Home PC Games Linux Windows Database Network Programming Server Mobile  
  Home \ Linux \ Configuring LIDS build Linux kernel security intrusion detection system     - Adding SSH to Github (Linux)

- Ubuntu 14.10 used ifconfig commands to manage your network configuration (Linux)

- How linux network security configuration (Linux)

- OpenCV 3.0 + Python 2.7 installation and testing under Ubuntu 14.04 (Linux)

- OGG-03510 Problem (Database)

- VMware Workstation virtual machine startup error: Could not open / dev / vmmon in CentOS 6 (Linux)

- Ubuntu file security removal tool (Linux)

- Linux Log (Linux)

- Oracle 11gr2 new APPEND_VALUES tips (Database)

- Use OpenSSL to generate a certificate detailed process (Linux)

- PuTTY Xming achieve the X11 forwarding ssh (Server)

- Java Set and List in the relationship and difference (Programming)

- The practical application of Oracle synonyms + dblink (Database)

- Generated characters using Java Videos (Programming)

- Encrypted with GnuPG signature to verify the authenticity and integrity of downloaded file (Linux)

- Linux System Getting Started Learning: Using yum to download the RPM package without installing (Linux)

- Linux group account deletion, and other related operations (Linux)

- Linux directory permissions to read and execute permissions difference (Linux)

- Big Data Common Glossary (Linux)

- Proficient in C / C ++ can also find a very good job (Programming)

  Configuring LIDS build Linux kernel security intrusion detection system
  Add Date : 2018-11-21      
  LIDS (Linux Intrusion detection system) is a Linux kernel patch and systems management staff lidsadm), it strengthened the Linux kernel. It implements a safe mode in the kernel - the core reference model and the Mandatory Access Control (command to enter control) mode. This paper will present LIDS features and how to use it to build a secure Linux system.


With the growing popularity of Linux interconnection line, more and more applications on an existing GNU / LINUX system security vulnerabilities are discovered. Many programs use a programmer carelessness, such as buffer overflow, format code attacks. When the system security by threatening programs, hackers to gain ROOT privileges, the whole system will be intruder control.

Since the code is open, we can get a lot of Linux applications desired original code, and according to our need to be modified. So the bug can be found easily and quickly repaired. But when the vulnerability was revealed, and the neglect of the system administrators to patch vulnerabilities, resulting in easily to the invasion, even worse, a hacker can get ROOT SHELL. Use of existing GNU / Linux system, he pleases. This is the LIDS want to solve the problem.

First look at what are the problems existing GNU / Linux system.

File system is not protected

System of many important documents, such as / bin / login, once the hacking, he can upload the modified login file instead of / bin / login, then he can not require any login name and password to login. This is often referred to as Trojan house.

Process is not protected

Processes running on the system for some system functions and services, such as HTTPD is a web server for remote clients to meet the needs of web. As a web server system, the process is not to protect their illegal termination is very important. But when the intruder gained ROOT permissions, we can not do anything.

Unprotected systems management

Many systems management, for example, loading / unloading, routing settings, firewall rules module, and can easily be modified if the user ID is 0. So when an intruder access to ROOT permissions, it becomes very safe.

Superuser (root) as a possible abuse of authority ROOT

He can do whatever they want, as ROOT he can even modify the existing permissions.

In summary, we found that the existing Linux system into the control mode is not enough to establish a secure Linux system. We must add a new pattern in the system to solve these problems. This is the LIDS to do.

LIDS features

Linux intrusion detection system is a Linux kernel patch and system administrator tool, it strengthened the core of security. It implements the reference monitor mode and Mandatory Access Control (command to enter control) in the kernel mode. When it works, select the file to enter, manage the operation of each system / network, any use of authority, raw device, mem and I / O will be able to enter the prohibited even for ROOT is the same. It uses and extends the functionality of the system, setting binding control over the entire system, add network security features and file system in the kernel, thus enhancing security. You can adjust online security protection, hide sensitive processes, receive security alerts via the network, and so on.

In short, LIDS provides protection, detection, response function, which is the LINUX kernel in safe mode can be achieved.


LIDS provides the following protection:

Hard disk protection on any type of important files and directories, including ROOT any person can not change. Protect important process can not be terminated to prevent illegal procedure RAW IO operation. Protect the hard disk, including MBR protection, and so on. You can protect sensitive system files to prevent unauthorized persons (including ROOT), and unauthorized program proceeds.


When someone scanning your host, LIDS can detect and report to the system administrator. LIDS can also detect any illegal rule to the process on the system.


When someone violate rules, LIDS will be illegal to record details of the operation by the LIDS protection system log file. LIDS can also log information reach your mailbox. LIDS can also turn off the dialogue with the user immediately.

To establish a secure Linux system

After reading the LIDS features, let's look at how to step by step to establish a secure system with LIDS. [Next]

LIDS patch download the official Linux kernel and related

From LIDS Home, LIDS Ftp Home or recent LIDS Mirror obtain LIDS patch and systems management tools.

