LIDS (Linux intrusion detection system) is the Linux kernel patches and system management staff lidsadm), which strengthened the Linus kernel.
It in the kernel implements a security mode--reference mode and the kernel of MandatoryAccessControl (order entry control) mode. This article explains the functionality of the LIDS and how to use it to set up a secure Linux system. 1. Why choose LIDS with Internet Linux more and more popular, more and more existing GNU/LINUX system software security vulnerabilities are found. Many programs use the programmers of careless, such as buffer overflows, format code attacks. When the system security program jeopardize access to ROOT permissions, hacker, the entire system will be an intruder control. Because of the openness of the code, we can get a lot of hope Linux application of original code, and according to our need to modify. So the bug can be easily found and quickly repair. But when the vulnerability was revealed, while system administrators neglect to vulnerability patched, resulting in a very easily by intrusion, the worse the hacker could gain ROOTSHELL. Leverage existing GNU/Linux system, his own way. This is precisely the LIDS want to solve problems. First look at the existing GNU/Linux system which problems exist. File system is not affected by the protection system of many important documents such as/bin/login, once hackers, he can upload modified l ogin file instead of/bin/login, then he can do not need any login name and password to login to the system. This is often called Trojanhouse. Process is not protected processes running on the system is to some system features the services, such as HTTPD is a web server to respond to the remote client for Web needs. As a Web server system, to protect their process from being unlawful termination is very important. But when an intruder to gain ROOT privileges, but we are powerless. System management is not protected, many system management, for example, module loading/unloading, routing settings, firewall rules, can easily be modified, if a user's ID is 0. So when an intruder gain ROOT privileges, become unsafe. Super user (root) privileges as ROOT may abuse he can do whatever they want. He even as ROOT you can modify the existing permissions. To sum up, we found an existing Linux system into the control mode is not sufficient to establish a secure Linux system. We must add a new pattern to solve these problems. This is the LIDS have to do. 2.LIDS features Linux intrusion detection system is a Linux kernel patches and system administrator tool that reinforces the security of the kernel. It in the kernel implements a reference monitor mode and MandatoryAccessControl (order entry control) mode. When it comes into play, choose a file into each system/network management operations, any usage rights, rawdevice, mem and i/o into the ROOT can be prohibited even. It uses and extends the functionality of the system, in the entire system bound control settings, add the network in the kernel and the file system security features, thus strengthening security. You can adjust the security protection, hide sensitive process, through the network to accept the security warning, and so on. In short, the LIDS provide protection, detection and response capabilities to the Linux kernel in safe mode. 2.1 protection LIDS provides the following protection: protect your hard drive any type of important files and directories, including the ROOT can change. Protect important process is terminated to prevent illegal program RAWIO operation. Protect hard drive, including the protective MBR, etc. Protects sensitive files in the system to prevent unauthorized users (including ROOT) and is not authorized to enter the program. 2.2 reconnaissance when someone scanning your host, LIDS can detect and report the system administrator. LIDS also can detect any violation of the rules on the system. 2.3 response when someone violates the rule, the LIDS are illegal operation detail records to the protection of system log LIDS. LID S log information can also be transmitted to your mailbox. You can also close the LIDS and users at once. 3. establish a secure Linux system finished LIDS feature, let's take a look at how established with LIDS, step-by-step security system. 3.1 download LIDS patches and related official Linux kernel from LIDSHome, LIDSFtpHome or recent LIDSMirror access LIDS patches and system management tools. Patch name is representative of lids lids-x.xx-y.y.y.tar.gz, version x.xx, representative of the Linux kernel version y.y.y. for example, lids-0.9.9-2.2.17.tar.gz representative lids version 0.9.9 is as well as relevant kernel version is 2.2.17. 。 You must download the kernel version. For example, you download the lids-0.9.9-2.2.17.tar.gz, then you should download the Linux kernel 2.2.17 's original code. You can mirror from KernelFTPSite or other source code for the kernel. Then, the kernel of the original code and LIDStarUnzip. for example, to get from www.lids.org lids-0.9.9-2.2.17.ta r.gz, received from ftp.us kernel.org linux-2.2.17.tar.bz2:-----------------------------------------------------------1.uncompresstheLinuxkernelsourcecodetree. #cdlinux_install_pat/ #bzip2-cdlinux-2.2.17.tar.bz2|tar-xv - 2.uncompressthelidssourcecodeandinstallthelidsadmtool. # Cdlids_install_pat # tar-zxvflids-0.9.8-2.2.17.tar.gz-----------------------------------------------------------3.2 in official Linux kernel patch on the LIDS of the Linux kernel source code patch to play LIDS------------------------------------------------------------# cdlinux_install_path/linux # patc-p1/* linkthedefaultsourcepathtolidspatchedversion # rm-rf/usr/src/linux # ln-slinux_install_patch/linux/usr/src/linux 3.3 configuration of the Linux kernel-----------------------------------------------------------configuretheLinuxkernel # cdlinux # makemenuconfigormakexconig-----------------------------------------------------------now, configure the Linux kernel, follow these steps to implement: [*] Promptfordevelopmentand/orincompletecode/drivers [*] Sysctlsupport Afterthat, youwillfindthatanewitemappearinthebottomoftheconfigura tionmenuname "LinuxIntrusionDetectionSystem" .Enteringthismenu, turnte [*] LinuxIntrusionDetectionSystemsupport (EXPERIMENTAL) (NEW). After configuring the LIDS kernel. exit configuration interface, compile the kernel. # Makedep # makeclean # makebzImage # makemodules # makemodules_install 3.4 installed on a Linux system LIDS and system management tools replication bzImage to/boot/, edit/etc/lilo.con-----------------------------------------------------------# cparch/i386/boot/boot/bzImage/bzImage-lids-0.9.9-2.2.17/* buildadmintools */# cdlids-0.9.8-2.2.17/lidsadm-0.9.8/# make # makeinstall # less/etc/lilo.con boot =/dev/da map =/boot/map install =/boot/boot.b prompt timeout = 50 image = default = linux/boot/vmlinuz-2.2.16-3 read-only label = linux root =/dev/da2 image =/boot/bzImage-lids-0.9.9-2.2.17 label = dev read-only root =/dev/da2-----------------------------------------------------------run/sbin/lilo to install new kernel #/sbin/lilo 3.5 configuration LIDS system before the reboot, you must configure the lids system to meet your security needs, you can define a protected file, protected processes, etc. By default, the default configuration will be lidsadm files are installed to the/etc/lids/。 You have depending on their need to be reconfigured. First, you can update the default lids.conf inodes/dev value. #/Sbin/lidsadm-U 3.6 reboot the system when you finish configuring the Linux system, restart the. when lilo appears, select Mount thelidsenablekernel. Then, you will enter the wonderful world of LIDS. 3.7 package kernel system starts, don't forget to use lidsadm package kernel, in the final/etc/rc.local by adding the following command #/sbin/lidsadm-I 3.8 online management package after you finish the kernel, your system is under the protection of the LIDS. You can do some tests to verify that, if you want to change some configuration, such as modifying permissions, you can enter a password to change the way online lids security level. #/Sbin/lidsadm-S---LIDS change lids after the configuration attribute, for example lids.conf, lids.cap, you can use the following command in the kernel to reload configuration file #/sbin/lidsadm-S--+ RELOAD_CON 4. configure the LIDS system 4.1LIDS configuration directory--"/etc/lids/" install lidsadm, will produce a/etc/lids/lids configuration directory, when the kernel boots, configuration information is read into the kernel to initial
No comments:
Post a Comment