LIDS 1.2.2rc4 for kernel 2.4.28-rc3 released

Hi,

LIDS 1.2.2rc4 for kernel 2.4.28-rc3 has been released.

LIDS 1.2.2rc4 includes the LIDS TDE application sandboxing feature.
The LIDS TDE paper explains the feature in more details and includes
sample configurations for sandboxing "Apache" and "Samba". You need to
use lidstool 0.5.6 for this version.

This version fixed some bugs at lids_check_tty()
as spotted by Samuel Greenfeld and Marcin Pikulski and fixed some macros
introduced in LIDS 1.2.2rc3 as reported by Omo Kazuki. Furthermore,
more comments/explanations have been added to some LIDS functions
to increase code readability, clearity, and maintainability.

Thanks to Samuel Greenfeld, Marcin Pikulski, Omo Kazuki for reporting
the bugs.

--

-- 
Yusuf Wilajati Purna <ywpurna <at> users.sourceforge.net>
1024D/7354A078
Key fingerprint = 7F4F 8433 C65F 3502 BC93  F529 BFDE F939 7354 A078

-------------------------------------------------------
This SF.Net email is sponsored by: InterSystems CACHE
FREE OODBMS DOWNLOAD - A multidimensional database that combines
robust object and relational technologies, making it a perfect match
for Java, C++,COM, XML, ODBC and JDBC. www.intersystems.com/match8

Re: lids-user digest, Vol 1 #872 - 1 msg

> Send lids-user mailing list submissions to
> 	lids-user <at> lists.sourceforge.net
>
> To subscribe or unsubscribe via the World Wide Web, visit
> 	https://lists.sourceforge.net/lists/listinfo/lids-user
> or, via email, send a message with subject or body 'help' to
> 	lids-user-request <at> lists.sourceforge.net
>
> You can reach the person managing the list at
> 	lids-user-admin <at> lists.sourceforge.net
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of lids-user digest..."
>
>
> Today's Topics:
>
>    1. LIDS 1.2.2rc4 for kernel 2.4.28-rc3 released (Yusuf Wilajati Purna)
>
> --__--__--
>
> Message: 1
> Date: Wed, 17 Nov 2004 01:58:29 +0900
> From: Yusuf Wilajati Purna <ywpurna <at> users.sourceforge.net>
> Reply-To: ywpurna <at> users.sourceforge.net
> To: Lids-Mailinglist <lids-user <at> lists.sourceforge.net>,
>         lids-devel <at> lists.sourceforge.net
> Subject: [lids-user] LIDS 1.2.2rc4 for kernel 2.4.28-rc3 released
>

lids and kernel 2.6

Hy,
I tryed to use lids with kernel 2.6 compiled the lidstool and
the kernel. That works, but when I tryed to start lids,
it searched for a file calles lids.postboot.acl.

Can I get anywhere an example lids.postboot.acl ?
I asked google but there was only a japanese page.

Greetings 
Falk
--

-- 
  Falk Siemonsmeier              Phone +49 (0)7071-9457-459
  science + computing ag         FAX   +49 (0)7071-9457-511
  Hagellocher Weg 73-75
  D-72070 Tuebingen              Email: f.Siemonsmeier <at> science-computing.de
  http://www.science-computing.de/solutions/scsecure.html

-------------------------------------------------------
This SF.Net email is sponsored by: InterSystems CACHE
FREE OODBMS DOWNLOAD - A multidimensional database that combines
robust object and relational technologies, making it a perfect match
for Java, C++,COM, XML, ODBC and JDBC. www.intersystems.com/match8

Re: lids and kernel 2.6

 compile the ACLs

 # lidsconf -C 

will genreate the file.

huagang

On Fri, Nov 19, 2004 at 11:21:00AM +0100, Falk Siemonsmeier wrote:
> Hy,
> I tryed to use lids with kernel 2.6 compiled the lidstool and
> the kernel. That works, but when I tryed to start lids,
> it searched for a file calles lids.postboot.acl.
> 
> Can I get anywhere an example lids.postboot.acl ?
> I asked google but there was only a japanese page.
> 
> Greetings 
> Falk
> -- 
>   Falk Siemonsmeier              Phone +49 (0)7071-9457-459
>   science + computing ag         FAX   +49 (0)7071-9457-511
>   Hagellocher Weg 73-75
>   D-72070 Tuebingen              Email: f.Siemonsmeier <at> science-computing.de
>   http://www.science-computing.de/solutions/scsecure.html
> 
> 
> -------------------------------------------------------
> This SF.Net email is sponsored by: InterSystems CACHE
> FREE OODBMS DOWNLOAD - A multidimensional database that combines

LIDS on Nikkei-BP book(Japanese)

Hi, all,

Nikkei-BP released "Linux Secure Server" Mook, and it 
include "explanation of LIDS 2.2.0"(I've wroted it).

It is covering how to install LIDS, how to make ACL, 
what is "Stateful ACL", ACL_DISCOVERY, etc.

You can see the picture on
http://itpro.nikkeibp.co.jp/linux/extra/mook/mook10/index.shtml

(Sorry, it is Japanese, but you can see "LIDS" word on Picture.)

