Linux Intrusion Detection System
If you have a LIDS enabled kernel bootable CD then you have a whole 10 seconds at the boot option to enter lids or one of the preconfigured s1, s2, or s22 options. Once the systems starts with LIDS enabled you will have to use the lidsadm and lidsconf commands to change the access control.
To change the LIDS configuration first turn LIDS off
lidsadm -S -- -LIDS_GLOBAL Turn off LIDS entirely and behave like a standard Linux kernel.
make your changes using lidsconf commands then enter turn LIDS on again
lidsadm -S -- +RELOAD_CONF Reload the LIDS configuration.
lidsadm -S -- +LIDS_GLOBAL Turn LIDS back on.
The lidsconf command often requires you to set the file readonly
first before you can grant access for example. You only need configuration entries
for those capabilities that you have selected as enabled in the capability file lids.cap. Look at the ADIOS the configuration file lids.conf and UML configuration file uml-lids.conf as a starting point. For more
information about LIDS go to the home page at http://www.lids.org
and read the documentation there.
Maintained by Neville Richter. |
ADIOS [