LIDS FAQ

Steve Bremer, steve@clublinux.org

1. Introduction to LIDS

• 1.1 What is LIDS?
• 1.2 Why use LIDS?
• 1.3 Where can I obtain LIDS?
• 1.4 Which versions of the Linux kernel are supported?
• 1.5 Is there a LIDS mailing list?
• 1.6 What about an archive?
• 1.7 Copyright & Disclaimer
• 1.8 Feedback
• 1.9 Credit
• 1.10 To Do
• 1.11 Change Log

2. Installing LIDS

• 2.1 How do I apply the LIDS kernel patch?
• 2.2 How do I install the LIDS administration utility lidsadm?
• 2.3 What next?

3. lidsadm

• 3.1 What is lidsadm?
• 3.2 What options are available for lidsadm?
• 3.3 Gee, thanks. What are all these options?

4. LIDS Administration

• 4.1 How do I set my LIDS password?
• 4.2 How do I change my LIDS password once it is set?
• 4.3 What is a LIDS free session and how do I create one?
• 4.4 I created a LIDS free session, but LIDS still appears to be active! What's wrong?
• 4.5 How do I tell LIDS to reload it's configuration files?
• 4.6 Help!!! My system is totally unusable! What do I do?
• 4.7 I've updated/moved a system binary. How do I tell LIDS that the file changed/moved?
• 4.8 OK, without rebooting, how do I disable LIDS all together?
• 4.9 What does it mean to "seal the kernel"?
• 4.10 How do I view the status of my LIDS system?
• 4.11 How do I configure the port scan detector in LIDS?
• 4.12 What are the subject and object in a LIDS ACL?

5. Configuring LIDS

• 5.1 How do I protect a file as read only?
• 5.2 OK, so how do a protect a directory as read only?
• 5.3 How can I hide a file/directory from everyone?
• 5.4 How can I protect log files so they can only be appended to?
• 5.5 If nothing is allowed to read my /etc/shadow file, how can I authenticate myself to the system?
• 5.6 If I protect /etc as read only, how will mount be able to write to /etc/mtab?
• 5.7 LIDS complains that it can't write to my modules.dep file during startup. What's wrong?
• 5.8 If I protect my logs as append only, how will logrotate rotate my logs?
• 5.9 Why can't I just give my log rotation utility write access to the directory containing my log files so it can rotate them?
• 5.10 When LIDS is active, my file systems won't unmount during shutdown. What do I do?
• 5.11 Why can't I start a service that runs on a privileged port as root?
• 5.12 Why can't I start a service that runs on a privileged port from a LFS?
• 5.13 How do I disable/enable capabilities?
• 5.14 Why won't the X Window System work with LIDS enabled?
• 5.15 With all of these ACLs, how can I possibly keep track of my configuration?
• 5.16 I can't see my /etc/lids directory when LIDS is enabled. What's going on?
• 5.17 How can I give init write access to /etc/initrunlvl so LIDS doesn't complain about it during startup and shutdown?

6. Sample Configurations

• 6.1 Basic System Setup
• 6.2 Apache
• 6.3 qmail
• 6.4 dnscache & tinydns (djbdns)
• 6.5 Courier-imap
• 6.6 MySQL
• 6.7 OpenSSH
• 6.8 OpenLDAP (slapd)
• 6.9 Port Sentry

7. LIDS Technical

• 7.1 Will LIDS work with a file system other than ext2?
• 7.2 Will LIDS run on an SMP system?
• 7.3 Will LIDS coexist with Solar Designer's Openwall patch?
• 7.4 Will LIDS run on non-Intel hardware?
• 7.5 What is the difference between the 0.9.x and 1.0.x versions of LIDS?