Linux Today: Linux News On Internet Time.

UnixReview.com: LIDS and Mandatory Access Control (MAC) on Linux

Jul 14, 2001, 19:00 (1 Talkback[s])
(Other stories by Ameet Chaubal)
"On a Unix operating system, the power wielded by the root user is supreme and unrestrained. This is proudly considered a great feature of the Unix operating system. However, it can also become its nemesis. Anyone who gains root access to the system has the entire server at their mercy and can cause great damage to it. Also, in the case of a security breach, if the root account is compromised, all trails leading to the invasion can be easily effaced. In this article, I will examine a tool that makes the root user impotent to a large extent and attempts to make the system more secure. I will also touch on a few other Open Source and commercial alternatives.

Linux Intrusion Detection System (LIDS) is written by Xie Huagang and Philippe Biondi and is available for download at: http://www.lids.org. It is a kernel patch and administrator tool that provides file protection, process protection, kernel-based port scan detection, and the ability to seal the kernel so that no one (including root) can insert modules into it or access special devices (such as memory and I/O)."

Complete Story

Related Stories: