lids-faq.html

关于LINUX安全内核的源代码

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<HTML>
<HEAD>
 <META NAME="GENERATOR" CONTENT="SGML-Tools 1.0.9">
 <TITLE> LIDS FAQ</TITLE>
 <LINK HREF="LIDS-FAQ-1.html" REL=next>


</HEAD>
<BODY>
<A HREF="LIDS-FAQ-1.html">Next</A>
Previous
Contents
<HR>
<H1> LIDS FAQ</H1>

<H2>Steve Bremer, <CODE>
<A HREF="mailto:steve@clublinux.org">steve@clublinux.org</A></CODE></H2>v.13, May 20th, 2001
<P><HR>
<EM>This is the Linux Intrusion Detection System (LIDS) FAQ.</EM>
<HR>
<P>
<H2><A NAME="toc1">1.</A> <A HREF="LIDS-FAQ-1.html">Introduction to LIDS</A></H2>

<UL>
<LI><A HREF="LIDS-FAQ-1.html#ss1.1">1.1 What is LIDS?</A>
<LI><A HREF="LIDS-FAQ-1.html#ss1.2">1.2 Why use LIDS?</A>
<LI><A HREF="LIDS-FAQ-1.html#ss1.3">1.3 Where can I obtain LIDS?</A>
<LI><A HREF="LIDS-FAQ-1.html#ss1.4">1.4 Which versions of the Linux kernel are supported?</A>
<LI><A HREF="LIDS-FAQ-1.html#ss1.5">1.5 Is there a LIDS mailing list?</A>
<LI><A HREF="LIDS-FAQ-1.html#ss1.6">1.6 What about an archive?</A>
<LI><A HREF="LIDS-FAQ-1.html#ss1.7">1.7 Copyright &amp; Disclaimer</A>
<LI><A HREF="LIDS-FAQ-1.html#ss1.8">1.8 Feedback</A>
<LI><A HREF="LIDS-FAQ-1.html#ss1.9">1.9 Credit</A>
<LI><A HREF="LIDS-FAQ-1.html#ss1.10">1.10 To Do</A>
<LI><A HREF="LIDS-FAQ-1.html#ss1.11">1.11 Change Log</A>
</UL>
<P>
<H2><A NAME="toc2">2.</A> <A HREF="LIDS-FAQ-2.html">Installing LIDS</A></H2>

<UL>
<LI><A HREF="LIDS-FAQ-2.html#ss2.1">2.1 How do I apply the LIDS kernel patch?</A>
<LI><A HREF="LIDS-FAQ-2.html#ss2.2">2.2 How do I install the LIDS administration utility lidsadm?</A>
<LI><A HREF="LIDS-FAQ-2.html#ss2.3">2.3 What next?</A>
<LI><A HREF="LIDS-FAQ-2.html#ss2.4">2.4 When I try to compile lidsadm, gcc reports that lidstext.h doesn't exist.  How do I fix this problem?</A>
<LI><A HREF="LIDS-FAQ-2.html#ss2.5">2.5 When I <EM>upgraded</EM> to LIDS version 0.9.14, 0.9.15, 1.0.6, or 1.0.7 my system panics during reboot.  How do I fix it?</A>
</UL>
<P>
<H2><A NAME="toc3">3.</A> <A HREF="LIDS-FAQ-3.html">lidsadm</A></H2>

<UL>
<LI><A HREF="LIDS-FAQ-3.html#ss3.1">3.1 What is lidsadm?</A>
<LI><A HREF="LIDS-FAQ-3.html#ss3.2">3.2 What options are available for lidsadm?</A>
<LI><A HREF="LIDS-FAQ-3.html#ss3.3">3.3 Gee, thanks.  What are all these options?</A>
</UL>
<P>
<H2><A NAME="toc4">4.</A> <A HREF="LIDS-FAQ-4.html">LIDS Administration</A></H2>

