Home
Main website
Display Sidebar
Hide Ads
Recent Changes
View Source:
LIDSNotes
Edit
PageHistory
Diff
Info
LikePages
These notes refer to the [Linux Intrusion Detection System|LIDS] !!Installation Instructions If you have no experience in installing a new Kernel please refer to the KernelNotes section. !Kernel 2.6.x Assumes the lids package is installed in /usr/src/lids-{version}-{kernel-version}, and the kernel source is installed to /usr/src/linux-{kernel-version}. The examples will assume kernel 2.6.0 and lids 2.0.3 for 2.6.0. * First ensure you have a working installtion of the 2.6.x kernel that you wish to add the LIDS patch to. * Patch the source of the 2.6.x kernel with the [LIDS] patch % cd /usr/src/linux-2.6.0 % patch -p1 < /usr/src/lids-2.0.3-2.6.0/lids-2.0.3-2.6.0.patch * Configure the lidstools package % cd /usr/src/lids-2.0.3-2.6.0/lidstools-0.5.1 % ./configure KERNEL_DIR=/usr/src/linux-2.6.0 * Install the lidstools package % make % make install * Enter your [LIDS] password (Don't forget this) * Configure the 2.6.x kernel (make config|menuconfig|xconfig) and enable [LIDS] % cd /usr/src/linux-2.6.0 % make menuconfig --> Security Options [[*] Enable Different Security Models < > Default Linux Capabilities --> Linux Intrusion Detection System <M> Linux Intrusion Detection System support (EXPERIMENTAL) * As with any kernel upgrade ensure you have a backup kernel that can be loaded in the event of a failure. * Build the new kernel % make all % make modules_install * Setup the [ACL]s for your [LIDS] installation (/etc/lids) % cd /etc/lids check the files: lids.ini, lids.net, lids.*.cap, lids.*.conf * Install the new kernel Don't forget to update your BootLoader (GRUB, LILO, or other) to be able to load the new kernel. * Test the kernel % reboot * Load the LIDS module % modprobe lids !!Installation Notes * When compiling the [LIDS] module, you cannot load it if the default linux capabilities security module is already loaded. !!Fedora Core 1 After having updated the Kernel you may encounter problems with certain processes when starting or shutting down your system. These problems will be relating to the mounting and unmounting of your partitions, and adjusting the clock. Most of these problems lie in /etc/rc.d/rc.sysinit. Here's a sample configuration used to setup your default LIDS values. !Problem - error writing to /var/log/dmesg rc.sysyinit:818: dmesg -s 131072 > /var/log/dmesg Either comment out the line which updates /var/log/dmesg in rc.sysinit, apply the patch to the dmesg source available [here|http://www.kernel.org/pub/linux/utils/util-linux/] (util-linux-XXX/sys-utils/dmesg.c) or allow bash to modify the file. (I opted for the dmesg patch - GerwinVanDeSteeg). rc.sysinit: dmesg -s 131072 -f /var/log/dmesg !Problem - writing to /var/log/ksyms* Just comment this out for now until a fix is found. !Problem - writing to /etc/mtab The way to do this is to replace the /etc/mtab file with a symbolic link to /proc/mounts. % rm -rf /etc/mtab % ln -sf /proc/mounts /etc/mtab And then going through your initialization scripts (rc.sysinit) and modifying all mount and umount commands and adding the "-n" option, which will tell mount to not update /etc/mtab. You may then also get errors about being unable to mount a filesystem due to it already being mounted. rc.sysinit:570: action $"Mounting local filesystems: " mount -a -t nonfs,smbfs,ncpfs -O no_netdev replace with rc.sysinit: action $"Mounting local filesystems: " mount -a -n -t nonfs,smbfs,ncpfs,sysfs,proc,devpts -O no_netdev !Problem - updating /etc/adjtime See sample configuration !Problem - turning of filesystem quota's on restart, cannot stat() /dev/root Solution not yet found. !!Usage * Refer to the documentation or the installation instructions provided with the lidstools source and lids patch. (ie. RTFM) ---- CategoryNotes
No page links to
LIDSNotes
.
