The Linux Intrusion Detection System is
a patch and admin tools which enhances the kernel's security. It implements a
reference monitor and Mandatory access control in the Linux kernel. When it
is in effect, chosen files access, every system/network administration
operations, any capability use, raw device, mem and I/O access can be
made impossible even for root. It uses and extends the system capabilities
bounding set to control the whole system and adds some network and
file-system security features in kernel to enhance the security. You can
finely tune the security protections online, hide sensitive processes,
receive security alerts through the network, and more.
In short, with the security model implementation in the kernel, LIDS provides
A Protection, Detection and Response in the Linux system.
For more information about the secure model of LIDS, please refer to the
LIDS Hacking HOWTO.
LIDS provides the following protection,
When someone scan your host, LIDS can detect it and inform the administrator. LIDS can also notice any activity on the system which violates the rules.
When someone violate the rules, LIDS can log the detail message about the violated action to the system log file which has been protected by LIDS. LIDS can also send the log message to your mailbox. In this case, LIDS can also shutdown the user's session at once.