Regards,
--

-- 
Omo Kazuki <omok <at> honto.info>
LIDS Japanese document: 
http://www.honto.info/LIDS/index.html

-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now. 
http://productguide.itmanagersjournal.com/

Re: lids and kernel 2.6

* Huagang Xie <xie <at> www.lids.org> [041120 09:50]:
>  compile the ACLs
> 
>  # lidsconf -C 
> 
> will genreate the file.

ok thanks that was the Problem.
Maybee you or anybody else can help me by an other Problem
with lids. 
I have one rule 
 -A POSTBOOT -o /var/log                            -j APPEND
 and an rule that allows /sbin/init to write to /var/log/wtmp
 -A POSTBOOT -s /sbin/init -o /var/log -j WRITE

but on the boot I always get 
LIDS: init (dev 98:0 inode 1312105) pid 1 ppid 0 uid/gid (0/0) on (NULL tty) : attempt to open wtmp for writin
LIDS_ACL_DISCOVERY:[state 2]1312105:102760448:init:7:0:48:1048579:wtmp:0-0

what have I done wrong?

-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now. 
http://productguide.itmanagersjournal.com/

Re: lids and kernel 2.6

sometime, giving "init" the privilege is not a good idea..:).

Try to find out which program being called by "init" to write the wtmp? sometimes, it is a script which the
kernel do not correctly record the script name instead of "init". 

I will work on this to find out what really happen and give you an explanation.

Thanks,
Huagang

On Mon, Nov 22, 2004 at 09:27:15AM +0100, Falk Siemonsmeier wrote:
> * Huagang Xie <xie <at> www.lids.org> [041120 09:50]:
> >  compile the ACLs
> > 
> >  # lidsconf -C 
> > 
> > will genreate the file.
> 
> ok thanks that was the Problem.
> Maybee you or anybody else can help me by an other Problem
> with lids. 
> I have one rule 
>  -A POSTBOOT -o /var/log                            -j APPEND
>  and an rule that allows /sbin/init to write to /var/log/wtmp
>  -A POSTBOOT -s /sbin/init -o /var/log -j WRITE
> 
> but on the boot I always get 
> LIDS: init (dev 98:0 inode 1312105) pid 1 ppid 0 uid/gid (0/0) on (NULL tty) : attempt to open wtmp for writin
> LIDS_ACL_DISCOVERY:[state 2]1312105:102760448:init:7:0:48:1048579:wtmp:0-0
> 

Re: LIDS on Nikkei-BP book(Japanese)

Hello Omo,

Thanks for your excellent work on the Book. It is really great
to hear that!

Thanks,
Huagang

On Mon, Nov 22, 2004 at 01:46:46PM +0900, Omo Kazuki wrote:
> Hi, all,
> 
> Nikkei-BP released "Linux Secure Server" Mook, and it 
> include "explanation of LIDS 2.2.0"(I've wroted it).
> 
> It is covering how to install LIDS, how to make ACL, 
> what is "Stateful ACL", ACL_DISCOVERY, etc.
> 
> You can see the picture on
> http://itpro.nikkeibp.co.jp/linux/extra/mook/mook10/index.shtml
> 
> (Sorry, it is Japanese, but you can see "LIDS" word on Picture.)
> 
> Regards,
> -- 
> Omo Kazuki <omok <at> honto.info>
> LIDS Japanese document: 
> http://www.honto.info/LIDS/index.html
> 
> 
> 

RE: LIDS ACLs- Ambiguity

Re: lids and kernel 2.6

using following rules may help,

 # lidsconf -A POSTBOOT -s /bin/login -o /var/log/wtmp -j WRITE

using "/bin/login" instead of "/bin/init"

huagang

On Mon, Nov 22, 2004 at 09:27:15AM +0100, Falk Siemonsmeier wrote:
> * Huagang Xie <xie <at> www.lids.org> [041120 09:50]:
> >  compile the ACLs
> > 
> >  # lidsconf -C 
> > 
> > will genreate the file.
> 
> ok thanks that was the Problem.
> Maybee you or anybody else can help me by an other Problem
> with lids. 
> I have one rule 
>  -A POSTBOOT -o /var/log                            -j APPEND
>  and an rule that allows /sbin/init to write to /var/log/wtmp
>  -A POSTBOOT -s /sbin/init -o /var/log -j WRITE
> 
> but on the boot I always get 
> LIDS: init (dev 98:0 inode 1312105) pid 1 ppid 0 uid/gid (0/0) on (NULL tty) : attempt to open wtmp for writin
> LIDS_ACL_DISCOVERY:[state 2]1312105:102760448:init:7:0:48:1048579:wtmp:0-0
> 
> what have I done wrong?
> 
> 
> 
> -------------------------------------------------------
> SF email is sponsored by - The IT Product Guide
> Read honest & candid reviews on hundreds of IT Products from real users.
> Discover which products truly live up to the hype. Start reading now. 
> http://productguide.itmanagersjournal.com/
> _______________________________________________
> lids-user mailing list
> lids-user <at> lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/lids-user