3 .\" Man page written by Sander Klein <roedie@roedie.nl> (May 2003)
4 .\" It is based on the original lidsadm page by Steve Bremer.
5 .\" TODO: I will think of something in the end...
7 .\" This program is free software; you can redistribute it and/or modify
8 .\" it under the terms of the GNU General Public License as published by
9 .\" the Free Software Foundation; either version 2 of the License, or
10 .\" (at your option) any later version.
12 .\" This program is distributed in the hope that it will be useful,
13 .\" but WITHOUT ANY WARRANTY; without even the implied warranty of
14 .\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 .\" GNU General Public License for more details.
17 .\" You should have received a copy of the GNU General Public License
18 .\" along with this program; if not, write to the Free Software
19 .\" Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
24 lidsadm \- administration tool for the Linux Intrusion Detection System
27 .B "lidsadm -[S|I] -- [+|-][LIDS_FLAG] [...]"
35 is a adminsitration tool for
36 .I Linux Intrusion Detection System (LIDS).
38 LIDS is a kernel patch to enhance the current Linux kernel. With LIDS, you can protect important files, directories, and devices. You can also define ACLs that restrict the access control on the entire system. For more information about LIDS, please go to
39 .I http://www.lids.org.
42 is used to define ACLs and administer the LIDS protections online.
45 Commands define the individual functions of the lidsadm utility. They cannot be combined.
48 Encrypt a LIDS password with RipeMD-160 (stored in lids.pw).
51 Change LIDS protections (requires your LIDS password).
54 Changes LIDS protections once without a password (used only to "seal the kernel").
57 Lets you view the current state of you LIDS system.
60 Shows the version of the lidsadm.
67 There are many flags you can set. They can be used to set or unset capabilities but they can also switch you LIDS system on or off.
69 .SH Available capabilities
70 The capabilities used in LIDS are shown below. You can use the name to enable or disable the capability when sealing and switching. You can also grant the capability to a program even if the capability is disabled globally on the system.
80 .B CAP_DAC_READ_SEARCH
84 Owner ID not equal user ID.
87 Effective user ID not equal owner ID.
90 Real/effective ID not equal process ID.
101 .B CAP_LINUX_IMMUTABLE
102 Immutable and append file attributes.
104 .B CAP_NET_BIND_SERVICE
105 Binding to ports below 1024.
108 Broadcasting/listening to multicast.
111 Interface/firewall/routing changes.
117 Locking of shared memory segments.
120 IPC ownership checks.
123 Insertion and removal of kernel modules.
126 ioperm(2)/iopl(2) access
135 Configuration of process accounting.
147 Setting resource limits.
152 .B CAP_SYS_TTY_CONFIG
156 Allow the privileged aspects of mknod().
159 Allow taking of leases on files.
162 Make a program hidden from the entire system.
164 .B CAP_KILL_PROTECTED
165 Allow/disallow a process to kill protected processes.
168 Protect the process from signals.
172 These flags are used with the ADMIN option "-S".
175 Enable/disable LIDS system-wide.
178 Reload config files and inode/dev numbers of special programs.
181 Enable/disable LIDS locally (the shell & childs). This is known as a LIDS free session (LFS).
184 Here are some examples of using lidsadm.
187 Seal the kernel with the default capabilities set in /etc/lids/lids.cap. You should edit that file by youself.
189 .B lidsadm -S -- -LIDS
190 Switch LIDS off in your current terminal session, we recomend you use this.
192 .B lidsadm -S -- -LIDS_GLOBAL
193 Switch LIDS off globally. Your system is no longer protected by LIDS.
195 .SH OTHER SOURCES OF INFORMATION.
198 To subscribe, unsubscribe, go to:
199 .I http://lists.sourceforge.net/lists/listinfo/lids-user
201 To post a message to the list, send an e-mail to:
202 .B lids-user@lists.sourceforge.net
204 Current LIDS archive can be found at:
205 .I http://www.geocrawler.com/redir-sf.php3?list=lids-user
207 An outdated searchable archive can be found at:
208 .I http://groups.yahoo.com/group/lids
212 The LIDS FAQ is located at:
214 .I http://www.lids.org/lids-faq.lids-faq.html
218 .I http://www.roedie.nl/lids-faq/
221 Any bugs found with LIDS itself should be sent to Xie, Phil, or the mailing list
222 .B (lids-user@lists.sourceforge.net).
223 Please include your .config file used to compile your kernel, and the lids.conf and lids.cap files located in /etc/lids directory. Any errors found in this man page should be sent to Sander Klein.
225 \fB/etc/lids/lids.conf\fR \- LIDS configuration file.
227 \fB/etc/lids/lids.cap\fR \- Defines the global capabilities.
229 \fB/etc/lids/lids.net\fR \- Configuration file for e-mail alerts.
231 \fB/etc/lids/lids.pw\fR \- Contains the encrypted LIDS password.
241 .I <biondi@cartel-securite.fr>
243 Manpage written by Sander Klein
244 .I <roedie@roedie.nl>
247 The newest version of
250 .I http://www.lids.org/
254 is (C) 1999-2003 by Huagang Xie(xie@lids.org).
255 .\" See the lidsconf (8) man page for some funny remarks...