lids-1.1.1r2-2.4.18.patch

关于LINUX安全内核的源代码

+		}
 	}
 	regs->eflags = (regs->eflags & 0xffffcfff) | (level << 12);
 	return 0;
diff -Nru linux-2.4.18-ori/arch/i386/kernel/ptrace.c linux-2.4.18-lids-1.1.1r2/arch/i386/kernel/ptrace.c
--- linux-2.4.18-ori/arch/i386/kernel/ptrace.c	Wed Nov 21 19:42:41 2001
+++ linux-2.4.18-lids-1.1.1r2/arch/i386/kernel/ptrace.c	Thu Apr 11 18:02:44 2002
@@ -153,6 +153,14 @@
 	struct user * dummy = NULL;
 	int i, ret;
 
+#ifdef CONFIG_LIDS
+	if (!capable(CAP_SYS_PTRACE)) {
+		lids_security_alert("CAP_SYS_PTRACE violation: try to trace pid %ld",pid);
+		return -EPERM;
+	}
+#endif
+
+
 	lock_kernel();
 	ret = -EPERM;
 	if (request == PTRACE_TRACEME) {
diff -Nru linux-2.4.18-ori/arch/i386/kernel/vm86.c linux-2.4.18-lids-1.1.1r2/arch/i386/kernel/vm86.c
--- linux-2.4.18-ori/arch/i386/kernel/vm86.c	Mon Feb 25 20:37:53 2002
+++ linux-2.4.18-lids-1.1.1r2/arch/i386/kernel/vm86.c	Thu Apr 11 18:02:44 2002
@@ -662,7 +662,12 @@
 			int sig = irqnumber >> 8;
 			int irq = irqnumber & 255;
 			handle_irq_zombies();
-			if (!capable(CAP_SYS_ADMIN)) return -EPERM;
+			if (!capable(CAP_SYS_ADMIN)) {
+#ifdef CONFIG_LIDS
+				lids_security_alert("CAP_SYS_ADMIN violation: try to request IRQ %d",irqnumber);
+#endif
+				return -EPERM;
+			}
 			if (!((1 << sig) & ALLOWED_SIGS)) return -EPERM;
 			if ( (irq<3) || (irq>15) ) return -EPERM;
 			if (vm86_irqs[irq].tsk) return -EPERM;
diff -Nru linux-2.4.18-ori/arch/ia64/config.in linux-2.4.18-lids-1.1.1r2/arch/ia64/config.in
--- linux-2.4.18-ori/arch/ia64/config.in	Fri Nov  9 23:26:17 2001
+++ linux-2.4.18-lids-1.1.1r2/arch/ia64/config.in	Thu Apr 11 18:02:44 2002
@@ -276,3 +276,4 @@
 fi
 
