BBS水木清华站∶精华区

发信人: vertex (lancelord), 信区: Linux
标  题: Linux Intrusion Detection 0.4 released
发信站: BBS 水木清华站 (Fri Nov 19 21:56:40 1999)

Linux Intrusion Detection System 0.4 release
---------------------------------------

Linux Intrusion Detection System is a linux kernel patch
and modules to enhance the linux kernel security. It can
protect important files from being changed. When it's in
effect, no one (including root) can change the protected
files or directories and their sub-directories, and the
protected append-only files can only be appended. It can prevent
loaded modules from being unload, mounted filesystems from being
unmount and lauched processes from being kill. It can
also protect the hard disk's MBR, and can also disallow
sniffing while the NIC is in promiscuous mode.

For more detail , visit the homepage at

    http://www.soaring-bird.com.cn/oss_proj/lids/


主要特征:

1. 重要文件的保护
        在生效的情况下,任何人包括 root 均不能改变受保护的文件.
2. 重要 log 文件的保护
        log 文件只能增长.不能改变
3. 安全的文件系统
      系统启动时候载入的文件系统不能卸载.启动后载入的可以 umount
        启动后载入的系统只能 mount 到 /mnt/
4. 安全的进程保护
        启动后载入的进程( 其父为 1 ) 不能被杀.
5. 安全的模块载入和载出
        只能由/sbin/insmod 载入modules.
        只能载入 /lib/modules 下的 modules
        系统启动时载入的 modules 不能 rmmod

6. 更好的 log 信息.

7 . 更多的优点有待你的挖掘 :-))

--
※ 修改:·vertex 於 Nov 19 21:57:05 修改本文·[FROM:  162.105.138.50]
※ 来源:·BBS 水木清华站 bbs.net.tsinghua.edu.cn·[FROM: 162.105.138.50]