Linux Intrusion Detection System FAQ
Prev		Next

Chapter 5. Configuring LIDS

Table of Contents
5.1. How do I protect a file as read only?
5.2. OK, so how do I protect a directory as read only?
5.3. How can I hide a file/directory from everyone?
5.4. How can I protect log files so they can only be appended to?
5.5. If nothing is allowed to read my /etc/shadow file, how can I authenticate myself to the system?
5.6. If I protect /etc as read only, how will mount be able to write to /etc/mtab?
5.7. LIDS complains that it can't write to my modules.dep file during startup. What's wrong?
5.8. If I protect my logs as append only, how will logrotated rotate my logs?
5.9. Why can't I just give my log rotation utility write access to the directory containing my log files so it can rotate them?
5.10. When LIDS is active, my file systems won't unmount during shutdown. What do I do?
5.11. Why can't I start a service that runs on a privileged port as root?
5.12. Why can't I start a service that runs on a privileged port from an LFS?
5.13. How do I disable/enable capabilities?
5.14. Why won't the X Window System work with LIDS enabled?
5.15. With all of these ACLs, how can I possibly keep track of my configuration?
5.16. How can I give init write access to /etc/initrunlvl so LIDS doesn't complain about it during startup and shutdown?
5.17. Can a process inherit file ACLs from its parent?
5.18. Help! I can't seem to get program xyz to work under LIDS. How do I determine what files/capabilities it needs access to?
5.19. How do I give passwd the proper permissions to update the /etc/shadow file?
5.20. Why doesn't ssh or scp work when LIDS is enabled?
5.21. Open-SSH won't start at boot time. LIDS reports that bash tried to access a hidden file. How can I fix this?
5.22. Some of my file systems won't unmount at shutdown because I have hidden processes running. How can I kill them?
5.23. I just want to start with a basic configuration. Can you recommend a setup that will provide additional protection and still leave most of my system functioning as normal?
5.24. Is it possible to limit access based on time of day?
5.25. How do I limit the ports that a program can bind to?
5.26. If I make /etc/mtab a symbolic link to /proc/mounts, will user quotas still work?
5.27. When I edit a file protected by LIDS, it appears to lose it's LIDS protections. Why?
5.28. When I update my LIDS configuration some processes seem to lose their capabilities

Prev	Home	Next
How do I check if LIDS is enabled/disabled??		How do I protect a file as read only?