Home IT Linux Windows Database Network Programming Server Mobile  
  Home \ Linux \ Configuring LIDS build Linux kernel security intrusion detection system     - Linux system server network security management tips (Linux)

- Oracle database file path changes (Database)

- Python script running in the background (Programming)

- Manager Docker browser (Server)

- Linux kernel source tree to establish load module hello (Linux)

- Timeout control related to Python threads and a simple application (Programming)

- MySQL partition table Comments (Database)

- VMware virtual machines to install virt-manager unable to connect to libvirt's approach (Linux)

- Ubuntu install Oracle 10g process and problem solution (Linux)

- C ++ Supplements - Virtual Function Principle (Programming)

- Linux modify environment variables method (Linux)

- Linux Getting Started tutorial: 3D effects and beautify your desktop (Linux)

- KVM add virtual disks (Linux)

- MySQL use benchmarking tool sysbench (Database)

- LAN in Ubuntu shared folders to Windows (Linux)

- Proficient in C / C ++ can also find a very good job (Programming)

- Java NIO2: Buffer (Programming)

- CentOS7 installation configuration (Server)

- rpm package specify the installation path (Linux)

- To share Linux script automatically change passwords (Linux)

  Configuring LIDS build Linux kernel security intrusion detection system
  Add Date : 2018-11-21      
  LIDS (Linux Intrusion detection system) is a Linux kernel patch and systems management staff lidsadm), it strengthened the Linux kernel. It implements a safe mode in the kernel - the core reference model and the Mandatory Access Control (command to enter control) mode. This paper will present LIDS features and how to use it to build a secure Linux system.


With the growing popularity of Linux interconnection line, more and more applications on an existing GNU / LINUX system security vulnerabilities are discovered. Many programs use a programmer carelessness, such as buffer overflow, format code attacks. When the system security by threatening programs, hackers to gain ROOT privileges, the whole system will be intruder control.

Since the code is open, we can get a lot of Linux applications desired original code, and according to our need to be modified. So the bug can be found easily and quickly repaired. But when the vulnerability was revealed, and the neglect of the system administrators to patch vulnerabilities, resulting in easily to the invasion, even worse, a hacker can get ROOT SHELL. Use of existing GNU / Linux system, he pleases. This is the LIDS want to solve the problem.

First look at what are the problems existing GNU / Linux system.

File system is not protected

System of many important documents, such as / bin / login, once the hacking, he can upload the modified login file instead of / bin / login, then he can not require any login name and password to login. This is often referred to as Trojan house.

Process is not protected

Processes running on the system for some system functions and services, such as HTTPD is a web server for remote clients to meet the needs of web. As a web server system, the process is not to protect their illegal termination is very important. But when the intruder gained ROOT permissions, we can not do anything.

Unprotected systems management

Many systems management, for example, loading / unloading, routing settings, firewall rules module, and can easily be modified if the user ID is 0. So when an intruder access to ROOT permissions, it becomes very safe.

Superuser (root) as a possible abuse of authority ROOT

He can do whatever they want, as ROOT he can even modify the existing permissions.

In summary, we found that the existing Linux system into the control mode is not enough to establish a secure Linux system. We must add a new pattern in the system to solve these problems. This is the LIDS to do.

LIDS features

Linux intrusion detection system is a Linux kernel patch and system administrator tool, it strengthened the core of security. It implements the reference monitor mode and Mandatory Access Control (command to enter control) in the kernel mode. When it works, select the file to enter, manage the operation of each system / network, any use of authority, raw device, mem and I / O will be able to enter the prohibited even for ROOT is the same. It uses and extends the functionality of the system, setting binding control over the entire system, add network security features and file system in the kernel, thus enhancing security. You can adjust online security protection, hide sensitive processes, receive security alerts via the network, and so on.

In short, LIDS provides protection, detection, response function, which is the LINUX kernel in safe mode can be achieved.


LIDS provides the following protection:

Hard disk protection on any type of important files and directories, including ROOT any person can not change. Protect important process can not be terminated to prevent illegal procedure RAW IO operation. Protect the hard disk, including MBR protection, and so on. You can protect sensitive system files to prevent unauthorized persons (including ROOT), and unauthorized program proceeds.


When someone scanning your host, LIDS can detect and report to the system administrator. LIDS can also detect any illegal rule to the process on the system.


When someone violate rules, LIDS will be illegal to record details of the operation by the LIDS protection system log file. LIDS can also log information reach your mailbox. LIDS can also turn off the dialogue with the user immediately.

To establish a secure Linux system

After reading the LIDS features, let's look at how to step by step to establish a secure system with LIDS. [Next]

LIDS patch download the official Linux kernel and related

From LIDS Home, LIDS Ftp Home or recent LIDS Mirror obtain LIDS patch and systems management tools.