<UL>
<LI><A HREF="LIDS-FAQ-4.html#ss4.1">4.1 How do I set my LIDS password?</A>
<LI><A HREF="LIDS-FAQ-4.html#ss4.2">4.2 How do I change my LIDS password once it is set?</A>
<LI><A HREF="LIDS-FAQ-4.html#ss4.3">4.3 What is a LIDS free session and how do I create one?</A>
<LI><A HREF="LIDS-FAQ-4.html#ss4.4">4.4 I created a LIDS free session, but LIDS still appears to be active!  What's wrong?</A>
<LI><A HREF="LIDS-FAQ-4.html#ss4.5">4.5 How do I tell LIDS to reload its configuration files?</A>
<LI><A HREF="LIDS-FAQ-4.html#ss4.6">4.6 Help!!! My system is totally unusable! What do I do?</A>
<LI><A HREF="LIDS-FAQ-4.html#ss4.7">4.7 I've updated/moved a system binary.  How do I tell LIDS that the file changed/moved?</A>
<LI><A HREF="LIDS-FAQ-4.html#ss4.8">4.8 OK, without rebooting, how do I completely disable LIDS?</A>
<LI><A HREF="LIDS-FAQ-4.html#ss4.9">4.9 What does it mean to "seal the kernel"?</A>
<LI><A HREF="LIDS-FAQ-4.html#ss4.10">4.10 How do I view the status of my LIDS system?</A>
<LI><A HREF="LIDS-FAQ-4.html#ss4.11">4.11 How do I configure the port scan detector in LIDS?</A>
<LI><A HREF="LIDS-FAQ-4.html#ss4.12">4.12 What are the subject and object in a LIDS ACL?</A>
<LI><A HREF="LIDS-FAQ-4.html#ss4.13">4.13 Can I enable/disable a system capability without modifying /etc/lids/lids.cap and reloading the configuration files?</A>
<LI><A HREF="LIDS-FAQ-4.html#ss4.14">4.14 I've reconfigured my LIDS ACLs, but my changes don't seem to take effect.  What's wrong?</A>
<LI><A HREF="LIDS-FAQ-4.html#ss4.15">4.15 Why won't lidsadm -L list my ACLs?</A>
<LI><A HREF="LIDS-FAQ-4.html#ss4.16">4.16 Is there anyway to reduce the number of LIDS violations that get reported on the console?</A>
<LI><A HREF="LIDS-FAQ-4.html#ss4.17">4.17 Should I be concerned about the LD_PRELOAD environment variable with LIDS?</A>
<LI><A HREF="LIDS-FAQ-4.html#ss4.18">4.18 When I boot up, the message "read password file error" appears.  How do I fix the problem?</A>
</UL>
<P>
<H2><A NAME="toc5">5.</A> <A HREF="LIDS-FAQ-5.html">Configuring LIDS</A></H2>

<UL>
<LI><A HREF="LIDS-FAQ-5.html#ss5.1">5.1 How do I protect a file as read only?</A>
<LI><A HREF="LIDS-FAQ-5.html#ss5.2">5.2 OK, so how do I protect a directory as read only?</A>
<LI><A HREF="LIDS-FAQ-5.html#ss5.3">5.3 How can I hide a file/directory from everyone?</A>
<LI><A HREF="LIDS-FAQ-5.html#ss5.4">5.4 How can I protect log files so they can only be appended to?</A>
<LI><A HREF="LIDS-FAQ-5.html#ss5.5">5.5 If nothing is allowed to read my /etc/shadow file, how can I authenticate myself to the system?</A>
<LI><A HREF="LIDS-FAQ-5.html#ss5.6">5.6 If I protect /etc as read only, how will mount be able to write to /etc/mtab?</A>
<LI><A HREF="LIDS-FAQ-5.html#ss5.7">5.7 LIDS complains that it can't write to my modules.dep file during startup.  What's wrong?</A>
<LI><A HREF="LIDS-FAQ-5.html#ss5.8">5.8 If I protect my logs as append only, how will logrotated rotate my logs?</A>
<LI><A HREF="LIDS-FAQ-5.html#ss5.9">5.9 Why can't I just give my log rotation utility write access to the directory containing my log files so it can rotate them?</A>
<LI><A HREF="LIDS-FAQ-5.html#ss5.10">5.10 When LIDS is active, my file systems won't unmount during shutdown.  What do I do?</A>
<LI><A HREF="LIDS-FAQ-5.html#ss5.11">5.11 Why can't I start a service that runs on a privileged port as root?</A>
<LI><A HREF="LIDS-FAQ-5.html#ss5.12">5.12 Why can't I start a service that runs on a privileged port from an LFS?</A>
<LI><A HREF="LIDS-FAQ-5.html#ss5.13">5.13 How do I disable/enable capabilities?</A>
<LI><A HREF="LIDS-FAQ-5.html#ss5.14">5.14 Why won't the X Window System work with LIDS enabled?</A>
<LI><A HREF="LIDS-FAQ-5.html#ss5.15">5.15 With all of these ACLs, how can I possibly keep track of my configuration?</A>
<LI><A HREF="LIDS-FAQ-5.html#ss5.16">5.16 I can't see my /etc/lids directory when LIDS is enabled.  What's going on?</A>
<LI><A HREF="LIDS-FAQ-5.html#ss5.17">5.17 How can I give init write access to /etc/initrunlvl so LIDS doesn't complain about it during startup and shutdown?</A>
<LI><A HREF="LIDS-FAQ-5.html#ss5.18">5.18 Can a process inherit file ACLs from its parent?</A>
<LI><A HREF="LIDS-FAQ-5.html#ss5.19">5.19 Help! I can't seem to get program xyz to work under LIDS.  How do I determine what files/capabilities it needs access to?</A>
<LI><A HREF="LIDS-FAQ-5.html#ss5.20">5.20 How do I give passwd the proper permissions to update the /etc/shadow file?</A>
<LI><A HREF="LIDS-FAQ-5.html#ss5.21">5.21 Why doesn't ssh or scp work when LIDS is enabled?</A>
<LI><A HREF="LIDS-FAQ-5.html#ss5.22">5.22 OpenSSH won't start at boot time.  LIDS reports that <CODE>bash</CODE> tried to access a hidden file.  How can I fix this?</A>
<LI><A HREF="LIDS-FAQ-5.html#ss5.23">5.23 Some of my file systems won't unmount at shutdown because I have hidden processes running.  How can I kill them?</A>
<LI><A HREF="LIDS-FAQ-5.html#ss5.24">5.24 I just want to start with a basic configuration.  Can you recommend a setup that will provide additional protection and still leave most of my system functioning as normal?</A>
</UL>
<P>
<H2><A NAME="toc6">6.</A> <A HREF="LIDS-FAQ-6.html">Configuring Security Alerts</A></H2>

