Seguraça extrema com LIDS
Este artigo nos introduz ao LIDS (Linux Intrusion Detection System), um sistema robusto que aplicado como patch no kernel nos oferece recursos extremos de configurações de segurança do sistema operacional.
[ Hits: 52.686 ]
Por: Anderson L Tamborim em 21/02/2004 | Blog: http://y2h4ck.wordpress.com
lidsadm version 0.4.1 for LIDS project Huagang Xie <xie@gnuchina.org> Philippe Biondi <pbi@cartel-info.fr> Usage: lidsadm -[S|I] -- [+|-][LIDS_FLAG] [...] lidsadm -V lidsadm -h Commands: -S To submit a password to switch some protections -I To switch some protections without submitting password (sealing time) -V To view current LIDS state (caps/flags) -v To show the version -h To list this help Available capabilities: CAP_CHOWN chown(2)/chgrp(2) CAP_DAC_OVERRIDE DAC access CAP_DAC_READ_SEARCH DAC read CAP_FOWNER owner ID not equal user ID CAP_FSETID effective user ID not equal owner ID CAP_KILL real/effective ID not equal process ID CAP_SETGID set*gid(2) CAP_SETUID set*uid(2) CAP_SETPCAP transfer capability CAP_LINUX_IMMUTABLE immutable and append file attributes CAP_NET_BIND_SERVICE binding to ports below 1024 CAP_NET_BROADCAST broadcasting/listening to multicast CAP_NET_ADMIN interface/firewall/routing changes CAP_NET_RAW raw sockets CAP_IPC_LOCK locking of shared memory segments CAP_IPC_OWNER IPC ownership checks CAP_SYS_MODULE insertion and removal of kernel modules CAP_SYS_RAWIO ioperm(2)/iopl(2) access CAP_SYS_CHROOT chroot(2) CAP_SYS_PTRACE ptrace(2) CAP_SYS_PACCT configuration of process accounting CAP_SYS_ADMIN tons of admin stuff CAP_SYS_BOOT reboot(2) CAP_SYS_NICE nice(2) CAP_SYS_RESOURCE setting resource limits CAP_SYS_TIME setting system time CAP_SYS_TTY_CONFIG tty configuration CAP_MKNOD mknod operation CAP_LEASE taking leases on files CAP_HIDDEN hidden process CAP_KILL_PROTECTED kill protected programs CAP_PROTECTED Protect the process from signals Available flags: LIDS de-/activate LIDS locally (the shell & childs) LIDS_GLOBAL de-/activate LIDS entirely RELOAD_CONF reload config. file and inode/dev of protected programs
lidsconf version 0.4.1 for the LIDS project Huagang Xie <xie@gnuchina.org> Philippe Biondi <philippe.biondi@webmotion.net> Usage: lidsconf -A [-s subject] -o object [-d] [-t from-to] [-i level] -j ACTION lidsconf -D [-s file] [-o file] lidsconf -Z lidsconf -U lidsconf -L [-e] lidsconf -P lidsconf -v lidsconf -[h|H] Commands: -A,--add To add an entry -D,--delete To delete an entry -Z,--zero To delete all entries -U,--update To update dev/inode numbers -L,--list To list all entries -P,--passwd To encrypt a password with RipeMD-160 -v,--version To show the version -h,--help To list this help -H,--morehelp To list this help with CAP/SOCKET name subject: -s,--subject subj can be any program, must be a file object: -o,--object [obj] can be a file, directory or Capability, Socket Name ACTION: -j,--jump DENY deny access READONLY read only APPEND append only WRITE writable GRANT grant capability to subject IGNORE ignore any permissions set on this object DISABLE disable some extersion feature OPTION: -d,--domain The object is an EXEC Domain -i,--inheritance Inheritance level -t,--time Time dependency -e,--extended Extended list
[*] Allow switching LIDS protections (3) Number of attempts to submit password (30) Time to wait after a fail (seconds) [ ] Allow remote users to switch LIDS protections [ ] Allow any program to switch LIDS protections [*] Allow reloading config. file <-----------
VIEW CAP_CHOWN 0 CAP_DAC_OVERRIDE 0 CAP_DAC_READ_SEARCH 0 CAP_FOWNER 0 CAP_FSETID 0 CAP_KILL 0 CAP_SETGID 0 CAP_SETUID 0 CAP_SETPCAP 0 CAP_LINUX_IMMUTABLE 0 CAP_NET_BIND_SERVICE 0 CAP_NET_BROADCAST 0 CAP_NET_ADMIN 0 CAP_NET_RAW 0 CAP_IPC_LOCK 0 CAP_IPC_OWNER 0 CAP_SYS_MODULE 0 CAP_SYS_RAWIO 0 CAP_SYS_CHROOT 0 CAP_SYS_PTRACE 0 CAP_SYS_PACCT 0 CAP_SYS_ADMIN 0 CAP_SYS_BOOT 1 CAP_SYS_NICE 0 CAP_SYS_RESOURCE 1 CAP_SYS_TIME 0 CAP_SYS_TTY_CONFIG 0 CAP_MKNOD 0 CAP_LEASE 0 CAP_HIDDEN 1 CAP_KILL_PROTECTED 0 CAP_PROTECTED 0 LIDS 0 LIDS_GLOBAL 1 RELOAD_CONF 0
Análise Passiva: Analisando seu tráfego de maneira segura
PHLAK :: [P]rofessional [H]acker's [L]inux [A]ssault [K]it
Libsafe: Protegendo Linux contra Smashing Overflow
Carnivore e Altivore: Os predadores do FBI
PortSentry: Melhorando a segurança do seu Linux
Labrador, um detector de intrusos
Arpwatch - Detecte em sua rede ataques de Arp Spoofing/Arp Poisoning
Não precisamos de antivírus, eles sim
ANDRAX - Pentest usando o Android
Enviar mensagem ao usuário trabalhando com as opções do php.ini
Meu Fork do Plugin de Integração do CVS para o KDevelop
Compartilhando a tela do Computador no Celular via Deskreen
Como Configurar um Túnel SSH Reverso para Acessar Sua Máquina Local a Partir de uma Máquina Remota
Configuração para desligamento automatizado de Computadores em um Ambiente Comercial
Compartilhamento de Rede com samba em modo Público/Anônimo de forma simples, rápido e fácil
Cups: Mapear/listar todas as impressoras de outro Servidor CUPS de forma rápida e fácil
Criando uma VPC na AWS via CLI
Arch Linux - Guia para Iniciantes (0)
Dificuldade para renderizar vídeo no kdenlive (6)
xubuntu sem sons de eventos (3)
Erro ao iniciar serviço samba4 como novo dc em um ambiente com ad [RES... (9)