I have just uploaded a new version of my kernel-patch-2.4-lsm package which
includes support for kernel 2.4.18 and (on 2.4.18) supports LIDS.
Enjoy.
--
Signatures >4 lines are rude. If you send email to me or to a mailing list
that I am subscribed to which has >4 lines of legalistic j
also sprach Mathias Gygax <[EMAIL PROTECTED]> [2001.12.05.1109 -0800]:
> > no, not yet. it's on my todo list, but since i am pretty comfortable
> > as root and my users are trusted users, it is not prime importance.
>
> if you have remote daemons, you don't have anything like "trusted
> users". ev
> no, not yet. it's on my todo list, but since i am pretty comfortable
> as root and my users are trusted users, it is not prime importance.
if you have remote daemons, you don't have anything like "trusted
users". every daemon has it's associated UID.
* [EMAIL PROTECTED] <[EMAIL PROTECTED]> [2001.12.05 20:55:40+1000]:
> I know that you run some sort of service for multiple users. Have you
> done any of this stuff for your servers? Have you installed LIDS also?
no, not yet. it's on my todo list, but since i am pretty comfor
openwall patch yet
> for 2.4 kernels and dietlibc seems to be providing a cut-down libc to
> create smaller binaries by statically linking etc.
openwall isn't yet available for 2.4. last time i checked, the
non-exec-stack patch was obviously not so easy to port it to 2.4.
on the lids
knowledge is maybe a bit beyond
me at the moment. I think I will put this on the back burner for now.
I know that you run some sort of service for multiple users. Have you
done any of this stuff for your servers? Have you installed LIDS also?
Cheers.
Mark.
pgpqk0tr9E0kW.pgp
Description: PGP signature
atch yet for 2.4 kernels and dietlibc
seems to be providing a cut-down libc to create smaller binaries by
statically linking etc.
I was just going to install libsafe and LIDS. Are you recommending
more?
When you mentioned that you were going to set up a computer with LIDS
and hand-out root p
you will. Definitely. If you deactivate every capability and have
running it on a fully-featured system, it will give you a lot of stuff
the daemons need and you have to configure.
One reason because LIDS is great, you don't have to rewrite any source
code to use it and every program uses it by de
* [EMAIL PROTECTED] <[EMAIL PROTECTED]> [2001.11.30 14:16:57+1000]:
> Also, the openwall patch that Alvin Oga recommended seems to only be for
> 2.2 series kernels - so I guess that is not possible for a 2.4 kernel.
> And I really want to run a 2.4 kernel for the iptables firewall stuff.
> What is
n "security=0"
> (e.g. lilo boot option) or disable it on runtime with
> "lidsadm -S -- -LIDS_GLOBAL" (replace - by + to reactivate it)
>
> > What I mean is: If I have trouble and decide that I don't want
> > LIDS anymore, can I boot into single user
On Sam, Dez 01, 2001 at 03:32:51 +1000, [EMAIL PROTECTED] wrote:
> Sounds as though I may need a little more knowledge than I currently
> have. But on the other hand, if I do go down this path of installing
> and configuring LIDS and manage to get it to work then I will have
> learn
e a real world load on the machine
> where many users try to access their data. This was, for me, a hairy
> step.
>
> --- snip ---
> several steps outlined on how to install and set up LIDS
> --- snip ---
>
> After you have a mini LIDS configured system, with basicly configure
e a real world load on the machine
> where many users try to access their data. This was, for me, a hairy
> step.
>
> --- snip ---
> several steps outlined on how to install and set up LIDS
> --- snip ---
>
> After you have a mini LIDS configured system, with basicly configure
On Fre, Nov 30, 2001 at 09:38:00 +0100, Christian Jaeger wrote:
> LIDS really makes use of the capabilities stuff that is in the kernel
> anyway.
Capability support is in since 2.2.11 i guess.
http://pw1.netcom.com/~spoon/lcap/
> Well it complements it with file access control l
Just as a note:
LIDS really makes use of the capabilities stuff that is in the kernel
anyway. Well it complements it with file access control lists (and
maybe some other stuff, I don't have much experience with LIDS), but
not everything in LIDS is it's own invention. I think really
> Then David Spreen contacted me. He creates the inofficial debian LIDS
> packages at http://netzwurm.cc/computer/lids.html
One thing, i forgot: I plan to do deb packages for daemons with
preconfigured LIDS setup. So you get automatic a configuration, when
LIDS is installed and running e.
oad the patch. You patch the kernel and set
configuration options. Then the usual compile run.
After you setup up a LIDS protected kernel, you boot the system without
LIDS enabled. This is option "security=0" (e.g. at lilo stage). Then you
boot it. Set the password which protect your ker
ppearances that something like LIDS may be so
hard to configure that it would be almost unusable unless you were some
kind of expert. So with that in mind I was thinking that something like
Tripwire may be more for me.
Basically wanted others opinions - especially on how hard LIDS is to set
up and man
On Thu, Nov 29, 2001 at 08:41:25PM -0600, John Patton wrote:
> On Fri, Nov 30, 2001 at 11:31:08AM +1000, [EMAIL PROTECTED] wrote:
> > I just stumbled upon this LIDS (Linux Intrusion Detection/Defense
> > System) see: http://www.lids.org
> >
> > I just wanted to know
On Thu, Nov 29, 2001 at 06:36:32PM -0800, Alvin Oga wrote:
> lids tries to prevent you and [h/cr]ackers from changing
> files its supposed to be protecting...
> a simple "attr +i /etc/passwd" will prevent it from
> being changed too
attr permissions can be cha
On Fri, Nov 30, 2001 at 11:31:08AM +1000, [EMAIL PROTECTED] wrote:
> I just stumbled upon this LIDS (Linux Intrusion Detection/Defense
> System) see: http://www.lids.org
>
> I just wanted to know if anyone is using this and what they think of it.
> Is it hard to set up? What happ
hi ya mark
are you trying to detect that files has changed
or are you trying to protect files from being changed ??
tripwire/aide and other ids will tell you that files have been
changed... ( a little too late in my book ...
lids tries to prevent you and [h/cr]ackers from changing
files its
I just stumbled upon this LIDS (Linux Intrusion Detection/Defense
System) see: http://www.lids.org
I just wanted to know if anyone is using this and what they think of it.
Is it hard to set up? What happens when you do an apt-get dist-upgrade
- will it refuse to change the binaries you want to
23 matches
Mail list logo
