Seguraça extrema com LIDS
Este artigo nos introduz ao LIDS (Linux Intrusion Detection System), um sistema robusto que aplicado como patch no kernel nos oferece recursos extremos de configurações de segurança do sistema operacional.
[ Hits: 50.334 ]
Por: Anderson L Tamborim em 21/02/2004 | Blog: http://y2h4ck.wordpress.com
[*] Prompt for development and/or incomplete code/drivers [*] Sysctl Support General setup ---> [*] Networking support [*] PCI support (Any) PCI access mode [*] PCI quirks [ ] PCI bridge optimization (experimental) [*] Backward-compatible /proc/pci [ ] MCA support [ ] SGI Visual Workstation support [*] System V IPC [ ] BSD Process Accounting [*] Sysctl support <*> Kernel support for a.out binaries <*> Kernel support for ELF binaries <*> Kernel support for MISC binaries <M> Kernel support for JAVA binaries (obsolete) < > Parallel port support [ ] Advanced Power Management BIOS support Networking options ---> *(Personalize de acordo com suas necessidades) <*> Packet socket [*] Kernel/User netlink socket [*] Routing messages <*> Netlink device emulation [*] Network firewalls [ ] Socket Filtering <*> Unix domain sockets [*] TCP/IP networking [ ] IP: multicasting [*] IP: advanced router [ ] IP: policy routing [*] IP: equal cost multipath [ ] IP: use TOS value as routing key [*] IP: verbose route monitoring [*] IP: large routing tables [ ] IP: kernel level autoconfiguration [*] IP: firewalling [*] IP: firewall packet netlink device [ ] IP: transparent proxy support [*] IP: masquerading --- Protocol-specific masquerading support will be built as modules. [*] IP: ICMP masquerading --- Protocol-specific masquerading support will be built as modules. [*] IP: masquerading special modules support <M> IP: ipautofw masq support (EXPERIMENTAL) <M> IP: ipportfw masq support (EXPERIMENTAL) <M> IP: ip fwmark masq-forwarding support (EXPERIMENTAL) [*] IP: optimize as router not host < > IP: tunneling < > IP: GRE tunnels over IP [*] IP: aliasing support [ ] IP: ARP daemon support (EXPERIMENTAL) [*] IP: TCP syncookie support (not enabled per default) --- (it is safe to leave these untouched) < > IP: Reverse ARP [*] IP: Allow large windows (not recommended if <16Mb of memory) < > The IPv6 protocol (EXPERIMENTAL) opções do lids no kernel --> Linux Intrusion Detection System ---> [*] Linux Intrusion Detection System support (EXPERIMENTAL) --- LIDS features (1024) Maximum protected objects to manage (1024) Maximum ACL subjects to manage (1024) Maximum ACL objects to manage (1024) Maximum protected proceeds [ ] Hang up console when raising a securit alert [ ] Security alert when execing unprotected programs before sealing LIDS [*] Try not to flood logs (60)Authorised time between two identic logs (seconds) [*] Allow switching LIDS protections (3)Number of attempts to submit password (3) Time to wait after a fail (seconds) [ ] Allow remote users to switch LIDS protections [ ] Allow any program to switch LIDS protections [*] Allow reloading config. File [*] Port Scanner Detector in kernel [*] Send security alerts through network [ ] Hide klids kernel thread (3) Number of connection tries before giving up (30)Sleep time after a failed connection (16)Message queue size