headers
Steve Poirier | 1 Dec 2004 15:43
Picon

RE: lids in awesome

Who's the incompetent admin who didn't setup his lilo/grub to boot to the
old kernel in case he wasn't competent enough to configure lids which
require a minimum of competence ?

Man lids is a no brainer. Go back to windows, point, click and shutup ;p

_____________________________
Steve

> -----Original Message-----
> From: lids-user-admin <at> lists.sourceforge.net 
> [mailto:lids-user-admin <at> lists.sourceforge.net] On Behalf Of Ping Wing
> Sent: November 27, 2004 9:59 PM
> To: lids-user <at> lists.sourceforge.net
> Subject: [lids-user] lids in awesome
> 
> I have 2.4.18 kernel + stable lids.
> 
> thats what happende tonight.
> 
> root <at> server:~# lidsconf  -A -s 
> /virtual/userbox//usr/sbin/inetd  -j GRANT -o CAP_NET_BIND_SERVICE
> 69
> ADD
> root <at> server:~# lidsadm  -S -- +RELOAD_CONF SWITCH enter password: 
> 
> Message from syslogd <at> server at Sun Nov 28 03:21:31 2004 ...
> server kernel: Kernel panic: LIDS: Cannot initialize the lids 
> system, return code -5
>
(Continue reading)

Permalink | Reply | 4 comments |
headers
Yusuf Wilajati Purna | 3 Dec 2004 16:02
Picon

Re: problems patching

Hi,

Maybe it is due to the compiler version.
At least, it should be compiled properly with
the following version:

[purna <at> little lids-development]$ gcc -v
Reading specs from /usr/lib/gcc-lib/i386-redhat-linux/3.3.2/specs
Configured with: ../configure --prefix=/usr --mandir=/usr/share/man 
--infodir=/usr/share/info --enable-shared --enable-threads=posix 
--disable-checking --with-system-zlib --enable-__cxa_atexit 
--host=i386-redhat-linux
Thread model: posix
gcc version 3.3.2 20031022 (Red Hat Linux 3.3.2-1)

Regards,
purna

campbellm <at> cia.com.au wrote:
> Hi,
> 
> I am trying to compile a 2.4.27 or 2.4.28 kernel with a LIDS 1.2.x
> release, but I am having a few problems. With 2.4.28, the compiles fail
> with:
> 
> lids.c:2288: macro `lids_read_dev_tty' used without args
> lids.c:2737: macro `lids_set_locks_passwd' used without args
> lids.c:2739: macro `lids_allow_switch' used without args
> lids.c:2763: macro `lids_not_allow_switch' used without args
> make[2]: *** [lids.o] Error 1
(Continue reading)

Permalink | Reply | 4 comments |
headers
Yusuf Wilajati Purna | 4 Dec 2004 19:54
Picon

LIDS 1.2.2 for kernel 2.4.28 released

Hi,

LIDS 1.2.2 for kernel 2.4.28 has been released.

LIDS 1.2.2 includes the LIDS TDE application sandboxing
feature. The LIDS TDE paper explains the feature in more
details and includes sample configurations for sandboxing
"Apache" and "Samba". You need to use lidstool 0.5.6 for
this version.

This stable version fixed a possible kernel panic when
CONFIG_LIDS_PORT_SCAN_DETECTOR is on as reported by
Section One. Any LIDS user for kernel 2.4.X is advised
to update to this stable version.

Thanks to Section One for reporting the bug.

Please enjoy.

Regards,
purna

--

-- 
Yusuf Wilajati Purna <ywpurna <at> users.sourceforge.net>
1024D/7354A078
Key fingerprint = 7F4F 8433 C65F 3502 BC93  F529 BFDE F939 7354 A078

-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
(Continue reading)

Permalink | Reply | 0 comments |
headers
Ping Wing | 4 Dec 2004 22:14
Picon
Favicon

RE: lids in awesome


--- Steve Poirier <steve <at> cdtinc.ca> wrote:

> Who's the incompetent admin who didn't setup his lilo/grub to boot to the
> old kernel in case he wasn't competent enough to configure lids which
> require a minimum of competence ?
> 
> Man lids is a no brainer. Go back to windows, point, click and shutup ;p

comeon. I added one rule and kernel crashed. I think lids developers are incompetent.

