'[lids] lids 0.9pre1 released!'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       lids-user
Subject:    [lids] lids 0.9pre1 released!
From:       Biondi Philippe biondi
Date:       2000-03-31 5:31:37
[Download RAW message or body]

Hi all,

I've at last reach my aim for 0.9pre1 (it has been more than one month
since the last release!)

It features :
-lidsadm says when the switch has failed
-For lidsadm, LIDS becomes LIDS_GLOBAL and LIDS_LOCAL becomes LIDS
-LIDS_LOCAL, now known as LIDS, isn't limited to four children anymore
-If the LIDS_LOCAL top process is killed, LIDS_LOCAL is switched on
 This prevents a pid cycle attack, and if you log in, -LIDS, delog,
 you don't have to log, +LIDS, -LIDS. Just log, -LIDS. (is that clear ?)
-The security alerts are now on only one line.
-Hidden process network connections are also hidden
-Send security alerts through network, directly from kernel :
 * to send mail directly from kernel :
   when configuring the kernel, choose the right options in the LIDS
   section. Read the online help.
 * to send the security alerts to a remote syslog :
   Configure your remote syslog to accept remote connections.
   Syslog will log every message it receive on port 53/udp.
   When configuring the kernel :
      - give port 53
      - choose not to use the genric mailer.
      - choose tcp socket type
      - give "lids_syslog_script.c" for the connection script.
 * You can use the lids_syslog_script on, say, port 2053, and
   cat all the security alerts to a file, using netcat :
   nc -ulp 2053 > /var/log/lids-machine-far-far-away.log
 * to make your own remote logging procedure :
    - invent a protocol
    - code a server that speaks this protocol
    - make a connection script (for more info, read 
      linux/kernel/lids_*_script.c)
    - configure the kernel for lids to use your script,
      give correct port/socket type/machine IP
    - compile

The how-to will be updated soon, I hope.

Hope you'll enjoy!

Best regards, Phil.

--
Philippe Biondi
Systems administrator
Webmotion Inc.
http://www.webmotion.com
mailto:philippe.biondi
Fax. (613) 260-9545

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic