Brief Introduction to Linux kernel Security Intrusion Detection System

Source: Internet
Author: User

Linux Kernel security is gaining more and more attention with the popularity of Linux systems. Here we will introduce LIDS, the Linux kernel security intrusion detection system. Check what problems exist in the Linux kernel and what features LIDS can bring to us.

LIDS (Linux Intrusion Detection System) is a Linux kernel patch and system management employee lidsadm. It enhances the Linux kernel. It implements a security mode in the kernel-reference mode and the Mandatory Access Control command in the kernel enters the Control mode. This article describes the functions of LIDS and how to use it to build a Secure Linux system.

Why LIDS?

As Linux on the Internet is becoming more and more popular, more and more security vulnerabilities are found in the application software on the GNU/LINUX system. Many programs exploit the carelessness of programmers, such as cache overflow and formatting code attacks. When the system security is compromised by programs and hackers obtain the ROOT permission, the entire system will be controlled by intruders.

Because of the openness of the code, we can get a lot of the original code of the Linux application, and modify it according to our needs. Therefore, bugs can be easily found and quickly fixed. However, when a vulnerability is revealed, the system administrator is negligent in patching the vulnerability, which can easily cause intrusion. What's worse, hackers can obtain the root shell. Using the existing GNU/Linux system, he does whatever he wants. This is what LIDS wants to solve.

First, let's look at the problems existing in the GNU/Linux system.

File System not protected

Many important files in the system, such as/bin/login. After a hacker intrude into the system, he can upload the modified login file to replace/bin/login, then he can log on to the system without any login name or password. This is often called Trojan house.

The process is not protected

Processes running on the system serve certain system functions. For example, HTTPD is a web server to meet the web requirements of remote clients. As a web server system, it is important to protect its processes from being terminated illegally. However, when the intruder has the ROOT permission, we cannot do anything.

System Management unprotected

Many system management systems, such as module loading/uninstallation, route setting, and firewall rules, can be easily modified if the user ID is 0. Therefore, it becomes insecure when intruders obtain the ROOT permission.

Super User (root) as ROOT may abuse Permissions

He can do whatever he wants. as ROOT, he can even modify the existing permissions.

To sum up, we found that entering the control mode in the existing Linux system is not enough to establish a Secure Linux system. We must add a new mode in the system to solve these problems. This is what LIDS has to do.

LIDS features

Linux intrusion detection system is a Linux kernel patch and System Administrator tool that enhances kernel security. It implements the reference listening mode and Mandatory Access Control command in the kernel to enter the Control mode. When it works, select the file to enter, and manage each system/network. Any access permission, raw device, mem, and I/O will be disabled, even for ROOT. It uses and extends system functions, binds control settings on the entire system, and adds security features of the network and file system to the kernel, thus enhancing security. You can adjust security protection online, hide sensitive processes, and receive security warnings through the network.

In short, LIDS provides protection, reconnaissance, and response functions, from the security mode in the LINUX kernel.

Protection

LIDS provides the following protection:

Protect any types of important files and directories on the hard disk, which cannot be changed by anyone, including ROOT. It can protect important processes from being terminated and prevent raw io operations of illegal programs. Protects hard disks, including MBR protection. Protects sensitive files in the system and prevents unauthorized users (including ROOT) and unauthorized programs from accessing.

Reconnaissance

When someone scans your host, LIDS can detect and report to the system administrator. LIDS can also detect any illegal process on the system.

Response

When someone violates the rules, LIDS records invalid operation details to the System log Files protected by LIDS. LIDS can also upload log information to your mailbox. LIDS can also immediately close conversations with users.

  1. Detailed analysis of Linux folder execution Permissions
  2. Differences between Linux and Unix
  3. How to check Linux Security Vulnerabilities
  4. Linux bash shortcut keys
  5. Analyze how to view and modify the Linux File Encoding

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.