[System Security] uses LIDS to build a steel castle in LINUX

Article Title: [System Security] using LIDS to build a LINUX steel Castle. Linux is a technology channel of the IT lab in China. Includes basic categories such as desktop applications, Linux system management, kernel research, embedded systems, and open source.

With the continuous promotion of LINUX-like operating systems and the need to reduce the IT total cost of ownership in the period of economic crisis, more and more small and medium-sized enterprises are migrating their important services to the LINUX system. With the powerful security and low cost of the LINUX system, various Enterprise Services built on the LINUX system provide greater development and stronger competitiveness for these SMEs.

However, in the current network environment, as the hacker technology continues to increase and the number of hackers continues to increase, the number of network attacks is also increasing. The security of LINUX systems is being tested again and again, and security defects on LINUX systems are also emerging. For small and medium-sized enterprises that use LINUX systems, how to protect the data security on these servers is a pressing problem.

As a result, many small and medium-sized enterprises use network firewalls to prevent most network attacks. However, once some network attacks penetrate the firewall, important data on the system may be completely controlled by attackers. Therefore, it is necessary to deploy a host-based Intrusion Detection System on LINUX. LIDS is such an intrusion detection system based on the Linux kernel patch mode.

LIDS is fully called the LINUX Intrusion Detection System. It is integrated into the Linux kernel and can be used to further enhance the security of the LINUX kernel and provide a secure and forced Access Control Mode for the Linux kernel, it can also be used as a backup protection method of the firewall. In this way, important directories and files on LINUX are not copied or deleted, important services are not deleted or stopped, and system logon methods cannot be modified. In this article, we will take a closer look at how to apply LIDS in LINUX.

I. Main Functions of LIDS

When using LIDS, we mainly use the following main functions:

1. Protection Function: LIDS can protect any types of important files (such as passwd and shadow files) on the hard disk) and directory (such as/bin,/sbin,/usr/bin,/usr/sbin,/etc/rc. d) To prevent unauthorized users (including ROOT) and unauthorized programs from accessing and using them. LIDS can also protect important processes in the system from being terminated. After this function is enabled, no user on the system, including root, can kill processes and hide specific processes. In addition, LIDS can also prevent illegal program raw io operations and protect the hard disk, including protecting the hard disk's Master Boot Record (MBR.

2. Detection Function: by integrating the port scanner in the kernel, LIDS can detect the listening port in the system and report the detected content to the system administrator. LIDS can also detect any process on the system that violates the rules.

3. Alarm function: When LIDS detects that someone violates the configured security rules, it displays the corresponding warning information on the console, the invalid behavior details are recorded in the system log files protected by LIDS. LIDS can also send log files to our configured administrator email address. At the same time, LIDS can immediately disable the current session of an invalid user.

[1] [2] [3] Next page