lidsadm is the LIDS administration utility that you will use to configure LIDS to enhance your system security.
To get a list of the available options, enter the following:
# lidsadm -h
This will return the following output:
lidsadm v0.9 for Linux Intrusion Detection System
Xie Huagang<xhg@ncic.ac.cn>
Philippe Biondi <philippe.biondi@webmotion.net>
Usage: lidsadm -A [-s subject] -o object [-t] -j TARGET
lidsadm -D [-s file] [-o file]
lidsadm -Z
lidsadm -U
lidsadm -L
lidsadm -P
lidsadm -[S|I] -- [+|-][CAPABILITY|LIDS_FLAG] [...]
lidsadm -V
lidsadm -h
Commands:
-A To add an entry
-D To delete an entry
-Z To delete all entries
-U To update dev/inode numbers
-L To list all entries
-P To encrypt a password with RipeMD-160
-S To submit a password to switch some protections
-I To switch some protections without submitting password (sealing time)
-V To view current LIDS state (caps/flags)
-h To list this help
subject:
can be any program,must be file
object:
can be file,directory, or special device
such as MEM,HD,NET,IO,HIDDEN,KILL
TARGET:
READ read only
APPEND append only
WRITE writable
IGNORE ignore protection
INHERIT the ability to access the object can inherit
NO_INHERIT the ability can not be inherited.
TYPE:
-t the object is a special device
-d the object is a EXEC Domain
Available capabilities:
CAP_CHOWN chown(2)/chgrp(2)
CAP_DAC_OVERRIDE DAC access
CAP_DAC_READ_SEARCH DAC read
CAP_FOWNER owner ID not equal user ID
CAP_FSETID effective user ID not equal owner ID
CAP_KILL real/effective ID not equal process ID
CAP_SETGID setgid(2)
CAP_SETUID set*uid(2)
CAP_SETPCAP transfer capability
CAP_LINUX_IMMUTABLE immutable and append file attributes
CAP_NET_BIND_SERVICE binding to ports below 1024
CAP_NET_BROADCAST broadcasting/listening to multi-cast
CAP_NET_ADMIN interface/firewall/routing changes
CAP_NET_RAW raw sockets
CAP_IPC_LOCK locking of shared memory segments
CAP_IPC_OWNER IPC ownership checks
CAP_SYS_MODULE insertion and removal of kernel modules
CAP_SYS_RAWIO ioperm(2)/iopl(2) access
CAP_SYS_CHROOT chroot(2)
CAP_SYS_PTRACE ptrace(2)
CAP_SYS_PACCT configuration of process accounting
CAP_SYS_ADMIN tons of admin stuff
CAP_SYS_BOOT reboot(2)
CAP_SYS_NICE nice(2)
CAP_SYS_RESOURCE setting resource limits
CAP_SYS_TIME setting system time
CAP_SYS_TTY_CONFIG tty configuration
CAP_HIDDEN Hidden process
CAP_INIT_KILL Kill init children
Available flags:
LIDS_GLOBAL LIDS itself
RELOAD_CONF reload config. file and inode/dev of special programs
LIDS (de)activate LIDS locally (the shell & childs)
lidsadm has a syntax similar to IPCHAINS. Some of the command line switches are the same.
-A = Add a rule. -D = Delete a rule. -L = List all existing rules. -h = lidsadm help. -Z = Delete all existing rules. -U = Update the device/inode numbers of all files. -P = Create/update the LIDS password. -V = View current LIDS state (capabilities/flags). -S = Make changes to your LIDS enabled system (requires LIDS password set by option "-P"). -s = Specifies a subject file. -o = Specifies an object file. -j = Specifies a target. -t = Specifies that the object is capability and not a file or device. -I = Seals the kernel. Used at the end of the startup process.
lidsadm also uses "TARGETS" similar to ipchains. The following targets are allowed:
READ - Set access permissions to read only. APPEND - Set access permissions to append only(includes read access). WRITE - Set access permissions to read/write. IGNORE - Ignore any permissions set on this object. INHERIT - Children of this process will inherit this capability. NO_INHERIT - Children of this process will NOT inherit this capability.