 endmenu
+source kernel/Config.in
diff -Nru linux-2.4.18-ori/arch/ia64/defconfig linux-2.4.18-lids-1.1.1r2/arch/ia64/defconfig
--- linux-2.4.18-ori/arch/ia64/defconfig	Fri Nov  9 23:26:17 2001
+++ linux-2.4.18-lids-1.1.1r2/arch/ia64/defconfig	Thu Apr 11 18:02:44 2002
@@ -878,3 +878,18 @@
 # CONFIG_DEBUG_SPINLOCK is not set
 # CONFIG_IA64_DEBUG_CMPXCHG is not set
 # CONFIG_IA64_DEBUG_IRQ is not set
+
+#
+# Linux Intrusion Detection System
+#
+# CONFIG_LIDS is not set
+
+
+#
+# LIDS features
+#
+CONFIG_LIDS_NO_FLOOD_LOG=y
+CONFIG_LIDS_RELOAD_CONF=y
+CONFIG_LIDS_ALLOW_SWITCH=y
+CONFIG_LIDS_PORT_SCAN_DETECTOR=y
+CONFIG_LIDS_MAIL_SCRIPT=y
diff -Nru linux-2.4.18-ori/arch/m68k/config.in linux-2.4.18-lids-1.1.1r2/arch/m68k/config.in
--- linux-2.4.18-ori/arch/m68k/config.in	Tue Jun 12 04:15:27 2001
+++ linux-2.4.18-lids-1.1.1r2/arch/m68k/config.in	Thu Apr 11 18:02:44 2002
@@ -546,3 +546,5 @@
 #bool 'Debug kmalloc/kfree' CONFIG_DEBUG_MALLOC
 bool 'Magic SysRq key' CONFIG_MAGIC_SYSRQ
 endmenu
+
+source kernel/Config.in
diff -Nru linux-2.4.18-ori/arch/m68k/defconfig linux-2.4.18-lids-1.1.1r2/arch/m68k/defconfig
--- linux-2.4.18-ori/arch/m68k/defconfig	Mon Jun 19 21:56:08 2000
+++ linux-2.4.18-lids-1.1.1r2/arch/m68k/defconfig	Thu Apr 11 18:02:44 2002
@@ -327,3 +327,18 @@
 # Kernel hacking
 #
 # CONFIG_MAGIC_SYSRQ is not set
+
+#
+# Linux Intrusion Detection System
+#
+# CONFIG_LIDS is not set
+
+
+#
+# LIDS features
+#
+CONFIG_LIDS_NO_FLOOD_LOG=y
+CONFIG_LIDS_RELOAD_CONF=y
+CONFIG_LIDS_ALLOW_SWITCH=y
+CONFIG_LIDS_PORT_SCAN_DETECTOR=y
+CONFIG_LIDS_MAIL_SCRIPT=y
diff -Nru linux-2.4.18-ori/arch/mips/config.in linux-2.4.18-lids-1.1.1r2/arch/mips/config.in
--- linux-2.4.18-ori/arch/mips/config.in	Mon Oct 15 22:41:34 2001
+++ linux-2.4.18-lids-1.1.1r2/arch/mips/config.in	Thu Apr 11 18:02:44 2002
@@ -520,3 +520,5 @@
    bool 'Run uncached' CONFIG_MIPS_UNCACHED
 fi
 endmenu
+
+source kernel/Config.in
diff -Nru linux-2.4.18-ori/arch/mips/defconfig linux-2.4.18-lids-1.1.1r2/arch/mips/defconfig
--- linux-2.4.18-ori/arch/mips/defconfig	Sun Sep  9 19:43:02 2001
+++ linux-2.4.18-lids-1.1.1r2/arch/mips/defconfig	Thu Apr 11 18:02:44 2002
@@ -641,3 +641,18 @@
 CONFIG_CROSSCOMPILE=y
 # CONFIG_MAGIC_SYSRQ is not set
 # CONFIG_MIPS_UNCACHED is not set
+
+#
+# Linux Intrusion Detection System
+#
+# CONFIG_LIDS is not set
+
+
+#
+# LIDS features
+#
+CONFIG_LIDS_NO_FLOOD_LOG=y
+CONFIG_LIDS_RELOAD_CONF=y
+CONFIG_LIDS_ALLOW_SWITCH=y
+CONFIG_LIDS_PORT_SCAN_DETECTOR=y
+CONFIG_LIDS_MAIL_SCRIPT=y
diff -Nru linux-2.4.18-ori/arch/mips64/config.in linux-2.4.18-lids-1.1.1r2/arch/mips64/config.in
--- linux-2.4.18-ori/arch/mips64/config.in	Sun Sep  9 19:43:02 2001
+++ linux-2.4.18-lids-1.1.1r2/arch/mips64/config.in	Thu Apr 11 18:02:44 2002
@@ -276,3 +276,4 @@
    bool 'Run uncached' CONFIG_MIPS_UNCACHED
 fi
 endmenu
+source kernel/Config.in
diff -Nru linux-2.4.18-ori/arch/mips64/defconfig linux-2.4.18-lids-1.1.1r2/arch/mips64/defconfig
--- linux-2.4.18-ori/arch/mips64/defconfig	Sun Sep  9 19:43:02 2001
+++ linux-2.4.18-lids-1.1.1r2/arch/mips64/defconfig	Thu Apr 11 18:02:44 2002
@@ -581,3 +581,18 @@
 CONFIG_CROSSCOMPILE=y
 # CONFIG_REMOTE_DEBUG is not set
 # CONFIG_MAGIC_SYSRQ is not set
+
+#
+# Linux Intrusion Detection System
+#
+# CONFIG_LIDS is not set
+
+
+#
+# LIDS features
+#
+CONFIG_LIDS_NO_FLOOD_LOG=y
+CONFIG_LIDS_RELOAD_CONF=y
+CONFIG_LIDS_ALLOW_SWITCH=y
+CONFIG_LIDS_PORT_SCAN_DETECTOR=y
+CONFIG_LIDS_MAIL_SCRIPT=y
diff -Nru linux-2.4.18-ori/arch/parisc/config.in linux-2.4.18-lids-1.1.1r2/arch/parisc/config.in
--- linux-2.4.18-ori/arch/parisc/config.in	Wed Apr 18 02:19:25 2001
+++ linux-2.4.18-lids-1.1.1r2/arch/parisc/config.in	Thu Apr 11 18:02:44 2002
@@ -207,4 +207,5 @@
 #bool 'Debug kmalloc/kfree' CONFIG_DEBUG_MALLOC
 bool 'Magic SysRq key' CONFIG_MAGIC_SYSRQ
 endmenu
+source kernel/Config.in
 