Patch name is lids-x.xx-yyytar.gz, x.xx lids on behalf of the version, yyy on behalf of Linux kernel version, for example, lids-0.9.9-2.2.17.tar.gz representatives lids version is 0.9.9 and the related kernel version is 2.2.17 ..

Must download the kernel version. For example, you downloaded the lids-0.9.9-2.2.17.tar.gz, then you should download the Linux kernel 2.2.17 of the original code. You can get the kernel source code from Kernel FTP Site or other mirror.

Then, the kernel of the original code and LIDS tar decompression, for example, obtained from www.lids.org lids-0.9.9-2.2.17.tar.gz, get linux-2.2.17.tar from ftp.us.kernel.org after .bz2:... 1. uncompress the Linux kernel source code tree # cd linux_install_path / # bzip2 -cd linux-2.2.17.tar.bz2 tar -xvf -2 uncompress the lids source code and install the lidsadm tool # cd lids_install_path # tar -zxvf lids-0.9.8-2.2.17.tar.gz

LIDS patch to play on the official linux kernel, Linux kernel source code to play LIDS patch # cd linux_install_path / linux # patch -p1 / * link the default source path to lids patched version # rm -rf / usr / src / linux # ln - s linux_install_patch / linux / usr / src / linux

Configure the Linux kernel, and now, configuring Linux kernel, follow these steps to implement: Prompt for development and / or incomplete code / driversSysctl supportAfter that, you will find that a new item appear in the bottom of the configuration menu name "Linux Intrusion Detection System" . Entering this menu, turn the Linux Intrusion Detection System support (EXPERIMENTAL) (NEW).

After configuring LIDS kernel. Exit the configuration, compile the kernel. # Make dep # make clean # make bzImage # make modules # make modules_install

Installation on Linux systems LIDS and systems management tools, copy the bzImage to / boot /, edit /etc/lilo.conf. # Cp arch / i386 / boot / bzImage /boot/bzImage-lids-0.9.9-2.2.17/*build admin tools * / # cd lids-0.9.8-2.2.17 / lidsadm-0.9.8 / # make # make install # less /etc/lilo.confboot=/dev/hdamap=/boot/mapinstall=/boot/boot.bprompttimeout=50default=linuximage=/boot/vmlinuz-2.2.16-3label=linuxread-onlyroot=/dev /hda2image=/boot/bzImage-lids-0.9.9-2.2.17label=devread-onlyroot=/dev/hda2

Run / sbin / lilo to install the new kernel: # / sbin / lilo

LIDS system configuration

Before restarting, you must configure the lids system to meet your security needs. You can define the protected files, protected processes and so on.

By default, lidsadm will install the default configuration file to the / etc / lids /. You must be reconfigured according to their needs. First, you can update the default lids.conf the inode / dev value. # / Sbin / lidsadm -U

Reboot the system

After configuring Linux system to restart. When lilo appears, select loading the lids enable kernel. Then you will enter the wonderful world LIDS.

Package core

After the system starts, do not forget to use lidsadm package core, at the end of /etc/rc.local add the following command: # / sbin / lidsadm -I

Online Management

After the kernel package, your system is under the protection of LIDS. You can do some tests to verify if you want to change some configurations, for example, modify the permissions, you can enter a password online way to change the lids security level. # / Sbin / lidsadm -S - -LIDS

After changing the lids configuration attributes, such as lids.conf, lids.cap, you can reload with the following command in the kernel configuration file: # / sbin / lidsadm -S - + RELOAD_CONF

LIDS system configuration

LIDS configuration directory - "/etc/lids/".html
- Linux system security configuration (Linux)
- Linux kernel VLAN study notes (Programming)
- Oracle and MySQL5.6 DDL comparison (Database)
- Linux system started to learn: how to view the Linux thread of a process (Linux)
- You must ask yourself four questions before deploying Docker (Server)
- String JavaScript type system (Programming)
- OpenSSL for secure transmission and use of skills of files between Windows and Linux (Linux)
- Linux source code to install Apache and solutions to common errors (Server)
- LVM Disk Manager Application (Linux)
- How to download GOG games in Linux command line (Linux)
- Ubuntu 15.04 using the Eclipse 4.4, Java 8 and WTP (Linux)
- Rails 4.1.6 start being given Could not find a JavaScript runtime (Linux)
- To install the Ubuntu Touch emulator on Ubuntu (Linux)
- PHP security Programming Advice (Programming)
- Add a custom encryption algorithm in OpenSSL (Linux)
- 30 Practical Linux system administrators will learn the command (Linux)
- Linux installation beautify early experience (Linux)
- Compile and install Ubuntu Linux 4.0.5 kernel, network and fix vmware kernel module compilation error (Linux)
- netfilter- in kernel mode network packet operation (Linux)
- Normal start Lazarus 1.0.8 under Ubuntu (Linux)
  CopyRight 2002-2016 newfreesoft.com, All Rights Reserved.