Next Previous Contents

2. Features of LIDS.

The Linux Intrusion Detection System is a patch and admin tools which enhances the kernel's security. It implements a reference monitor and Mandatory access control in the Linux kernel. When it is in effect, chosen files access, every system/network administration operations, any capability use, raw device, mem and I/O access can be made impossible even for root. It uses and extends the system capabilities bounding set to control the whole system and adds some network and file-system security features in kernel to enhance the security. You can finely tune the security protections online, hide sensitive processes, receive security alerts through the network, and more.

In short, with the security model implementation in the kernel, LIDS provides A Protection, Detection and Response in the Linux system.

For more information about the secure model of LIDS, please refer to the LIDS Hacking HOWTO.

2.1 Protection.

LIDS provides the following protection,

2.2 Detection.

When someone scan your host, LIDS can detect it and inform the administrator. LIDS can also notice any activity on the system which violates the rules.

2.3 Response.

When someone violate the rules, LIDS can log the detail message about the violated action to the system log file which has been protected by LIDS. LIDS can also send the log message to your mailbox. In this case, LIDS can also shutdown the user's session at once.

Next Previous Contents