diff -Nru linux-2.4.18-ori/arch/parisc/defconfig linux-2.4.18-lids-1.1.1r2/arch/parisc/defconfig
--- linux-2.4.18-ori/arch/parisc/defconfig	Tue Dec  5 21:29:39 2000
+++ linux-2.4.18-lids-1.1.1r2/arch/parisc/defconfig	Thu Apr 11 18:02:44 2002
@@ -361,3 +361,18 @@
 # Kernel hacking
 #
 CONFIG_MAGIC_SYSRQ=y
+
+#
+# Linux Intrusion Detection System
+#
+# CONFIG_LIDS is not set
+
+
+#
+# LIDS features
+#
+CONFIG_LIDS_NO_FLOOD_LOG=y
+CONFIG_LIDS_RELOAD_CONF=y
+CONFIG_LIDS_ALLOW_SWITCH=y
+CONFIG_LIDS_PORT_SCAN_DETECTOR=y
+CONFIG_LIDS_MAIL_SCRIPT=y
diff -Nru linux-2.4.18-ori/arch/ppc/config.in linux-2.4.18-lids-1.1.1r2/arch/ppc/config.in
--- linux-2.4.18-ori/arch/ppc/config.in	Mon Feb 25 20:37:55 2002
+++ linux-2.4.18-lids-1.1.1r2/arch/ppc/config.in	Thu Apr 11 18:02:44 2002
@@ -400,3 +400,4 @@
 bool 'Include kgdb kernel debugger' CONFIG_KGDB
 bool 'Include xmon kernel debugger' CONFIG_XMON
 endmenu
+source kernel/Config.in
diff -Nru linux-2.4.18-ori/arch/ppc/defconfig linux-2.4.18-lids-1.1.1r2/arch/ppc/defconfig
--- linux-2.4.18-ori/arch/ppc/defconfig	Mon Feb 25 20:37:55 2002
+++ linux-2.4.18-lids-1.1.1r2/arch/ppc/defconfig	Thu Apr 11 18:02:44 2002
@@ -978,3 +978,18 @@
 CONFIG_MAGIC_SYSRQ=y
 # CONFIG_KGDB is not set
 CONFIG_XMON=y
+
+#
+# Linux Intrusion Detection System
+#
+# CONFIG_LIDS is not set
+
+
+#
+# LIDS features
+#
+CONFIG_LIDS_NO_FLOOD_LOG=y
+CONFIG_LIDS_RELOAD_CONF=y
+CONFIG_LIDS_ALLOW_SWITCH=y
+CONFIG_LIDS_PORT_SCAN_DETECTOR=y
+CONFIG_LIDS_MAIL_SCRIPT=y
diff -Nru linux-2.4.18-ori/arch/s390/config.in linux-2.4.18-lids-1.1.1r2/arch/s390/config.in
--- linux-2.4.18-ori/arch/s390/config.in	Mon Feb 25 20:37:56 2002
+++ linux-2.4.18-lids-1.1.1r2/arch/s390/config.in	Thu Apr 11 18:02:44 2002
@@ -73,3 +73,4 @@
 bool 'Magic SysRq key' CONFIG_MAGIC_SYSRQ
 endmenu
 
