📄 00000017.htm

📁 一份很好的linux入门资料
💻 HTM
📖 第 1 页 / 共 3 页
字号:
12 3 下一页
<HTML><HEAD>  <TITLE>BBS水木清华站∶精华区</TITLE></HEAD><BODY><CENTER><H1>BBS水木清华站∶精华区</H1></CENTER>发信人:&nbsp;vertex&nbsp;(happy&nbsp;hacking),&nbsp;信区:&nbsp;Linux&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<BR>标&nbsp;&nbsp;题:&nbsp;[文挡]&nbsp;用&nbsp;LIDS&nbsp;来构建安全的&nbsp;Linux&nbsp;系统.&nbsp;<BR>发信站:&nbsp;BBS&nbsp;水木清华站&nbsp;(Thu&nbsp;Apr&nbsp;20&nbsp;14:51:09&nbsp;2000)&nbsp;<BR>&nbsp;<BR>&nbsp;<BR>BUILD&nbsp;A&nbsp;SECURITY&nbsp;SYSTEM&nbsp;WITH&nbsp;LIDS&nbsp;<BR>&nbsp;<BR>Xie&nbsp;Huagang&nbsp;(<A HREF="mailto:xhg@ncic.ac.cn,">xhg@ncic.ac.cn,</A>&nbsp;<BR><A HREF="http://www.lids.org)">http://www.lids.org)</A>&nbsp;<BR>&nbsp;<BR>Tue&nbsp;Apr&nbsp;18&nbsp;00:02:12&nbsp;CST&nbsp;2000.&nbsp;&nbsp;<BR>&nbsp;<BR>&nbsp;<BR>LIDS&nbsp;(&nbsp;Linux&nbsp;Intrusion&nbsp;Detection&nbsp;System)&nbsp;is&nbsp;a&nbsp;linux&nbsp;kernel&nbsp;patch&nbsp;to&nbsp;enhance&nbsp;<BR>the&nbsp;the&nbsp;linux&nbsp;kernel.&nbsp;In&nbsp;this&nbsp;article,&nbsp;we&nbsp;will&nbsp;talk&nbsp;about&nbsp;the&nbsp;LIDS&nbsp;including&nbsp;<BR>what&nbsp;it&nbsp;can&nbsp;do&nbsp;and&nbsp;how&nbsp;to&nbsp;use&nbsp;it&nbsp;to&nbsp;build&nbsp;a&nbsp;security&nbsp;linux&nbsp;system.&nbsp;&nbsp;<BR>&nbsp;<BR>&nbsp;<BR>1.&nbsp;Why&nbsp;LIDS.&nbsp;&nbsp;<BR>&nbsp;<BR>With&nbsp;increasing&nbsp;popularity&nbsp;of&nbsp;Linux&nbsp;on&nbsp;Internet&nbsp;,&nbsp;more&nbsp;and&nbsp;more&nbsp;security&nbsp;<BR>holes&nbsp;are&nbsp;found&nbsp;in&nbsp;the&nbsp;current&nbsp;GNU/Linux&nbsp;system.&nbsp;You&nbsp;may&nbsp;hear&nbsp;from&nbsp;the&nbsp;<BR>Internet&nbsp;that&nbsp;-&nbsp;There&nbsp;are&nbsp;bugs&nbsp;found&nbsp;in&nbsp;Linux,&nbsp;which&nbsp;will&nbsp;cause&nbsp;the&nbsp;system&nbsp;to&nbsp;<BR>be&nbsp;easily&nbsp;compromised&nbsp;by&nbsp;hacker.&nbsp;&nbsp;<BR>&nbsp;<BR>Since&nbsp;the&nbsp;Linux&nbsp;is&nbsp;an&nbsp;art&nbsp;of&nbsp;open&nbsp;source&nbsp;community,&nbsp;security&nbsp;holes&nbsp;can&nbsp;be&nbsp;<BR>found&nbsp;easily&nbsp;and&nbsp;can&nbsp;also&nbsp;be&nbsp;patched&nbsp;quickly.&nbsp;But&nbsp;when&nbsp;the&nbsp;hole&nbsp;is&nbsp;disclose&nbsp;<BR>to&nbsp;the&nbsp;public,&nbsp;and&nbsp;the&nbsp;administrator&nbsp;is&nbsp;too&nbsp;lazy&nbsp;to&nbsp;patch&nbsp;the&nbsp;hole.&nbsp;It&nbsp;is&nbsp;very&nbsp;<BR>easy&nbsp;to&nbsp;break&nbsp;into&nbsp;the&nbsp;current&nbsp;system&nbsp;and&nbsp;it&nbsp;is&nbsp;worse&nbsp;that&nbsp;the&nbsp;hacker&nbsp;can&nbsp;get&nbsp;<BR>the&nbsp;root&nbsp;shell.&nbsp;With&nbsp;the&nbsp;current&nbsp;GNU/linux&nbsp;system,&nbsp;he&nbsp;can&nbsp;do&nbsp;whatever&nbsp;he&nbsp;<BR>want.