With the LIDS features, let's go and see how to build a secure system with LIDS step by step.
You can download lids patch and admin tool from LIDS Home and LIDS Ftp Home and other mirrors of LIDS around the world, check LIDS Mirror for the nearby mirror site.
The patch name will be lids-x.xx-y.y.y.tar.gz, x.xx represents the lids version and the y.y.y represents the Linux kernel version. For example, lids-0.9.9-2.2.17.tar.gz represent lids version 0.9.9 and the coresponsive kernel version is 2.2.17.
You should download the coresponsive kernel version. For example, if you download the lids-0.9.9-2.2.17.tar.gz, you should download the Linux kernel 2.2.17 source code. You can download the kernel source from Kernel FTP Site or other mirror sites.
And then, you need to uncompress the kernel source and LIDS tar-ball.For example, you have get
lids-0.9.9-2.2.17.tar.gz from www.lids.org and
linux-2.2.17.tar.bz2 from ftp.us.kernel.org.
1. uncompress the Linux kernel source code tree. # cd linux_install_path/ # bzip2 -cd linux-2.2.17.tar.bz2 | tar -xvf - 2. uncompress the lids source code and install the lidsadm tool. # cd lids_install_path # tar -zxvf lids-0.9.8-2.2.17.tar.gz
3. patch the lids to the Linux kernel source code.
# cd linux_install_path/linux # patch -p1 </lids_install_path/lids-0.9pre4-2.2.14.patch /* link the default source path to lids patched version # rm -rf /usr/src/linux # ln -s linux_install_patch/linux /usr/src/linux
Now, it it time to configure the Linux kernel, turn the following option on,
4. configure the Linux kernel # cd linux # make menuconfig or make xconfig
After configure the LIDS kernel options. exit the configure interface, and compile the kernel.
[*] Prompt for development and/or incomplete code/drivers [*] Sysctl support After that, you will find that a new item appear in the bottom of the configuration menu name "Linux Intrusion Detection System". Entering this menu, turn the [*] Linux Intrusion Detection System support (EXPERIMENTAL) (NEW).
# make dep # make clean # make bzImage # make modules # make modules_install
4. copy the bzImage to /boot/ and edit the /etc/lilo.conf
# cp arch/i386/boot/bzImage /boot/bzImage-lids-0.9.9-2.2.17 /* build admin tools */ # cd lids-0.9.8-2.2.17/lidsadm-0.9.8/ # make # make install # less /etc/lilo.conf boot=/dev/hda map=/boot/map install=/boot/boot.b prompt timeout=50 default=linux image=/boot/vmlinuz-2.2.16-3 label=linux read-only root=/dev/hda2 image=/boot/bzImage-lids-0.9.9-2.2.17 label=dev read-only root=/dev/hda2
5 running /sbin/lilo to install the new kernel.
Now before reboot, you must configure you lids system to meet you security need. You can define protected files, protected process,etc.
By default, the lidsadm will install the default configuration files in
/etc/lids/. You must reconfig it with your need. First of all, you can update the inode/dev value of the default lids.conf by.
# /sbin/lidsadm -U
In the next chapter, we will show you the details about this topic.
After you configure the Linux system, reboot your system. When lilo appear, select the lids enable kernel to load. After then, you will enter the wonderful world of LIDS.
After your system boots up, do not forget to seal the kernel with lidsadm, you can put the command in latest line of /etc/rc.local.
# /sbin/lidsadm -I
You can check the LIDS HOWTO to view the details meaning of each options of lidsadm.
After you seal the kernel, your system is now protected by LIDS. You can do some test on it. If you want to change some configuration, such as modify the capability option, you can change your lids security level online by providing a password.
After you change you lids configuration value, such as lids.conf, lids.cap. You can also reload the configuration file into the kernel by
# /sbin/lidsadm -S -- -LIDS
# /sbin/lidsadm -S -- +RELOAD_CONF