+source kernel/Config.in
diff -Nru linux-2.4.18-ori/arch/s390/defconfig linux-2.4.18-lids-1.1.1r2/arch/s390/defconfig
--- linux-2.4.18-ori/arch/s390/defconfig	Mon Feb 25 20:37:56 2002
+++ linux-2.4.18-lids-1.1.1r2/arch/s390/defconfig	Thu Apr 11 18:02:44 2002
@@ -270,3 +270,18 @@
 # Kernel hacking
 #
 CONFIG_MAGIC_SYSRQ=y
+
+#
+# Linux Intrusion Detection System
+#
+# CONFIG_LIDS is not set
+
+
+#
+# LIDS features
+#
+CONFIG_LIDS_NO_FLOOD_LOG=y
+CONFIG_LIDS_RELOAD_CONF=y
+CONFIG_LIDS_ALLOW_SWITCH=y
+CONFIG_LIDS_PORT_SCAN_DETECTOR=y
+CONFIG_LIDS_MAIL_SCRIPT=y
diff -Nru linux-2.4.18-ori/arch/s390x/defconfig linux-2.4.18-lids-1.1.1r2/arch/s390x/defconfig
--- linux-2.4.18-ori/arch/s390x/defconfig	Mon Feb 25 20:37:56 2002
+++ linux-2.4.18-lids-1.1.1r2/arch/s390x/defconfig	Thu Apr 11 18:02:44 2002
@@ -270,3 +270,18 @@
 # Kernel hacking
 #
 CONFIG_MAGIC_SYSRQ=y
+
+#
+# Linux Intrusion Detection System
+#
+# CONFIG_LIDS is not set
+
+
+#
+# LIDS features
+#
+CONFIG_LIDS_NO_FLOOD_LOG=y
+CONFIG_LIDS_RELOAD_CONF=y
+CONFIG_LIDS_ALLOW_SWITCH=y
+CONFIG_LIDS_PORT_SCAN_DETECTOR=y
+CONFIG_LIDS_MAIL_SCRIPT=y
diff -Nru linux-2.4.18-ori/arch/sh/config.in linux-2.4.18-lids-1.1.1r2/arch/sh/config.in
--- linux-2.4.18-ori/arch/sh/config.in	Mon Feb 25 20:37:56 2002
+++ linux-2.4.18-lids-1.1.1r2/arch/sh/config.in	Thu Apr 11 18:02:44 2002
@@ -386,3 +386,4 @@
    bool 'Early printk support' CONFIG_SH_EARLY_PRINTK
 fi
 endmenu
+source kernel/Config.in
diff -Nru linux-2.4.18-ori/arch/sh/defconfig linux-2.4.18-lids-1.1.1r2/arch/sh/defconfig
--- linux-2.4.18-ori/arch/sh/defconfig	Mon Oct 15 22:36:48 2001
+++ linux-2.4.18-lids-1.1.1r2/arch/sh/defconfig	Thu Apr 11 18:02:44 2002
@@ -202,3 +202,18 @@
 # CONFIG_MAGIC_SYSRQ is not set
 CONFIG_SH_STANDARD_BIOS=y
 CONFIG_SH_EARLY_PRINTK=y
+
+#
+# Linux Intrusion Detection System
+#
+# CONFIG_LIDS is not set
+
+
+#
+# LIDS features
+#
+CONFIG_LIDS_NO_FLOOD_LOG=y
+CONFIG_LIDS_RELOAD_CONF=y
+CONFIG_LIDS_ALLOW_SWITCH=y
+CONFIG_LIDS_PORT_SCAN_DETECTOR=y
+CONFIG_LIDS_MAIL_SCRIPT=y
diff -Nru linux-2.4.18-ori/arch/sparc/config.in linux-2.4.18-lids-1.1.1r2/arch/sparc/config.in
--- linux-2.4.18-ori/arch/sparc/config.in	Tue Jun 12 04:15:27 2001
+++ linux-2.4.18-lids-1.1.1r2/arch/sparc/config.in	Thu Apr 11 18:02:44 2002
@@ -266,3 +266,4 @@
 
 bool 'Magic SysRq key' CONFIG_MAGIC_SYSRQ
 endmenu
+source kernel/Config.in
diff -Nru linux-2.4.18-ori/arch/sparc/defconfig linux-2.4.18-lids-1.1.1r2/arch/sparc/defconfig
--- linux-2.4.18-ori/arch/sparc/defconfig	Mon Feb 25 20:37:56 2002
+++ linux-2.4.18-lids-1.1.1r2/arch/sparc/defconfig	Thu Apr 11 18:02:44 2002
@@ -404,3 +404,18 @@
 # Kernel hacking
 #
 # CONFIG_MAGIC_SYSRQ is not set
+
+#
+# Linux Intrusion Detection System
+#
+# CONFIG_LIDS is not set
+
+
+#
+# LIDS features
+#
+CONFIG_LIDS_NO_FLOOD_LOG=y
+CONFIG_LIDS_RELOAD_CONF=y
+CONFIG_LIDS_ALLOW_SWITCH=y
+CONFIG_LIDS_PORT_SCAN_DETECTOR=y
+CONFIG_LIDS_MAIL_SCRIPT=y
Binary files linux-2.4.18-ori/arch/sparc64/.defconfig.rej.swp and linux-2.4.18-lids-1.1.1r2/arch/sparc64/.defconfig.rej.swp differ
diff -Nru linux-2.4.18-ori/arch/sparc64/config.in linux-2.4.18-lids-1.1.1r2/arch/sparc64/config.in
--- linux-2.4.18-ori/arch/sparc64/config.in	Fri Dec 21 18:41:53 2001
+++ linux-2.4.18-lids-1.1.1r2/arch/sparc64/config.in	Thu Apr 11 18:02:44 2002
@@ -306,3 +306,5 @@
 fi
 
