Quick install for 1.1 and 0.11 series for lazy people

• uncompress your archive
• ./configure KERNEL_DIR=xxxx where xxxx could be /usr/src/linux. The script will tell you what you forgot to do and how to do it.
• make
• make install
• Then you have to configure your kernel, compile it, install it and reboot

This text will guide you throught the installation of LIDS on an average Linux installation. You will need to patch your kernel to use LIDS. So first you need to get yourself the vanilla kernel source from www.kernel.org. Do not use any kernel source that is provided with your distribution because that one will most likely be patched. If you have never compiled your own kernel please read the Kernel-HOWTO on how to do that and experiment a bit before you start using LIDS.

• 1) Get the lids tar.gz file for your kernel and unpack it on your harddisk.You can get the LIDS package at http://www.lids.org or any of the mirrors. The package name is in the format:

          lids-a.b.c-x.y.z.tar.gz
  

  a.b.c is the LIDS version and x.y.z is the kernel version it's made for.
• 2) Patch your kernel with the LIDS patch. You can do this by changing to the linux kernel source dir (Usualy /usr/src/linux) and typing:

          patch -p1 < /path/to/LIDS-patch/lids-a.b.c-x.y.z.patch
  

  This will generate some output on your screen. If some of the hunks fail then something is wrong with you kernel source.
• 3) Make and Compile the patched kernel. You need to say 'Yes' to CONFIG_EXPERIMENTAL to use LIDS. Read the help if you don't understand what a LIDS option does. Do _NOT_ install the kernel and reboot your machine because this will not work.
• 4) Goto to the dir where you unpacked the LIDS package and run the configure script by typing:

          ./configure
  

  Read the help about any option you can pass to the configure script.
• 5) Compile the lidsadm and lidsconf utility by typing:

          make
  

• 6) Now you need to be root to install the utilities in /sbin. So as root type:

          make install
  

• 7) Pre-configuring LIDS
  • 1. Generate a LIDS password.

                    lidsconf -P
    

    This will ask you type you password two times.
  • 2. Edit the /etc/lids/lids.cap to enable/disable the capabilities you want to use with you LIDS system
  • 3. *OPTIONALY* edit /etc/lids/lids.net to define the network parameters for LIDS to send mail to you. This will ofcourse only work if you compiled CONFIG_LIDS_SA_THROUGH_NET in you kernel.
  • 4. Configure the LIDS ruleset with the lidsconf utility. You should read the LIDS-FAQ to get a nice basic setup to start with. The basic usage of the lidsconf utility can be read by using:

                    lidsconf -h
       

    You should actually read the complete FAQ right now because there are a lot of 'interesting' things in it that will prevent people from asking the same question over and over again.
  • 5. Modify your boot scripts to seal the kernel after booting with:

                    lidsadm -I
       

• 8) Install your kernel and do everything needed to let your system boot from it. Make sure you keep your old kernel so you can always boot back into a non-LIDS kernel.
• 9) Reboot your system with your freshly installed kernel and enjoy the protection of LIDS. If something goes really wrong you can boot your kernel with LIDS disabled by typing 'lids=0' at the boot prompt.

See the how-to for more detailed instructions. This is really a poor support :(