6.4 testing


Reboot & Seal the kernel
        # modprobe lids
        # lidsadm -I
-- log --
Linux Intrusion Detection System 2.0.1pre1 started 
LIDS: Statistics: 10 objects, 21 source ACLS, 25 object ACLs,capability = 75d0cd1f

File protection
[root@lids /root]# cat /etc/shadow
cat: /etc/shadow: Operation not permitted
-- log --
LIDS: cat (dev 3:2 inode 80939) pid 4711 ppid 4683 uid/gid (0/0) on (pts) : Attempt to read (dev 3:2, ino 50891) 

[root@lids /bin]# touch abc
touch: abc: Operation not permitted
-- log --
LIDS: touch (dev 3:2 inode 80891) pid 4734 ppid 4636 uid/gid (0/0) on (pts) : Attempt to fchmod abc to mode 127440 

Modules protection
[root@lids /root]# rmmod lids
lids: Operation not permitted
-- log --
LIDS: insmod (dev 3:2 inode 84860) pid 4735 ppid 4636 uid/gid (0/0) on (pts) :  violated CAP_SYS_MODULE