next up previous contents
Next: Compile lidsadm Up: LIDS-Howto Previous: Contents   Contents

What is LIDS

LIDS stands for Linux Intrusion Detection/Defense System.

This is the how-to for LIDS-0.8.1pre1. It is also exact for LIDS-0.8 and 0.8pre1, 2, 3 and 4, but some feature may be missing.

Only i386 architecture is supported for now. This is mainly because Kevin Xie and I haven't any other machine than i386 to perform tests. If you want LIDS to support your architecture, please let us know and we try to do something (but you will have to test for us :). If you want to send us machines you don't want anymore, we'll be happy :) ).

The goal is to protect linux systems against root intrusions, by disabling some system calls in the kernel itself. As you sometimes need to administrate the system, you can disable LIDS protection.

The first part is to protect LIDS itself against a root intruder. This assume two things :

Protecting LIDS against a root intruder means : Then you can think about intrusion detection. For this, LIDS provide : For your system protection, LIDS provide :


next up previous contents
Next: Compile lidsadm Up: LIDS-Howto Previous: Contents   Contents
Biondi Philippe 2000-02-24