&nbsp;Now,&nbsp;you&nbsp;may&nbsp;ask,&nbsp;what&nbsp;is&nbsp;the&nbsp;problem&nbsp;and&nbsp;what&nbsp;can&nbsp;we&nbsp;do?&nbsp;&nbsp;<BR>&nbsp;<BR>What's&nbsp;wrong&nbsp;with&nbsp;the&nbsp;current&nbsp;GNU/Linux&nbsp;system.&nbsp;&nbsp;<BR>&nbsp;<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;superuser&nbsp;(root)&nbsp;may&nbsp;abuse&nbsp;the&nbsp;rights&nbsp;Being&nbsp;a&nbsp;root,&nbsp;he&nbsp;can&nbsp;do&nbsp;<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;whatever&nbsp;he&nbsp;want.&nbsp;Even&nbsp;the&nbsp;capability&nbsp;existing&nbsp;in&nbsp;the&nbsp;current&nbsp;the&nbsp;<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;system.&nbsp;As&nbsp;a&nbsp;root,&nbsp;he&nbsp;can&nbsp;easily&nbsp;change&nbsp;the&nbsp;capability.&nbsp;&nbsp;<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Many&nbsp;system&nbsp;files&nbsp;can&nbsp;be&nbsp;changed&nbsp;easily.&nbsp;There&nbsp;are&nbsp;many&nbsp;important&nbsp;<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;files,&nbsp;such&nbsp;as&nbsp;/bin/login,&nbsp;in&nbsp;the&nbsp;system.&nbsp;if&nbsp;the&nbsp;hacker&nbsp;come&nbsp;in,&nbsp;he&nbsp;can&nbsp;<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;upload&nbsp;a&nbsp;changed&nbsp;login&nbsp;program&nbsp;to&nbsp;replace&nbsp;/bin/login&nbsp;,&nbsp;so&nbsp;he&nbsp;can&nbsp;<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;re-login&nbsp;without&nbsp;any&nbsp;login&nbsp;name&nbsp;of&nbsp;password.&nbsp;But&nbsp;the&nbsp;files&nbsp;do&nbsp;not&nbsp;<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;need&nbsp;to&nbsp;change&nbsp;frequently,&nbsp;unless&nbsp;you&nbsp;want&nbsp;to&nbsp;upgrade&nbsp;the&nbsp;system.&nbsp;&nbsp;<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Modules&nbsp;is&nbsp;easily&nbsp;used&nbsp;to&nbsp;intercept&nbsp;the&nbsp;kernel.&nbsp;Module&nbsp;is&nbsp;a&nbsp;good&nbsp;<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;design&nbsp;for&nbsp;the&nbsp;linux&nbsp;kernel&nbsp;to&nbsp;make&nbsp;the&nbsp;linux&nbsp;kernel&nbsp;more&nbsp;modulized&nbsp;<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;and&nbsp;more&nbsp;felixible.&nbsp;But&nbsp;after&nbsp;the&nbsp;modules&nbsp;inserted&nbsp;into&nbsp;the&nbsp;kernel,&nbsp;it&nbsp;<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;will&nbsp;be&nbsp;part&nbsp;of&nbsp;the&nbsp;kernel&nbsp;and&nbsp;can&nbsp;do&nbsp;what&nbsp;the&nbsp;original&nbsp;kernel&nbsp;can&nbsp;do.