Seguraça extrema com LIDS
Este artigo nos introduz ao LIDS (Linux Intrusion Detection System), um sistema robusto que aplicado como patch no kernel nos oferece recursos extremos de configurações de segurança do sistema operacional.
[ Hits: 52.689 ]
Por: Anderson L Tamborim em 21/02/2004 | Blog: http://y2h4ck.wordpress.com
lidsadm version 0.4.1 for LIDS project Huagang Xie <xie@gnuchina.org> Philippe Biondi <pbi@cartel-info.fr> Usage: lidsadm -[S|I] -- [+|-][LIDS_FLAG] [...] lidsadm -V lidsadm -h Commands: -S To submit a password to switch some protections -I To switch some protections without submitting password (sealing time) -V To view current LIDS state (caps/flags) -v To show the version -h To list this help Available capabilities: CAP_CHOWN chown(2)/chgrp(2) CAP_DAC_OVERRIDE DAC access CAP_DAC_READ_SEARCH DAC read CAP_FOWNER owner ID not equal user ID CAP_FSETID effective user ID not equal owner ID CAP_KILL real/effective ID not equal process ID CAP_SETGID set*gid(2) CAP_SETUID set*uid(2) CAP_SETPCAP transfer capability CAP_LINUX_IMMUTABLE immutable and append file attributes CAP_NET_BIND_SERVICE binding to ports below 1024 CAP_NET_BROADCAST broadcasting/listening to multicast CAP_NET_ADMIN interface/firewall/routing changes CAP_NET_RAW raw sockets CAP_IPC_LOCK locking of shared memory segments CAP_IPC_OWNER IPC ownership checks CAP_SYS_MODULE insertion and removal of kernel modules CAP_SYS_RAWIO ioperm(2)/iopl(2) access CAP_SYS_CHROOT chroot(2) CAP_SYS_PTRACE ptrace(2) CAP_SYS_PACCT configuration of process accounting CAP_SYS_ADMIN tons of admin stuff CAP_SYS_BOOT reboot(2) CAP_SYS_NICE nice(2) CAP_SYS_RESOURCE setting resource limits CAP_SYS_TIME setting system time CAP_SYS_TTY_CONFIG tty configuration CAP_MKNOD mknod operation CAP_LEASE taking leases on files CAP_HIDDEN hidden process CAP_KILL_PROTECTED kill protected programs CAP_PROTECTED Protect the process from signals Available flags: LIDS de-/activate LIDS locally (the shell & childs) LIDS_GLOBAL de-/activate LIDS entirely RELOAD_CONF reload config. file and inode/dev of protected programs
lidsconf version 0.4.1 for the LIDS project Huagang Xie <xie@gnuchina.org> Philippe Biondi <philippe.biondi@webmotion.net> Usage: lidsconf -A [-s subject] -o object [-d] [-t from-to] [-i level] -j ACTION lidsconf -D [-s file] [-o file] lidsconf -Z lidsconf -U lidsconf -L [-e] lidsconf -P lidsconf -v lidsconf -[h|H] Commands: -A,--add To add an entry -D,--delete To delete an entry -Z,--zero To delete all entries -U,--update To update dev/inode numbers -L,--list To list all entries -P,--passwd To encrypt a password with RipeMD-160 -v,--version To show the version -h,--help To list this help -H,--morehelp To list this help with CAP/SOCKET name subject: -s,--subject subj can be any program, must be a file object: -o,--object [obj] can be a file, directory or Capability, Socket Name ACTION: -j,--jump DENY deny access READONLY read only APPEND append only WRITE writable GRANT grant capability to subject IGNORE ignore any permissions set on this object DISABLE disable some extersion feature OPTION: -d,--domain The object is an EXEC Domain -i,--inheritance Inheritance level -t,--time Time dependency -e,--extended Extended list
[*] Allow switching LIDS protections (3) Number of attempts to submit password (30) Time to wait after a fail (seconds) [ ] Allow remote users to switch LIDS protections [ ] Allow any program to switch LIDS protections [*] Allow reloading config. file <-----------
VIEW CAP_CHOWN 0 CAP_DAC_OVERRIDE 0 CAP_DAC_READ_SEARCH 0 CAP_FOWNER 0 CAP_FSETID 0 CAP_KILL 0 CAP_SETGID 0 CAP_SETUID 0 CAP_SETPCAP 0 CAP_LINUX_IMMUTABLE 0 CAP_NET_BIND_SERVICE 0 CAP_NET_BROADCAST 0 CAP_NET_ADMIN 0 CAP_NET_RAW 0 CAP_IPC_LOCK 0 CAP_IPC_OWNER 0 CAP_SYS_MODULE 0 CAP_SYS_RAWIO 0 CAP_SYS_CHROOT 0 CAP_SYS_PTRACE 0 CAP_SYS_PACCT 0 CAP_SYS_ADMIN 0 CAP_SYS_BOOT 1 CAP_SYS_NICE 0 CAP_SYS_RESOURCE 1 CAP_SYS_TIME 0 CAP_SYS_TTY_CONFIG 0 CAP_MKNOD 0 CAP_LEASE 0 CAP_HIDDEN 1 CAP_KILL_PROTECTED 0 CAP_PROTECTED 0 LIDS 0 LIDS_GLOBAL 1 RELOAD_CONF 0
OpenVZ: Virtualização para servidores Linux
Análise Passiva: Analisando seu tráfego de maneira segura
Análise Forense - Aspectos de perícia criminal
Race condition - vulnerabilidades em suids
Segurança extrema com LIDS: novos recursos
Servidor de logs em Debian Linux
Backup/Restore de uma cópia fiel de um HD utilizando o DD
Atirando o pau no gato com Metasploit
Instalação do Comodo Antivirus para Linux (CAVL) resolvendo o problema de dependências
Enviar mensagem ao usuário trabalhando com as opções do php.ini
Meu Fork do Plugin de Integração do CVS para o KDevelop
Compartilhando a tela do Computador no Celular via Deskreen
Como Configurar um Túnel SSH Reverso para Acessar Sua Máquina Local a Partir de uma Máquina Remota
Configuração para desligamento automatizado de Computadores em um Ambiente Comercial
Compartilhamento de Rede com samba em modo Público/Anônimo de forma simples, rápido e fácil
Cups: Mapear/listar todas as impressoras de outro Servidor CUPS de forma rápida e fácil
Criando uma VPC na AWS via CLI
Linux não é para todo mundo (4)
Dificuldade para renderizar vídeo no kdenlive (8)