<UL>
<LI><A HREF="LIDS-FAQ-6.html#ss6.1">6.1 Which kernel configuration options do I need to select in order to send security alerts through the network?</A>
<LI><A HREF="LIDS-FAQ-6.html#ss6.2">6.2 Where do I specify the mail server information and e-mail address to send the LIDS alerts to?</A>
<LI><A HREF="LIDS-FAQ-6.html#ss6.3">6.3 LIDS can't seem to deliver alerts to my qmail SMTP server.  Is there a fix for this?</A>
</UL>
<P>
<H2><A NAME="toc7">7.</A> <A HREF="LIDS-FAQ-7.html">Sample Configurations</A></H2>

<UL>
<LI><A HREF="LIDS-FAQ-7.html#ss7.1">7.1 Basic System Setup</A>
<LI><A HREF="LIDS-FAQ-7.html#ss7.2">7.2 Apache</A>
<LI><A HREF="LIDS-FAQ-7.html#ss7.3">7.3 qmail</A>
<LI><A HREF="LIDS-FAQ-7.html#ss7.4">7.4 dnscache &amp; tinydns (djbdns)</A>
<LI><A HREF="LIDS-FAQ-7.html#ss7.5">7.5 Courier-imap</A>
<LI><A HREF="LIDS-FAQ-7.html#ss7.6">7.6 MySQL</A>
<LI><A HREF="LIDS-FAQ-7.html#ss7.7">7.7 OpenSSH</A>
<LI><A HREF="LIDS-FAQ-7.html#ss7.8">7.8 OpenLDAP (slapd)</A>
<LI><A HREF="LIDS-FAQ-7.html#ss7.9">7.9 Port Sentry</A>
<LI><A HREF="LIDS-FAQ-7.html#ss7.10">7.10 Samba</A>
<LI><A HREF="LIDS-FAQ-7.html#ss7.11">7.11 Linux HA heartbeat</A>
</UL>
<P>
<H2><A NAME="toc8">8.</A> <A HREF="LIDS-FAQ-8.html">LIDS Technical</A></H2>

<UL>
<LI><A HREF="LIDS-FAQ-8.html#ss8.1">8.1 Will LIDS work with a file system other than ext2?</A>
<LI><A HREF="LIDS-FAQ-8.html#ss8.2">8.2 Will LIDS run on an SMP system?</A>
<LI><A HREF="LIDS-FAQ-8.html#ss8.3">8.3 Will LIDS coexist with Solar Designer's Openwall patch?</A>
<LI><A HREF="LIDS-FAQ-8.html#ss8.4">8.4 Will LIDS run on non-Intel hardware?</A>
<LI><A HREF="LIDS-FAQ-8.html#ss8.5">8.5 What is the difference between the 0.9.x and 1.0.x versions of LIDS?</A>
</UL>
<HR>
<A HREF="LIDS-FAQ-1.html">Next</A>
Previous
Contents
</BODY>
</HTML>