Seguraça extrema com LIDS
Este artigo nos introduz ao LIDS (Linux Intrusion Detection System), um sistema robusto que aplicado como patch no kernel nos oferece recursos extremos de configurações de segurança do sistema operacional.
[ Hits: 52.642 ]
Por: Anderson L Tamborim em 21/02/2004 | Blog: http://y2h4ck.wordpress.com
lidsadm version 0.4.1 for LIDS project Huagang Xie <xie@gnuchina.org> Philippe Biondi <pbi@cartel-info.fr> Usage: lidsadm -[S|I] -- [+|-][LIDS_FLAG] [...] lidsadm -V lidsadm -h Commands: -S To submit a password to switch some protections -I To switch some protections without submitting password (sealing time) -V To view current LIDS state (caps/flags) -v To show the version -h To list this help Available capabilities: CAP_CHOWN chown(2)/chgrp(2) CAP_DAC_OVERRIDE DAC access CAP_DAC_READ_SEARCH DAC read CAP_FOWNER owner ID not equal user ID CAP_FSETID effective user ID not equal owner ID CAP_KILL real/effective ID not equal process ID CAP_SETGID set*gid(2) CAP_SETUID set*uid(2) CAP_SETPCAP transfer capability CAP_LINUX_IMMUTABLE immutable and append file attributes CAP_NET_BIND_SERVICE binding to ports below 1024 CAP_NET_BROADCAST broadcasting/listening to multicast CAP_NET_ADMIN interface/firewall/routing changes CAP_NET_RAW raw sockets CAP_IPC_LOCK locking of shared memory segments CAP_IPC_OWNER IPC ownership checks CAP_SYS_MODULE insertion and removal of kernel modules CAP_SYS_RAWIO ioperm(2)/iopl(2) access CAP_SYS_CHROOT chroot(2) CAP_SYS_PTRACE ptrace(2) CAP_SYS_PACCT configuration of process accounting CAP_SYS_ADMIN tons of admin stuff CAP_SYS_BOOT reboot(2) CAP_SYS_NICE nice(2) CAP_SYS_RESOURCE setting resource limits CAP_SYS_TIME setting system time CAP_SYS_TTY_CONFIG tty configuration CAP_MKNOD mknod operation CAP_LEASE taking leases on files CAP_HIDDEN hidden process CAP_KILL_PROTECTED kill protected programs CAP_PROTECTED Protect the process from signals Available flags: LIDS de-/activate LIDS locally (the shell & childs) LIDS_GLOBAL de-/activate LIDS entirely RELOAD_CONF reload config. file and inode/dev of protected programs
lidsconf version 0.4.1 for the LIDS project Huagang Xie <xie@gnuchina.org> Philippe Biondi <philippe.biondi@webmotion.net> Usage: lidsconf -A [-s subject] -o object [-d] [-t from-to] [-i level] -j ACTION lidsconf -D [-s file] [-o file] lidsconf -Z lidsconf -U lidsconf -L [-e] lidsconf -P lidsconf -v lidsconf -[h|H] Commands: -A,--add To add an entry -D,--delete To delete an entry -Z,--zero To delete all entries -U,--update To update dev/inode numbers -L,--list To list all entries -P,--passwd To encrypt a password with RipeMD-160 -v,--version To show the version -h,--help To list this help -H,--morehelp To list this help with CAP/SOCKET name subject: -s,--subject subj can be any program, must be a file object: -o,--object [obj] can be a file, directory or Capability, Socket Name ACTION: -j,--jump DENY deny access READONLY read only APPEND append only WRITE writable GRANT grant capability to subject IGNORE ignore any permissions set on this object DISABLE disable some extersion feature OPTION: -d,--domain The object is an EXEC Domain -i,--inheritance Inheritance level -t,--time Time dependency -e,--extended Extended list
[*] Allow switching LIDS protections (3) Number of attempts to submit password (30) Time to wait after a fail (seconds) [ ] Allow remote users to switch LIDS protections [ ] Allow any program to switch LIDS protections [*] Allow reloading config. file <-----------
VIEW CAP_CHOWN 0 CAP_DAC_OVERRIDE 0 CAP_DAC_READ_SEARCH 0 CAP_FOWNER 0 CAP_FSETID 0 CAP_KILL 0 CAP_SETGID 0 CAP_SETUID 0 CAP_SETPCAP 0 CAP_LINUX_IMMUTABLE 0 CAP_NET_BIND_SERVICE 0 CAP_NET_BROADCAST 0 CAP_NET_ADMIN 0 CAP_NET_RAW 0 CAP_IPC_LOCK 0 CAP_IPC_OWNER 0 CAP_SYS_MODULE 0 CAP_SYS_RAWIO 0 CAP_SYS_CHROOT 0 CAP_SYS_PTRACE 0 CAP_SYS_PACCT 0 CAP_SYS_ADMIN 0 CAP_SYS_BOOT 1 CAP_SYS_NICE 0 CAP_SYS_RESOURCE 1 CAP_SYS_TIME 0 CAP_SYS_TTY_CONFIG 0 CAP_MKNOD 0 CAP_LEASE 0 CAP_HIDDEN 1 CAP_KILL_PROTECTED 0 CAP_PROTECTED 0 LIDS 0 LIDS_GLOBAL 1 RELOAD_CONF 0
Análise Passiva: Analisando seu tráfego de maneira segura
Race condition - vulnerabilidades em suids
PortSentry: Melhorando a segurança do seu Linux
Segurança extrema com LIDS: novos recursos
Reaver - Descobrindo senhas Wi-Fi
Solução de backup para servidores Windows, Linux & BSD’s
Compartilhando a tela do Computador no Celular via Deskreen
Como Configurar um Túnel SSH Reverso para Acessar Sua Máquina Local a Partir de uma Máquina Remota
Configuração para desligamento automatizado de Computadores em um Ambiente Comercial
Como renomear arquivos de letras maiúsculas para minúsculas
Imprimindo no formato livreto no Linux
Vim - incrementando números em substituição
Efeito "livro" em arquivos PDF
Como resolver o erro no CUPS: Unable to get list of printer drivers
Não to conseguindo resolver este problemas ao instalar o playonelinux (1)
Excluir banco de dados no xampp (1)
[Python] Automação de scan de vulnerabilidades
[Python] Script para analise de superficie de ataque
[Shell Script] Novo script para redimensionar, rotacionar, converter e espelhar arquivos de imagem
[Shell Script] Iniciador de DOOM (DSDA-DOOM, Doom Retro ou Woof!)
[Shell Script] Script para adicionar bordas às imagens de uma pasta