Re: A question about Knark and modules
- To: debian-security@lists.debian.org
- Subject: Re: A question about Knark and modules
- From: Christian Jaeger <christian.jaeger@sl.ethz.ch>
- Date: Mon, 18 Jun 2001 03:03:06 +0200
- Message-id: <p04320408b7526e1eece5@[192.168.1.2]>
- In-reply-to: <CfZT0.A.__B.qEAL7@murphy>
- References: <CfZT0.A.__B.qEAL7@murphy>
Hello
Do you know about LIDS (www.lids.org)? It also gives the ability to
play with CAP's, but seems much more sophisticated.
I've just subscribed to this list. Has LIDS been discussed here before?
I'm interested in using it, but am not sure how to use it best. In
fact I currently think it's best suited for just making sure tools
like tripwire can operate safely (so it's helping intrusion
detection, hence it's name (linux intrusion detection system) is very
correct), rather than effectively inhibiting a breakin. But even for
this purpose it seems you have to secure almost every file in your
system with ACL's (which is not very comfortable). Maybe this idea
from mine is working well: install some special binaries to which you
grant many permissions. One is an 'apt-get update/upgrade' wrapper
(so automatic security updates work), another one might be a shell
wrapper allowing system administrators to work on /etc, and so on. I
think I'll ask this on the lids list later if that's the better place
for such discussions.
Christian.
At 3:00 Uhr +0200 17.6.2001, Ethan Benson wrote:
lcap CAP_SYS_MODULE CAP_SYS_RAWIO
Reply to: