Home | hacker invade | crack analyzes | hacker course | Exploit | encryption decipher | network management | System crack | the virus to be related | invades the examination | firewall
You are here: hacking technology > invades the examination > Content
Hot Articles
ForensicSIM Toolkit gets
Serv-U bounce attack and
To the Image File Execut
Based on CallStack count
To a some music website
How to use double WAN ro
pcshare official net exa
Security precious book m
Honey jar and honey net
The invasion examination
pcshare official net exa
Tomcat invasion examinat
Bypasses the CallStack f
Ten big invasion examina
The network invasion exa
Recommend Articles
Only opens 80 port's saf
Bypasses the web key wor
Bypasses the CallStack f
Security precious book m
Based on CallStack count
pcshare official net exa
SQL Server SA idle talk
Honey jar and honey net
The invasion examines th
Four next generation inv
An accidental invasion e
The invasion examines (I
How to use IDS to invade
The invasion examination
A winding safe examinati
New Articles
TEA guidelines for risk
Training for medical per
JSIC Security Forum 2001
SITO includes E-Learning
The rationale for choosi
Drink and drug driving c
BTEC is Tavcom Training
International trade issu
1 in 5 companies is unli
New compact PD-350 for F
sharp rise in prices of
Passfaces strong authent
T3i teams with Passfaces
Comodo Two Factor Authen
Comfortable two-factor a
LIDS all captures(4)
  Add date: 09/17/2008   Publishing date: 09/17/2008   Hits: 3
Total 14 pages, Current page:4, Jump to page:
 

  ---------------------------------------------------------------------------
  # lidsconf - A - o /home/httpd - j DENY
  # lidsconf - A - s /usr/sbin/httpd - o /home/httpd - j READONLY
  ---------------------------------------------------------------------------

  A simple disposition example:
  ---------------------------------------------------------------------------
  lidsconf - Z
  lidsconf - A - o /boot - j READONLY
  lidsconf - A - o /lib - j READONLY
  lidsconf - A - o /root - j READONLY
  lidsconf - A - o /etc - j READONLY
  lidsconf - A - o /sbin - j READONLY
lidsconf - A - o /usr/sbin - j READONLY
  lidsconf - A - o /bin - j READONLY
  lidsconf - A - o /usr/bin - j READONLY
  lidsconf - A - o /usr/lib - j READONLY
  ---------------------------------------------------------------------------

2. disposes the LIDS protection advancement

  a. cannot be killed advancement
  LIDS can protect the father advancement is init(pid=1) advancement, disposes inside /etc/lids/lids.cap according to the following order the performance:
  -29:CAP_INIT_KILL

  b. hideaway advancement
  These advancements do not look, orders with ps or also does not look inside /proc.
  ---------------------------------------------------------------------------
  Example:
  lidsconf - A - s /usr/sbin/httpd - o CAP_HIDDEN - j GRANT
  ---------------------------------------------------------------------------

3. protects through the establishment jurisdiction

  Here jurisdiction is you give an advancement the jurisdiction. A root advancement has all performance, but also has binding the jurisdiction question. In general essence, when removes one jurisdiction from the binding centralism, only if restarts anybody not to be able to begin using this jurisdiction. The LIDS revision jurisdiction enables the user to be possible to cut willfully among these jurisdictions. Is captured visit to /proc/sys/kernel/cap_bset, initiation safe warning.
  System's jurisdiction value saves in /etc/lids/lids.cap. Edits it to be possible to meet your need.
  For example:
  If the CAP_SYS_RAWIO item opens, we may allow to visit /dev/port,/dev/mem,/dev/kmem, as well as to primitive block equipment (/dev/[sh]d?? ) visit.
  When we cancel this jurisdiction, may enable the movement to visit the primitive block equipment on system's all advancements, for instance moves lilo. But, some advancement's movement needs these jurisdictions, for instance XF86_SVGA.
  For instance, CAP_NET_ADMIN, this jurisdiction may obtain the following ability again: The connection disposition, the IP firewall, camouflage and the cost management, establishes the sockets debugging option, the revision routing list, the establishment random advancement or the advancement group to the sockets property rights, ties up the address for the transparent proxy proxy, the establishment service type, the establishment mix pattern, broadcasts, assigns the register to the equipment to carry on the read-write and so on. Stemming from the security concern, we must cancel this jurisdiction, permissible variation network settings, also has forbidden the firewall rule change.

 
Other pages: : <<Prev * 1 * 2 * 3 * 4 * 5 * 6 * 7 * 8 * 9 * 10 * 11 * 12 * 13 * 14 * Next>>
Prev:How to examine the VMware system Next:IDS invasion examination (figure)

Comment:

Category: Home > invades the examination
Home