damn near impossible to install a usable root kit). It is also fairly > easy to work with, all things considered. But it does come at a price: > developing a system that is both secure and functional (even functioning > at all) is tricky and a good deal of work. Hmmm. I thought that was the case from reading the documentation on the LIDS site. Sounds as though you really need to know just which things to protect - 'cause if you forget something then your security is only as good as your weakest point. > Having said that, I feel that lids is a pretty good product. For > example, one of the big problem areas in using mandatory access > controls (MACs) is system startup. With lids you can choose exactly > when to start enforcing the controls, which is nice since that allows > you to get most of your system up and running before activating lids. > After that you can turn the access controls on or off by giving a > passphrase, so if you need to install packages or whatever you can > just turn them off for a bit. One really nice feature of lids when > doing that is that permissions are relaxed for that tty only... access > controls are still enforced for all other users. So you could relax the permissions, do your apt-get upgrade and then re-inforce things. That sounds OK. > > I recommend giving it a shot if you are interested in strong security > and are willing to put in a fair amount of work for it. > Thanks for the information. I noticed that it is essentially a kernel patch and an admin binary. I am running 2.4.14 kernel on a potato system using Adrian Bunk's packages. I can figure out how to do the kernel-patching (I think having never done before), but can the admin binary be compiled for potato? The dependencies listed on the debian site for lidsadm-2.2.19 are only debconf so I assume that it would compile on a potato system. Also, the openwall patch that Alvin Oga recommended seems to only be for 2.2 series kernels - so I guess that is not possible for a 2.4 kernel. And I really want to run a 2.4 kernel for the iptables firewall stuff. What is your opinion on the openwall stuff? Regards. Mark.
Attachment:
pgpRnwmd1wwkE.pgp
Description: PGP signature