20. LIDS Man Pages: lidsadm
This man page is an updated/corrected version of that which comes
with lidstools v2.2.7.
NAME
lidsadm - administration tool for the Linux Intrusion Detection System
SYNOPSIS
lidsadm -[S|I] -- [+|-][LIDS_FLAG] [...]
lidsadm -V
lidsadm -h
DESCRIPTION
lidsadm is an adminstration tool for the Linux Intrusion Detection System
(LIDS).
LIDS is a kernel patch to enhance the current Linux kernel. With LIDS, you can
protect important files, directories, and devices. You can also define ACLs
that restrict the access control on the entire system. For more information
about LIDS, please go to http://www.lids.org.
lidsadm is used to define ACLs and administer the LIDS protections online.
COMMANDS
Commands define the individual functions of the lidsadm utility. They cannot
be combined.
-S Change LIDS protections (requires your LIDS password).
-I Changes LIDS protections once without a password. This is used to "seal
the kernel" and to switch from the BOOT to the POSTBOOT acl_type.
-V Lets you view the current state of your LIDS system. (this needs to be
built in during compile time)
-v Shows the version of the lidsadm tool.
-h List the help.
LIDS_FLAG's
There are many flags you can set. They can be used to set or unset capabili-
ties but they can also switch your LIDS system on or off, or to switch into
different states.
AVAILABLE CAPABILITIES
The capabilities used in LIDS are shown below. You can use the name to enable
or disable the capability when sealing and switching. You can also grant the
capability to a program even if the capability is disabled globally on the
system.
.
.
For a list of AVAILABLE CAPABILITIES, see
Capabilities, above.
AVAILABLE FLAGS
These flags are used with the ADMIN option "-S".
LIDS_GLOBAL
Enable/disable LIDS system-wide.
RELOAD_CONF
Reload config files and inode/dev numbers of special programs.
LIDS Enable/disable LIDS locally (the shell & childs). This is known as a
LIDS free session (LFS).
ACL_DISCOVERY
Enable/disable LIDS ACL Discovery Mode. When this mode is turned on, if
something violates the rules, LIDS will not prevent the action and
print out a rule that you can use in future ACLs. SHUTDOWN Switch to
"SHUTDOWN" State.
EXAMPLES
Here are some examples of using lidsadm.
.
.
For a list of EXAMPLES, see Command-Lind
Tools, above.
OTHER SOURCES OF INFORMATION.
Mailing List
To subscribe, unsubscribe, go to: http://lists.source-
forge.net/lists/listinfo/lids-user
To post a message to the list, send an e-mail to: lids-
user@lists.sourceforge.net
Current LIDS archive can be found at: http://www.geocrawler.com/redir-
sf.php3?list=lids-user
An outdated searchable archive can be found at:
http://groups.yahoo.com/group/lids
LIDS FAQ
The LIDS FAQ is located at:
http://www.lids.org/lids-faq.lids-faq.html
or
http://www.roedie.nl/lids-faq/
BUGS
Any bugs found with LIDS itself should be sent to Xie, Phil, or the mailing
list (lids-user@lists.sourceforge.net). Please include your .config file used
to compile your kernel, and the lids.conf and lids.cap files located in
/etc/lids directory. Any errors found in this man page should be sent to
Sander Klein.
FILES
/etc/lids/lids.conf - LIDS configuration file.
/etc/lids/lids.cap - Defines the global capabilities.
/etc/lids/lids.net - Configuration file for e-mail alerts.
/etc/lids/lids.pw - Contains the encrypted LIDS password.
SEE ALSO
lidsconf(8)
AUTHORS
Huagang Xie <xie@lids.org>
Philippe Biondi <biondi@cartel-securite.fr>
Manpage written by Sander Klein <roedie@roedie.nl>
DISTRIBUTION
The newest version of LIDS can be obtained from http://www.lids.org/ or one of
it's mirrors. LIDS is (C) 1999-2004 by Huagang Xie(xie@lids.org).
About this document:
Produced from the SGML: /home/mc/public_html/_unix_security/_reml_grp/unix_sec_kernel_lids.reml
On: 19/5/2006 at 11:53:2
Options: reml2 -i noindex -l long -o html -p multiple