Install guide for LIDS 2.2.X and above

This document will guide you through the installation of LIDS on an average
GNU/Linux system. There are some prerequisites before you can use LIDS. You
need to compile your own kernel. If you have never done this before please
read the Kernel-Build-Howto at
http://www.digitalhermit.com/linux/Kernel-Build-HOWTO.html.

- Building your kernel with LIDS support. -

1) 
Get the latest LIDS kernel patch tarball from www.lids.org or one of it's
mirrors and unpack it.

You will get a lids-a.b.c-x.y.z directory containing some documents and
a lids-a.b.c-x.y.z.patch.

The package name format is like: lids-a.b.c-x.y.z.tar.gz

a.b.c is the LIDS version en x.y.z is the kernel version.


2)
Get the corresponding vanilla kernel source from kernel.org and unpack it. It
is wise to get the latest LIDS version and choose the kernel accordingly.
Do *NOT* use a kernel source that is provided with your Linux distribution.
Those kernel sources are non-vanilla kernel sources which means they are
modified and there is a posibility that lids will not work correct on these
kernels or maybe you will even completely fail to apply the patch.

3)
Change directory to your kernel source and patch you kernel source with

$ patch -p1 < /path/to/lids-a.b.c-x.y.z.path

Keep an eye open for rejects. If everything goes okay you will see something
like:

patching file security/lids/include/linux/lidsif.h
patching file security/lids/include/linux/lidsext.h
patching file security/lids/include/linux/lids.h
patching file security/lids/include/linux/lids_sysctl.h
patching file security/lids/lids_lsm.c
patching file security/lids/lids_acl.c
patching file security/lids/lids_cap.c
patching file security/lids/lids_init.c
patching file security/lids/lids_logs.c
patching file security/lids/lids_sysctl.c
patching file security/lids/Kconfig
patching file security/lids/Makefile
patching file security/lids/Makefile.in
patching file security/Makefile
patching file security/Kconfig
patching file Makefile

and no errors. ;-)

4)
Configure your kernel using 'make menuconfig' or any of the other config
methods you are comfortable with.

Make sure you enable the following options:

At 'Code maturity level options' enable CONFIG_EXPERIMENTAL.

You also need the crypto API for LIDS to work so at Cryptographic options
select:

CONFIG_CRYPTO=y
CONFIG_CRYPTO_SHA256=y

At 'Security options' enable CONFIG_SECURITY. This will make the lids
configuration visible.

Do NOT select the CONFIG_SECURITY_CAPABILITIES and the CONFIG_SECURITY_SELINUX
options because LIDS cannot work with other LSM modules at the moment.

At LIDS support enable

CONFIG_LIDS=m or y
CONFIG_LIDS_NO_FLOOD_LOG=y
CONFIG_LIDS_ALLOW_SWITCH=y
CONFIG_LIDS_ALLOW_LFS=y
CONFIG_LIDS_RESTRICT_MODE_SWITCH=y
CONFIG_LIDS_MODE_SWITCH_CONSOLE=y
CONFIG_LIDS_MODE_SWITCH_SERIAL=y
CONFIG_LIDS_MODE_SWITCH_PTY=y

And make sure you select all the normal kernel options you need to get your
machine up and running ;-)

5)
Compile your kernel using 'make bzImage; make modules; make modules_install',
put the kernel in the right place and configure your system as described
in the Kernel-Build-Howto.


- Building the lidstools -

After you have made the kernel with lids support it is time to install the
userspace utilities 'lidsadm' and 'lidsconf'. These userspace utilities are
used to configure LIDS and do administrative tasks.

1)
Get the latest lidstools package from the LIDS website or one of it's mirrors
and unpack it.

The lidstools package has a version nummber like lidstools-a.b.c.tar.gz. The
'a' and 'b' numbers have to be the same as the numbers of the LIDS kernelpatch
you used earlier. For example, you have downloaded lids-2.2.2-2.6.14.tar.gz,
then you need a lidstools-2.2.x package. 

2)
Change directory to the lidstools-a.b.c directory.

3)
Build the lidstools using the following commands:

$ ./configure KERNEL_DIR=/path/to/patched/kernel-source'
$ make

and as root

# make install

The install script will now ask for a password. This password is used to switch
LIDS protection settings (like when you want to open a Lids Free Session) so
do NOT forget it. After this is done you can start configuring your ACL's
with the lidsconf utility and reboot into your lids kernel. You are encouraged
to flush the default rulebase LIDS installs.

After editing you rulebase do not forget to compile it using 'lidsconf -C',
else your rules will not be used. If you have some good rules to get a
program working you are encouraged to send them to the LIDS mailinglist or
publish them on the LIDS wiki.

---

You can find documentation about how to use LIDS in the doc/ directory or at
http://wiki.lids.org.

There's a mailinglist for LIDS available at <lids-user@lists.sourceforge.net>
where you can ask questions, report bugs and give suggestions about LIDS.

There is also a forum dedicated to lids at http://forum.lids.org where you
can post questions, bug reports and suggestions.


Enjoy LIDS

LIDS Development Team