 endmenu
+
+source kernel/Config.in
diff -Nru linux-2.4.18-ori/arch/sparc64/defconfig linux-2.4.18-lids-1.1.1r2/arch/sparc64/defconfig
--- linux-2.4.18-ori/arch/sparc64/defconfig	Mon Feb 25 20:37:56 2002
+++ linux-2.4.18-lids-1.1.1r2/arch/sparc64/defconfig	Thu Apr 11 18:04:49 2002
@@ -869,3 +869,19 @@
 # CONFIG_DEBUG_SPINLOCK is not set
 # CONFIG_DEBUG_BUGVERBOSE is not set
 # CONFIG_DEBUG_DCFLUSH is not set
+
+#
+# Linux Intrusion Detection System
+#
+# CONFIG_LIDS is not set
+
+
+#
+# LIDS features
+#
+CONFIG_LIDS_NO_FLOOD_LOG=y
+CONFIG_LIDS_RELOAD_CONF=y
+CONFIG_LIDS_ALLOW_SWITCH=y
+CONFIG_LIDS_PORT_SCAN_DETECTOR=y
+CONFIG_LIDS_MAIL_SCRIPT=y
+
diff -Nru linux-2.4.18-ori/fs/buffer.c linux-2.4.18-lids-1.1.1r2/fs/buffer.c
--- linux-2.4.18-ori/fs/buffer.c	Mon Feb 25 20:38:08 2002
+++ linux-2.4.18-lids-1.1.1r2/fs/buffer.c	Thu Apr 11 18:02:44 2002
@@ -2873,8 +2873,12 @@
 
 asmlinkage long sys_bdflush(int func, long data)
 {
-	if (!capable(CAP_SYS_ADMIN))
+	if (!capable(CAP_SYS_ADMIN)) {
+#ifdef CONFIG_LIDS        
+		lids_security_alert("CAP_SYS_ADMIN violation: Attempt to use sys_bdflush");
+#endif
 		return -EPERM;
+	}
 
 	if (func == 1) {
 		/* do_exit directly and let kupdate to do its work alone. */
diff -Nru linux-2.4.18-ori/fs/dcache.c linux-2.4.18-lids-1.1.1r2/fs/dcache.c
--- linux-2.4.18-ori/fs/dcache.c	Mon Feb 25 20:38:08 2002
+++ linux-2.4.18-lids-1.1.1r2/fs/dcache.c	Thu Apr 11 18:02:44 2002
@@ -71,6 +71,7 @@
  * d_iput() operation if defined.
  * Called with dcache_lock held, drops it.
  */
+
 static inline void dentry_iput(struct dentry * dentry)
 {
 	struct inode *inode = dentry->d_inode;
diff -Nru linux-2.4.18-ori/fs/dquot.c linux-2.4.18-lids-1.1.1r2/fs/dquot.c
--- linux-2.4.18-ori/fs/dquot.c	Thu Nov 22 19:38:31 2001
+++ linux-2.4.18-lids-1.1.1r2/fs/dquot.c	Thu Apr 11 18:02:44 2002
@@ -1408,8 +1408,15 @@
 				goto out;
 			break;
 		default:
-			if (!capable(CAP_SYS_ADMIN))
+			if (!capable(CAP_SYS_ADMIN)) {
+#ifdef CONFIG_LIDS
+				if (special != NULL)
+					lids_security_alert("CAP_SYS_ADMIN violation: diskquota on %s",special);
+				else
+					lids_security_alert("CAP_SYS_ADMIN violation: diskquota");
+#endif
 				goto out;
+			}
 	}
 
 	ret = -EINVAL;
diff -Nru linux-2.4.18-ori/fs/exec.c linux-2.4.18-lids-1.1.1r2/fs/exec.c
--- linux-2.4.18-ori/fs/exec.c	Fri Dec 21 18:41:55 2001
+++ linux-2.4.18-lids-1.1.1r2/fs/exec.c	Thu Apr 11 18:02:44 2002
@@ -48,6 +48,10 @@
 
 int core_uses_pid;
 
+#ifdef CONFIG_LIDS
+#include <linux/lids.h>
+#endif
+