● Linux Intrusion Detection System 0.6 release - 荔园在线 | 深圳大学学生论坛,荔园晨风BBS,深大在线网站

荔园之美，在春之萌芽，在夏之绽放，在秋之收获，在冬之沉淀

发信人: zzt (好好学习，天天向上), 信区: Linux
标  题: Linux Intrusion Detection System 0.6 release!!(转
发信站: BBS 荔园晨风站 (Fri Dec 10 23:16:06 1999), 转信

【以下文字转载自 zzt 的信箱】
【原文由 zhuzutao.bbs@bbs.net.tsinghua.edu.cn 所发表】
发信人: vertex (lancelord), 信区: Linux
标  题: Linux Intrusion Detection System 0.6 release!!(转
发信站: BBS 水木清华站 (Fri Dec 10 21:55:14 1999)

lids home ,
                http://www.soaring-bird.com.cn/oss_proj/lids/
mirrors:
                 http://www.lids.webmotion.net
                http://jane.swt.nu/lids/
                http://homer.wnet.it/lids/
                http://www.chorche.cz/mirrors/lids/
                http://www.chorche.cz/linux/ids.html
                http://www.soaring-bird.com.cn/oss_porj/lids/
                http://gem.ncic.ac.cn/~xhg/lids/
ftp mirrors:
                ftp://ftp.webmotion.net/pub/lids/
                ftp://ftp.lonyay.edu.hu/pub/mirrors/lids/

Linux Intrusion Detection System 0.6
   Xie Hua Gang - December 10th 1999, 05:42 EST

The Linux Intrusion Detection System is a Linux kernel patch to enhance
the Linux kernel's security. When it's in effect, no one (including root)
can change the protected files or directories nor their sub-directories,
and the protected append-only files can only be appended. It can prevent
loaded modules from being unloaded, mounted filesystems from
being unmounted and lauched processes from being killed and lauched IP
Firewall Rules from being change. It can also protect the hard disk's MBR
and disallow sniffing while the NIC is in promiscuous mode. You can also
turn the security protection on or off online.  You can hidden some
sensitive process and provent using ptrace on your system.

Changelog for 0.6

1999.12.10 release lids-0.6-2.2.13
    A total new design. bugfixed and add new features.

  - No modules and more flexible.

    * The basic behaviour (files/dir/dev selection...) remain the same.
    But what was modularized is now already in the kernel. To keep the
    "seal" concept (ie sealing modules/mounted devices/daemons at a given
    time) some sysctl have been created.

  -  Add Hide sensitive processes.
    * You can hide some procees with the giving program path in the kernel.

  -  Add IP firewall rules protection.
    * You can protect your ip firewall rules when the system runing.

  - ptrace system call lock.
    * prevent programs like gdb working.

  - control the lids from proc file system.
    * use echo 1 > /proc/sys/lids/xxxx to switch the lids protection on.

Welcome to http://www.soaring-bird.com.cn/oss_proj/lids/

--
※ 来源:·BBS 水木清华站 bbs.net.tsinghua.edu.cn·[FROM: 162.105.138.50]
--
※ 转载:·BBS 荔园晨风站 bbs.szu.edu.cn·[FROM: 192.168.1.11]

荔园在线首页友情链接：深圳大学深大招生荔园晨风BBS S-Term软件网络书店