Booting into your LIDS-enabled kernel you should see some LIDS-related messages in /var/log/messages (or similar, depending on your syslog configuration)...
Apr 18 16:11:00 pinback kernel: LIDS: Initializing sysctl Apr 18 16:11:00 pinback kernel: LIDS: Initializing LIDS ACLs Apr 18 16:11:00 pinback kernel: LIDS: user space is 32 bit Apr 18 16:11:00 pinback kernel: LIDS: lidsadm inode 0x9fb7 dev 0x3:a Apr 18 16:11:00 pinback kernel: LIDS: ACL Discovery: OFF, Effective \ Capability: 7fffffff, Total ACLs Count: 15 Apr 18 16:11:00 pinback kernel: LIDS: GLOBAL and BOOT state configuration \ files loaded Apr 18 16:11:00 pinback kernel: LIDS: Entering BOOT state Apr 18 16:11:00 pinback kernel: LIDS: Linux Intrusion Detection System \ 2.2.2 started
It's worth examining these messages line by line to see what's going on.
Immediately after booting the LIDS-enabled kernel is not yet fully functional: while LIDS File ACLs are enforced, LIDS Capability ACLs are not and the kernel is not "sealed" — modules may still be loaded or unloaded. To seal the kernel and enforce LIDS Capability ACLs issue the command
lidsadm -IIn /var/log/messages (or similar, depending on your syslog configuration) you will see
Apr 18 16:23:36 pinback kernel: LIDS: Initializing LIDS ACLs Apr 18 16:23:36 pinback kernel: LIDS: user space is 32 bit Apr 18 16:23:36 pinback kernel: LIDS: ACL Discovery: \ OFF, Effective Capability: 3684ce7f, Total ACLs Count: 14 Apr 18 16:23:36 pinback kernel: LIDS: Attaching ACLs to Processes Apr 18 16:23:36 pinback kernel: LIDS: GLOBAL and POSTBOOT state Config. \ files loaded Apr 18 16:23:36 pinback kernel: LIDS: Switching to POSTBOOT state
It's again worth examining these messages line by line to see what's going on — we omit those we have seen before (above).
...previous | up (conts) | next... |