&nbsp;<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Therefore&nbsp;some&nbsp;unfriendly&nbsp;code&nbsp;could&nbsp;be&nbsp;written&nbsp;as&nbsp;a&nbsp;modules&nbsp;and&nbsp;<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;inserted&nbsp;into&nbsp;to&nbsp;kernel,&nbsp;the&nbsp;code&nbsp;can&nbsp;even&nbsp;redirect&nbsp;the&nbsp;system&nbsp;call&nbsp;<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;and&nbsp;act&nbsp;like&nbsp;a&nbsp;virus.&nbsp;&nbsp;<BR>&nbsp;<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Process&nbsp;is&nbsp;unprotected.&nbsp;Certain&nbsp;processes,&nbsp;such&nbsp;as&nbsp;web&nbsp;server&nbsp;<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;daemon,&nbsp;which&nbsp;are&nbsp;critical&nbsp;to&nbsp;to&nbsp;system&nbsp;is&nbsp;not&nbsp;under&nbsp;strict&nbsp;protection.&nbsp;<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Therefore,&nbsp;there&nbsp;are&nbsp;vulnerable&nbsp;to&nbsp;the&nbsp;attack&nbsp;of&nbsp;hackers.&nbsp;&nbsp;<BR>&nbsp;<BR>With&nbsp;above&nbsp;description&nbsp;about&nbsp;insecurity&nbsp;thing,&nbsp;how&nbsp;can&nbsp;we&nbsp;build&nbsp;a&nbsp;security&nbsp;<BR>system?&nbsp;we&nbsp;must&nbsp;have&nbsp;a&nbsp;security&nbsp;kernel&nbsp;and&nbsp;then&nbsp;build&nbsp;our&nbsp;security&nbsp;system&nbsp;<BR>on&nbsp;top&nbsp;of&nbsp;it.&nbsp;This&nbsp;is&nbsp;what&nbsp;LIDS&nbsp;do.&nbsp;&nbsp;<BR>&nbsp;<BR>2.&nbsp;Features&nbsp;about&nbsp;LIDS.&nbsp;<BR>&nbsp;<BR>The&nbsp;Linux&nbsp;Intrusion&nbsp;Detection&nbsp;System&nbsp;is&nbsp;a&nbsp;patch&nbsp;which&nbsp;enhances&nbsp;the&nbsp;<BR>kernel's&nbsp;security.&nbsp;When&nbsp;it&nbsp;is&nbsp;in&nbsp;effect,&nbsp;chosen&nbsp;files&nbsp;access,&nbsp;every&nbsp;<BR>system/network&nbsp;administration&nbsp;operations,&nbsp;any&nbsp;capability&nbsp;use,&nbsp;raw&nbsp;device,&nbsp;<BR>mem&nbsp;and&nbsp;I/O&nbsp;access&nbsp;can&nbsp;be&nbsp;made&nbsp;impossible&nbsp;even&nbsp;for&nbsp;root.&nbsp;It&nbsp;uses&nbsp;and&nbsp;<BR>extends&nbsp;the&nbsp;system&nbsp;capabilities&nbsp;bounding&nbsp;set&nbsp;to&nbsp;control&nbsp;the&nbsp;whole&nbsp;system&nbsp;<BR>and&nbsp;adds&nbsp;some&nbsp;network&nbsp;and&nbsp;filesystem&nbsp;security&nbsp;features&nbsp;in&nbsp;kernel&nbsp;to&nbsp;enhance&nbsp;<BR>the&nbsp;security.&nbsp;You&nbsp;can&nbsp;finely&nbsp;tune&nbsp;the&nbsp;security&nbsp;protections&nbsp;online,&nbsp;hide&nbsp;<BR>sensitive&nbsp;processes,&nbsp;receive&nbsp;security&nbsp;alerts&nbsp;through&nbsp;the&nbsp;network,&nbsp;and&nbsp;more.&nbsp;&nbsp;<BR>&nbsp;<BR>In&nbsp;short,&nbsp;LIDS&nbsp;provides&nbsp;Protection,&nbsp;Detection&nbsp;and&nbsp;Response&nbsp;to&nbsp;the&nbsp;<BR>intrusion&nbsp;in&nbsp;the&nbsp;linux&nbsp;kernel.&nbsp;&nbsp;<BR>&nbsp;<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Protection.