BBS水木清华站∶精华区
发信人: pure (青衣~ shadow in silence), 信区: Linux
标 题: Re: Linux Intrusion Detection 0.4 released
发信站: BBS 水木清华站 (Fri Nov 19 23:20:56 1999)
sorry first.
I want to propose some questions about your project.
1: Your system name's object is Intrusion Protection System
not Intrustion Detection System because you just add
protect to some important files and such things.
2: Your code is hard-coded in kernel, but better solution
is to implement a complete security level in Linux,
similar to FreeBSD's security level and everyboy may
change it at fly.
3: Doing a not-comptiable kernel patch which can't merge into
official kernel is not very good thing for us.
Just my opinions, free discussions are welcomed!
【 在 vertex (lancelord) 的大作中提到: 】
∶ Linux Intrusion Detection System 0.4 release
∶ ---------------------------------------
∶ Linux Intrusion Detection System is a linux kernel patch
∶ and modules to enhance the linux kernel security. It can
∶ protect important files from being changed. When it's in
∶ effect, no one (including root) can change the protected
∶ files or directories and their sub-directories, and the
∶ protected append-only files can only be appended. It can prevent
∶ loaded modules from being unload, mounted filesystems from being
∶ unmount and lauched processes from being kill. It can
∶ also protect the hard disk's MBR, and can also disallow
∶ sniffing while the NIC is in promiscuous mode.
∶ For more detail , visit the homepage at
∶ http://www.soaring-bird.com.cn/oss_proj/lids/
∶ 主要特征:
∶ 1. 重要文件的保护
∶ 在生效的情况下,任何人包括 root 均不能改变受保护的文件.
∶ 2. 重要 log 文件的保护
∶ log 文件只能增长.不能改变
∶ 3. 安全的文件系统
∶ 系统启动时候载入的文件系统不能卸载.启动后载入的可以 umount
∶ 启动后载入的系统只能 mount 到 /mnt/
∶ 4. 安全的进程保护
∶ 启动后载入的进程( 其父为 1 ) 不能被杀.
∶ 5. 安全的模块载入和载出
∶ 只能由/sbin/insmod 载入modules.
∶ 只能载入 /lib/modules 下的 modules
∶ 系统启动时载入的 modules 不能 rmmod
∶ 6. 更好的 log 信息.
∶ 7 . 更多的优点有待你的挖掘 :-))
--
看着她笑,他忽然觉得她好寂寞好寂寞。
她静静的看了他半天,才柔柔慢慢的:「 你好像已经找到了。」
※ 来源:·BBS 水木清华站 bbs.net.tsinghua.edu.cn·[FROM: 202.112.45.46]
BBS水木清华站∶精华区