Use of Linux kernel Security Intrusion Detection System

Article Title: about the use of Linux kernel security intrusion detection system. Linux is a technology channel of the IT lab in China. Includes basic categories such as desktop applications, Linux system management, kernel research, embedded systems, and open source.

This section briefly introduces the Linux kernel security intrusion detection system and introduces the problems exposed by the Linux System and the features of the intrusion detection system. How can we complete a relatively high-level Linux kernel security.

Download the LIDS patch and related official Linux Kernel

You can obtain LIDS patches and system management tools from LIDS Home, LIDS Ftp Home, or recent LIDS Mirror.

The patch name is lids-x.xx-y.y.y.tar.gz, x. xx represents the lids version, y. y. y represents the Linux kernel version. For example, the lids-0.9.9-2.2.17.tar.gz represents the lids version 0.9.9 and the related kernel version is 2.2.17 ..

You must download the relevant kernel version. For example, if you download lids-0.9.9-2.2.17.tar.gz, you should download the original code of Linux kernel 2.2.17. The Kernel source code can be obtained from the Kernel FTP Site or other images.

Decompress the original kernel code and LIDS tar. for example, after the slave: 1. uncompress the Linux kernel source code tree. # cd linux_install_path/# bzip2-cd linux-2.2.17.tar.bz2 tar-xvf-2. uncompress the lids source code and install the lidsadm tool. # cd lids_install_path # tar-zxvf lids-0.9.8-2.2.17.tar.gz

Install the LIDS patch on the Linux kernel, linux kernel source code is patched with LIDS # cd linux_install_path/linux # patch-p1/* link the default source path to lids patched version # rm-rf/usr/src/linux # ln-s linux_install_patch /linux/usr/src/linux

To configure the Linux kernel, follow these steps: Prompt for development and/or incomplete code/driversSysctl supportAfter that, you will find that a new item appear in the bottom of the configuration menu name "Linux Intrusion Detection System ". entering this menu, turn the Linux Intrusion Detection System support (EXPERIMENTAL) (NEW ).

After the LIDS kernel is configured, exit the configuration interface and compile the kernel. # Make dep # make clean # make bzImage # make modules # make modules_install

Install LIDS and system management tools on Linux, copy bzImage to/boot/, and edit/etc/lilo. conf. # Cp arch/i386/boot/bzImage/boot/bzImage-lids-0.9.9-2.2.17/* build admin tools */# cd lids-0.9.8-2.2.17/lidsadm-0.9.8/# make install # less/etc/ lilo. confboot =/dev/hdamap =/boot/mapinstall =/boot. bprompttimeout = 50 default = linuximage =/boot/vmlinuz-2.2.16-3label = linuxread-onlyroot =/dev/hda2image =/boot/bzImage-lids-0.9.9-2.2.17label = devread-onlyroot =/dev/hda2

Run/sbin/lilo to install the new kernel: #/sbin/lilo

Configure the LIDS System

Before restarting, you must configure the lids system to meet your security needs. You can define protected files, protected processes, and so on.

By default, lidsadm installs the default configuration file to/etc/lids /. You must reconfigure it as needed. First, update the inode/dev value of the default lids. conf file. #/Sbin/lidsadm-U

Restart the system

After the Linux system is configured, restart. When lilo appears, select to load the lids enable kernel. Then you will enter the wonderful LIDS world.

Encapsulate the kernel

After the system is started, do not forget to use lidsadm to encapsulate the kernel. Add the following command at the end of/etc/rc. local: #/sbin/lidsadm-I

Online Management

After the kernel is encapsulated, your system is protected by LIDS. You can perform some tests to verify the security level. If you want to change some configurations, such as modifying permissions, you can enter a password to change the security level of lids online. #/Sbin/lidsadm-S ---LIDS

After changing the lids configuration attributes, such as lids. conf and lids. cap, you can run the following command to re-load the configuration file in the kernel: #/sbin/lidsadm-S -- + RELOAD_CONF

Configure the LIDS System

LIDS configuration directory -- "/etc/lids /"

In this way, we almost completed the establishment of the Linux kernel security intrusion detection system, helping us better manage Linux kernel security.