&nbsp;LIDS&nbsp;can&nbsp;protect&nbsp;important&nbsp;files&nbsp;on&nbsp;your&nbsp;hard&nbsp;disk&nbsp;no&nbsp;<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;matter&nbsp;what&nbsp;filesystem&nbsp;type&nbsp;they&nbsp;reside&nbsp;on,&nbsp;anybody&nbsp;include&nbsp;root&nbsp;can&nbsp;<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;not&nbsp;change&nbsp;the&nbsp;files.&nbsp;LIDS&nbsp;can&nbsp;also&nbsp;protect&nbsp;the&nbsp;important&nbsp;process&nbsp;<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;from&nbsp;being&nbsp;killed.&nbsp;LIDS&nbsp;can&nbsp;prevent&nbsp;RAW&nbsp;IO&nbsp;operation&nbsp;from&nbsp;an&nbsp;<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;unauthority&nbsp;program.&nbsp;It&nbsp;can&nbsp;also&nbsp;protect&nbsp;your&nbsp;hard&nbsp;DISK,include&nbsp;<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;MBR&nbsp;protection,etc.&nbsp;&nbsp;<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Detection.&nbsp;When&nbsp;someone&nbsp;scan&nbsp;your&nbsp;host,&nbsp;LIDS&nbsp;can&nbsp;detect&nbsp;it&nbsp;and&nbsp;<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;inform&nbsp;the&nbsp;administrator.&nbsp;LIDS&nbsp;can&nbsp;also&nbsp;notice&nbsp;any&nbsp;activity&nbsp;on&nbsp;the&nbsp;<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;system&nbsp;which&nbsp;violates&nbsp;the&nbsp;rules.&nbsp;&nbsp;<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Response.&nbsp;When&nbsp;someone&nbsp;violate&nbsp;the&nbsp;rules,&nbsp;LIDS&nbsp;can&nbsp;log&nbsp;the&nbsp;detail&nbsp;<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;message&nbsp;about&nbsp;the&nbsp;violated&nbsp;action&nbsp;to&nbsp;the&nbsp;system&nbsp;log&nbsp;file&nbsp;which&nbsp;has&nbsp;<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;been&nbsp;protected&nbsp;by&nbsp;LIDS.&nbsp;LIDS&nbsp;can&nbsp;also&nbsp;send&nbsp;the&nbsp;log&nbsp;message&nbsp;to&nbsp;your&nbsp;<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;mailbox.&nbsp;In&nbsp;this&nbsp;case,&nbsp;LIDS&nbsp;can&nbsp;also&nbsp;shutdown&nbsp;the&nbsp;user's&nbsp;session&nbsp;at&nbsp;<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;once.&nbsp;&nbsp;<BR>&nbsp;<BR>3.&nbsp;Build&nbsp;a&nbsp;security&nbsp;linux&nbsp;system&nbsp;with&nbsp;LIDS&nbsp;<BR>&nbsp;<BR>With&nbsp;the&nbsp;LIDS&nbsp;features,&nbsp;let's&nbsp;go&nbsp;and&nbsp;see&nbsp;how&nbsp;to&nbsp;build&nbsp;a&nbsp;security&nbsp;system&nbsp;with&nbsp;<BR>LIDS&nbsp;step&nbsp;by&nbsp;step.