Home > Developer > Linux

Linux intrusion Monitoring System LIDS principle (4)

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

9. Intrusion Response System

When we detect that some programs violate our rules, we must respond to them. In the current LIDS system, we can use the record function to record all information. We can also suspend the console that this user uses. Then, we will add more response systems to LIDS, not only in the kernel, but also in the user zone.

9.1 allow login in a safe way

In the traditional kernel login mode, we use printk to print information on the console every time. However, the kernel is vulnerable to DoS attacks. The system will frequently run the printk command. We can use security_alert () in the kernel to implement the alarm response function.

You can check the code of/include/linux/kernel. h.

9.2 console Suspension

This function uses security logs to suspend the consoles of those who violate the security rules defined by LIDS. To continue, they must log on to the system again. However, everything they do has been recorded by the system logs or sent to the Administrator via e-mail.

9.3 report to the Administrator via email or call

This function is developed by boidi. With this tool, we can easily know where errors occur in the system and respond to intrusions in a timely manner.

These are the basic principles of LIDS, which may involve programming of kernel modules. In this regard, you can go to the chinabyte linux zone, where there is coolboy information about the module lkm that can be loaded. Cool. If you have any questions, you can also e-mail me chaobowang@sina.com hope you support more linuxbyte !!!!

 

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More