From: aleph1@securityfocus.com To: sectools@securityfocus.com Subject: Linux Intrusion Detection System 1.1.0 for 2.4.16 (2.4.x) Date: Thu, 27 Dec 2001 11:33:21 -0700 Linux Intrusion Detection System 1.1.0 for 2.4.16 (2.4.x) by Erik M<E5>nsson (http://freshmeat.net/users/goodbytes/) Sunday, December 23rd 2001 14:18 Security System :: Operating System Kernels :: Linux About: The Linux Intrusion Detection System (LIDS) is a patch which enhances the kernel's security by implementing a reference monitor and Mandatory Access Control (MAC). When it is in effect, chosen file access, all system/network administration operations, any capability use, raw device, memory, and I/O access can be made impossible even for root. You can define which programs can access specific files. It uses and extends the system capabilities bounding set to control the whole system and adds some network and filesystem security features to the kernel to enhance the security. You can finely tune the security protections online, hide sensitive processes, receive security alerts through the network, and more. Changes: lidsadm has been split into two parts, one for config files management and one for live administration. There are bugfixes for hidden files, a portscan detector, binding to ports under 1024, granting problems, and mknod lockups. The "-o /etc/lids -j DENY" rule has been hard coded. License: GNU General Public License (GPL) URL: http://freshmeat.net/projects/linuxintrusiondetectionsystem/ -- Elias Levy SecurityFocus http://www.securityfocus.com/ Si vis pacem, para bellum