With the LIDS features, let's go and see how to build a secure system with LIDS step by step.
You can download lids patch and admin tool from LIDS Home and LIDS Ftp Home and other mirrors of LIDS around the world, check LIDS Mirror for the nearby mirror site.
The patch name will be lids-x.xx-y.y.y.tar.gz, x.xx represents the lids version and the y.y.y represents the Linux kernel version. For example, lids-0.9.9-2.2.17.tar.gz represent lids version 0.9.9 and the coresponsive kernel version is 2.2.17.
You should download the coresponsive kernel version. For example, if you download the lids-0.9.9-2.2.17.tar.gz, you should download the Linux kernel 2.2.17 source code. You can download the kernel source from Kernel FTP Site or other mirror sites.
And then, you need to uncompress the kernel source and LIDS tar-ball.For example, you have get lids-0.9.9-2.2.17.tar.gz from www.lids.org and linux-2.2.17.tar.bz2 from ftp.us.kernel.org.
1. uncompress the Linux kernel source code tree.
# cd linux_install_path/
# bzip2 -cd linux-2.2.17.tar.bz2 | tar -xvf -
2. uncompress the lids source code and install the lidsadm tool.
# cd lids_install_path
# tar -zxvf lids-0.9.8-2.2.17.tar.gz
3. patch the lids to the Linux kernel source code.
# cd linux_install_path/linux
# patch -p1 </lids_install_path/lids-0.9pre4-2.2.14.patch
/* link the default source path to lids patched version
# rm -rf /usr/src/linux
# ln -s linux_install_patch/linux /usr/src/linux
4. configure the Linux kernel
# cd linux
# make menuconfig or make xconfig
[*] Prompt for development and/or incomplete code/drivers
[*] Sysctl support
After that, you will find that a new item appear in the bottom of the configuration menu name "Linux Intrusion Detection System". Entering this menu, turn the
[*] Linux Intrusion Detection System support (EXPERIMENTAL) (NEW).
# make dep
# make clean
# make bzImage
# make modules
# make modules_install
4. copy the bzImage to /boot/ and edit the /etc/lilo.conf
# cp arch/i386/boot/bzImage /boot/bzImage-lids-0.9.9-2.2.17
/* build admin tools */
# cd lids-0.9.8-2.2.17/lidsadm-0.9.8/
# make
# make install
# less /etc/lilo.conf
boot=/dev/hda
map=/boot/map
install=/boot/boot.b
prompt
timeout=50
default=linux
image=/boot/vmlinuz-2.2.16-3
label=linux
read-only
root=/dev/hda2
image=/boot/bzImage-lids-0.9.9-2.2.17
label=dev
read-only
root=/dev/hda2
5 running /sbin/lilo to install the new kernel.
# /sbin/lilo
Now before reboot, you must configure you lids system to meet you security need. You can define protected files, protected process,etc.
By default, the lidsadm will install the default configuration files in /etc/lids/. You must reconfig it with your need. First of all, you can update the inode/dev value of the default lids.conf by.
# /sbin/lidsadm -U
In the next chapter, we will show you the details about this topic.
After you configure the Linux system, reboot your system. When lilo appear, select the lids enable kernel to load. After then, you will enter the wonderful world of LIDS.
After your system boots up, do not forget to seal the kernel with lidsadm, you can put the command in latest line of /etc/rc.local.
# /sbin/lidsadm -I
You can check the LIDS HOWTO to view the details meaning of each options of lidsadm.
After you seal the kernel, your system is now protected by LIDS. You can do some test on it. If you want to change some configuration, such as modify the capability option, you can change your lids security level online by providing a password.
# /sbin/lidsadm -S -- -LIDS
# /sbin/lidsadm -S -- +RELOAD_CONF