These notes refer to the Linux Intrusion Detection System

Installation Instructions

If you have no experience in installing a new Kernel please refer to the KernelNotes section.

Kernel 2.6.x

Assumes the lids package is installed in /usr/src/lids-{version}-{kernel-version}, and the kernel source is installed to /usr/src/linux-{kernel-version}. The examples will assume kernel 2.6.0 and lids 2.0.3 for 2.6.0.

• First ensure you have a working installtion of the 2.6.x kernel that you wish to add the LIDS patch to.

• Patch the source of the 2.6.x kernel with the LIDS patch

  % cd /usr/src/linux-2.6.0 % patch -p1 < /usr/src/lids-2.0.3-2.6.0/lids-2.0.3-2.6.0.patch

• Configure the lidstools package

  % cd /usr/src/lids-2.0.3-2.6.0/lidstools-0.5.1 % ./configure KERNEL_DIR=/usr/src/linux-2.6.0

• Install the lidstools package

  % make % make install

• Enter your LIDS password (Don't forget this)

• Configure the 2.6.x kernel (make config|menuconfig|xconfig) and enable LIDS

  % cd /usr/src/linux-2.6.0 % make menuconfig

  --> Security Options

  [*? Enable Different Security Models < > Default Linux Capabilities --> Linux Intrusion Detection System

  <M> Linux Intrusion Detection System support (EXPERIMENTAL)

• As with any kernel upgrade ensure you have a backup kernel that can be loaded in the event of a failure.

• Build the new kernel

  % make all % make modules_install

• Setup the ACLs for your LIDS installation (/etc/lids)

  % cd /etc/lids

  check the files: lids.ini, lids.net, lids.*.cap, lids.*.conf

• Install the new kernel

  Don't forget to update your BootLoader (GRUB, LILO, or other) to be able to load the new kernel.

• Test the kernel

  % reboot

• Load the LIDS module

  % modprobe lids

Installation Notes

• When compiling the LIDS module, you cannot load it if the default linux capabilities security module is already loaded.

Usage

• Refer to the documentation or the installation instructions provided with the lidstools source and lids patch. (ie. RTFM)