You may put it in a rc script (rc.local, /etc/init.d/lids, /etc/rc.d/init.d/lids, etc.) depending upon your distribution and the way you administrate your system.
The command is, for example :
lidsadm -I -- -CAP_SYS_MODULE -CAP_SYS_RAWIO -CAP_SYS_ADMIN \ -CAP_SYS_PTRACE -CAP_NET_ADMIN \ +LOCK_INIT_CHILDRENYou can also add the +RELOAD_CONF (see 6.2).
You must be sure you have protected each program executed during startup before LIDS is sealed, as someone could replace it by a program of his own and do evil things before capabilities are disallowed. (see 9.4).