[prev in list] [next in list] [prev in thread] [next in thread]
List: lids-user
Subject: [lids] lids 0.9pre1 released!
From: Biondi Philippe biondi
Date: 2000-03-31 5:31:37
[Download RAW message or body]
Hi all,
I've at last reach my aim for 0.9pre1 (it has been more than one month
since the last release!)
It features :
-lidsadm says when the switch has failed
-For lidsadm, LIDS becomes LIDS_GLOBAL and LIDS_LOCAL becomes LIDS
-LIDS_LOCAL, now known as LIDS, isn't limited to four children anymore
-If the LIDS_LOCAL top process is killed, LIDS_LOCAL is switched on
This prevents a pid cycle attack, and if you log in, -LIDS, delog,
you don't have to log, +LIDS, -LIDS. Just log, -LIDS. (is that clear ?)
-The security alerts are now on only one line.
-Hidden process network connections are also hidden
-Send security alerts through network, directly from kernel :
* to send mail directly from kernel :
when configuring the kernel, choose the right options in the LIDS
section. Read the online help.
* to send the security alerts to a remote syslog :
Configure your remote syslog to accept remote connections.
Syslog will log every message it receive on port 53/udp.
When configuring the kernel :
- give port 53
- choose not to use the genric mailer.
- choose tcp socket type
- give "lids_syslog_script.c" for the connection script.
* You can use the lids_syslog_script on, say, port 2053, and
cat all the security alerts to a file, using netcat :
nc -ulp 2053 > /var/log/lids-machine-far-far-away.log
* to make your own remote logging procedure :
- invent a protocol
- code a server that speaks this protocol
- make a connection script (for more info, read
linux/kernel/lids_*_script.c)
- configure the kernel for lids to use your script,
give correct port/socket type/machine IP
- compile
The how-to will be updated soon, I hope.
Hope you'll enjoy!
Best regards, Phil.
--
Philippe Biondi
Systems administrator
Webmotion Inc.
http://www.webmotion.com
mailto:philippe.biondi
Fax. (613) 260-9545
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic