17. LIDS Discontinued Features

Portscan Detector
This has been removed.


Time-Dependent ACLs
Before LIDS v2.2 it was possible to for ACLs to be time-dependent, for example 
    lidsconf -A -s /usr/sbin/cron -o /var/log -t 0018-0019 -i 2 -j WRITE
would allow cron to write to /var/log between 00:18 and 00:19. (-i 2 allows logrotate and its children write access; directly granting write access to logrotate would be a mistake — this would allow an intruder to repeatedly rotate logs...)


CAP_HIDDEN
This was a LIDS-specific Capability. A process with this Capability was not visible in /proc (and thus not available to ps, etc.). But: 
  > sorry, CAP_HIDDEN will not be working on LIDS 2.2.x..Smile This is because
  > LSM do not provide the nesseary hooks that we can use to hide files as
  > well as the process(via /proc file system).
  >
  > I will removed the CAP_HIDDEN in source and lidstools to let is obsoleted.
  >
  > Thanks,
  > huagang
It is no longer possible to hide a process using LIDS functionality. Other kernel-patches exist (e.g., GR Security) which prevent users from seeing processes other than their own. To hide particular processes from all users (including root), use a specially-crafted kernel module — a root kit!



CAP_INIT_KILL
This was a LIDS-specific Capability. It has been replaced by CAP_PROTECTED (another LIDS-specific Capability).


CAP_KILL_PROTECTED
This was a LIDS-specific Capability. It allowed programmes to kill CAP_PROTECTED processes.



...previousup (conts)next...


About this document:

Produced from the SGML: /home/mc/public_html/_unix_security/_reml_grp/unix_sec_kernel_lids.reml
On: 19/5/2006 at 11:53:2
Options: reml2 -i noindex -l long -o html -p multiple