&nbsp;&nbsp;<BR>&nbsp;<BR>3.1&nbsp;Download&nbsp;LIDS&nbsp;patch&nbsp;and&nbsp;coresponsive&nbsp;<BR>official&nbsp;linux&nbsp;kernel&nbsp;<BR>&nbsp;<BR>You&nbsp;can&nbsp;download&nbsp;lids&nbsp;patch&nbsp;from&nbsp;LIDS&nbsp;Home&nbsp;and&nbsp;LIDS&nbsp;Ftp&nbsp;Home&nbsp;and&nbsp;other&nbsp;<BR>mirror&nbsp;of&nbsp;LIDS&nbsp;around&nbsp;the&nbsp;world,&nbsp;check&nbsp;LIDS&nbsp;Mirror&nbsp;for&nbsp;the&nbsp;nearby&nbsp;mirror&nbsp;<BR>site.&nbsp;&nbsp;<BR>&nbsp;<BR>The&nbsp;patch&nbsp;name&nbsp;will&nbsp;be&nbsp;lids-x.xx-y.y.y.tar.gz,&nbsp;x.xx&nbsp;represents&nbsp;the&nbsp;lids&nbsp;<BR>version&nbsp;and&nbsp;the&nbsp;y.y.y&nbsp;represents&nbsp;the&nbsp;linux&nbsp;kernel&nbsp;version.&nbsp;&nbsp;<BR>&nbsp;<BR>You&nbsp;should&nbsp;download&nbsp;the&nbsp;coresponsive&nbsp;kernel&nbsp;version.&nbsp;For&nbsp;example,&nbsp;if&nbsp;you&nbsp;<BR>download&nbsp;the&nbsp;lids-0.9pre4-2.2.14.tar.gz,&nbsp;you&nbsp;should&nbsp;download&nbsp;the&nbsp;linux&nbsp;<BR>kernel&nbsp;2.2.14&nbsp;source&nbsp;code.&nbsp;You&nbsp;can&nbsp;download&nbsp;the&nbsp;kernel&nbsp;source&nbsp;from&nbsp;Kernel&nbsp;<BR>FTP&nbsp;Site&nbsp;or&nbsp;other&nbsp;mirror&nbsp;site&nbsp;of&nbsp;it.&nbsp;&nbsp;<BR>&nbsp;<BR>&nbsp;<BR>&nbsp;<BR>&nbsp;<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;1.&nbsp;uncompress&nbsp;the&nbsp;linux&nbsp;kernel&nbsp;source&nbsp;code&nbsp;tree.&nbsp;<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;#&nbsp;cd&nbsp;linux_install_path&nbsp;&nbsp;<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;#&nbsp;bzip2&nbsp;-cd&nbsp;linux-2.2.14.tar.bz2&nbsp;|&nbsp;tar&nbsp;-xvf&nbsp;-&nbsp;&nbsp;<BR>&nbsp;<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;2.&nbsp;uncompress&nbsp;the&nbsp;lids&nbsp;source&nbsp;code.&nbsp;<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;#&nbsp;cd&nbsp;lids_install_path&nbsp;<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;#&nbsp;tar&nbsp;-zxvf&nbsp;lids-0.9pre4-2.2.14.tar.gz&nbsp;<BR>&nbsp;<BR>&nbsp;<BR>&nbsp;<BR>3.2&nbsp;Patch&nbsp;LIDS&nbsp;to&nbsp;official&nbsp;linux&nbsp;kernel&nbsp;<BR>&nbsp;<BR>After&nbsp;downloading&nbsp;the&nbsp;kernel&nbsp;source&nbsp;and&nbsp;lids,&nbsp;uncompress&nbsp;the&nbsp;source&nbsp;and&nbsp;<BR>lids.&nbsp;For&nbsp;example,&nbsp;if&nbsp;you&nbsp;download&nbsp;the&nbsp;lids-0.9pre4-2.2.14.tar.gz&nbsp;and&nbsp;<BR>linux-2.2.14.tar.bz2,&nbsp;then,&nbsp;&nbsp;<BR>&nbsp;<BR>&nbsp;<BR>&nbsp;<BR>&nbsp;<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;3.&nbsp;patch&nbsp;the&nbsp;lids&nbsp;to&nbsp;the&nbsp;linux&nbsp;kernel&nbsp;source&nbsp;code.&nbsp;<BR>&nbsp;<BR>
12 3 下一页
💿 文件大小 9792 K
👤 上传用户 cenxudong4
📂 所属分类 Linux/Unix编程
🏷️ 相关标签

#linux
⌨️ 快捷键说明

复制代码 Ctrl + C
搜索代码 Ctrl + F
全屏模式 F11
切换主题 Ctrl + Shift + D
显示快捷键 ?
增大字号 Ctrl + =
减小字号 Ctrl + -