Patch name is lids-x.xx-yyytar.gz, x.xx lids on behalf of the version, yyy on behalf of Linux kernel version, for example, lids-0.9.9-2.2.17.tar.gz representatives lids version is 0.9.9 and the related kernel version is 2.2.17 ..

Must download the kernel version. For example, you downloaded the lids-0.9.9-2.2.17.tar.gz, then you should download the Linux kernel 2.2.17 of the original code. You can get the kernel source code from Kernel FTP Site or other mirror.

Then, the kernel of the original code and LIDS tar decompression, for example, obtained from www.lids.org lids-0.9.9-2.2.17.tar.gz, get linux-2.2.17.tar from ftp.us.kernel.org after .bz2:... 1. uncompress the Linux kernel source code tree # cd linux_install_path / # bzip2 -cd linux-2.2.17.tar.bz2 tar -xvf -2 uncompress the lids source code and install the lidsadm tool # cd lids_install_path # tar -zxvf lids-0.9.8-2.2.17.tar.gz

LIDS patch to play on the official linux kernel, Linux kernel source code to play LIDS patch # cd linux_install_path / linux # patch -p1 / * link the default source path to lids patched version # rm -rf / usr / src / linux # ln - s linux_install_patch / linux / usr / src / linux

Configure the Linux kernel, and now, configuring Linux kernel, follow these steps to implement: Prompt for development and / or incomplete code / driversSysctl supportAfter that, you will find that a new item appear in the bottom of the configuration menu name "Linux Intrusion Detection System" . Entering this menu, turn the Linux Intrusion Detection System support (EXPERIMENTAL) (NEW).

After configuring LIDS kernel. Exit the configuration, compile the kernel. # Make dep # make clean # make bzImage # make modules # make modules_install

Installation on Linux systems LIDS and systems management tools, copy the bzImage to / boot /, edit /etc/lilo.conf. # Cp arch / i386 / boot / bzImage /boot/bzImage-lids-0.9.9-2.2.17/*build admin tools * / # cd lids-0.9.8-2.2.17 / lidsadm-0.9.8 / # make # make install # less /etc/lilo.confboot=/dev/hdamap=/boot/mapinstall=/boot/boot.bprompttimeout=50default=linuximage=/boot/vmlinuz-2.2.16-3label=linuxread-onlyroot=/dev /hda2image=/boot/bzImage-lids-0.9.9-2.2.17label=devread-onlyroot=/dev/hda2

Run / sbin / lilo to install the new kernel: # / sbin / lilo

LIDS system configuration

Before restarting, you must configure the lids system to meet your security needs. You can define the protected files, protected processes and so on.

By default, lidsadm will install the default configuration file to the / etc / lids /. You must be reconfigured according to their needs. First, you can update the default lids.conf the inode / dev value. # / Sbin / lidsadm -U

Reboot the system

After configuring Linux system to restart. When lilo appears, select loading the lids enable kernel. Then you will enter the wonderful world LIDS.

Package core

After the system starts, do not forget to use lidsadm package core, at the end of /etc/rc.local add the following command: # / sbin / lidsadm -I

Online Management

After the kernel package, your system is under the protection of LIDS. You can do some tests to verify if you want to change some configurations, for example, modify the permissions, you can enter a password online way to change the lids security level. # / Sbin / lidsadm -S - -LIDS

After changing the lids configuration attributes, such as lids.conf, lids.cap, you can reload with the following command in the kernel configuration file: # / sbin / lidsadm -S - + RELOAD_CONF

LIDS system configuration

LIDS configuration directory - "/etc/lids/".html
- How Mutt mail client to use cipher text password (Linux)
- Git version rollback (Linux)
- CentOS7 install MySQL 5.5 (Database)
- Android Application Development: Genymotion can not start solving (Linux)
- How do I upgrade to Ubuntu 15.04 (Beta) (Linux)
- How to limit network bandwidth usage in Linux (Linux)
- Ubuntu and Derivatives users install the latest KKEdit 0.0.31 (Linux)
- How to Disable Linux IPv6 (Linux)
- The first deployment of cross-platform operation Rafy record (Server)
- MySQL backup tool to back up mydumper (Database)
- Apache Tomcat integration and resin (Server)
- Solve the compatibility problem between Linux and Java at the source in bold font (Linux)
- MySQL import large amounts of data (Database)
- CentOS 6.6 install JDK7 (Linux)
- How to modify the Sublime in Tab four spaces (Linux)
- Ubuntu 15.10 How to install TeamViewer 11 (Linux)
- Getting Started with Linux: Learn how to install and access CentOS 7 Remote Desktop on a VPS (Server)
- Ubuntu 14.04 compile RT288x_SDK / toolchain / squashfs3.2-r2 Error (Linux)
- MySQL combination Git achieve differential backups can be used in the production environment (Database)
- Singleton (Linux)
  CopyRight 2002-2020 newfreesoft.com, All Rights Reserved.