> 
> 
> 
> _____________________________
> Steve
> 
> > -----Original Message-----
> > From: lids-user-admin <at> lists.sourceforge.net 
> > [mailto:lids-user-admin <at> lists.sourceforge.net] On Behalf Of Ping Wing
> > Sent: November 27, 2004 9:59 PM
> > To: lids-user <at> lists.sourceforge.net
> > Subject: [lids-user] lids in awesome
> > 
> > I have 2.4.18 kernel + stable lids.
> > 
> > thats what happende tonight.
> > 
> > root <at> server:~# lidsconf  -A -s 
> > /virtual/userbox//usr/sbin/inetd  -j GRANT -o CAP_NET_BIND_SERVICE
(Continue reading)

Permalink | Reply | 3 comments |
headers
Omo Kazuki | 5 Dec 2004 01:56
Favicon

Re: work LIDS on FedoraCor3

Dear, all,

I still can't understand why, but I could work LIDS on FC3.
I've changed 1 line in /usr/src/linux/security/lids/lids_lsm.c
to ".sb_post_remount = lids_post_mountroot,";

[root <at> 0-c-29-ba-fc-c9 /]# diff
/usr/src/linux-2.6.8.1/security/lids/lids_lsm.c /
usr/src/linux-2.6.8.1/security/lids/lids_lsm.c.org
847c847
<       .sb_post_remount = lids_post_mountroot,
---
>       .sb_post_mountroot = lids_post_mountroot,

Then LIDS worked fine on FC3. I guess there's some change on FC3, but 
I still can't determine.

Regards,

> Hi, Xie,
> 
> I've attached tar.gz file which include .config file and /etc/lids
> directory.
> 
> I've tried it several time, but I still can't make LIDS work on FC3.
> On FC2, or Debian(sarge), I have no problem.
> 
> Regards,
> 
> > It is weird. The system only print one line of the LIDS releated message.
(Continue reading)

Permalink | Reply | 3 comments |
headers
marius popa | 6 Dec 2004 09:17

Re: lids in awesome

Ping Wing wrote:
> --- Steve Poirier <steve <at> cdtinc.ca> wrote:
> 
> 
>>Who's the incompetent admin who didn't setup his lilo/grub to boot to the
>>old kernel in case he wasn't competent enough to configure lids which
>>require a minimum of competence ?
>>
>>Man lids is a no brainer. Go back to windows, point, click and shutup ;p
> 
> 
> comeon. I added one rule and kernel crashed. I think lids developers are incompetent.
> 
How can the bug can be tested (on another machine)?

The message "Kernel Panic - lids crashed" doesn't tell us anything ,We 
need more details

related to submitting bugs
http://www.grassouille.org/blogmax/041009.html

--

-- 
Regards,

Mariuz - developer www.flamerobin.org

-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
(Continue reading)

Permalink | Reply | 2 comments |
headers
Ping Wing | 7 Dec 2004 15:05
Picon
Favicon

Re: lids in awesome

> How can the bug can be tested (on another machine)?
> 
> The message "Kernel Panic - lids crashed" doesn't tell us anything ,We 
> need more details

in the first message of this thread I quite wrote everything. - what appeared on screen and
kernel+lids version.
But my point is rather that lids should be military-grade product that can be used on
mission-critical production servers (well not much people use lids on their home computer ok).
Becasuse you see, I have had similar bad experiences with lids before and therefore I have more
than enough reason to be pissed off.

Btw I havent check'd is but maybe my crash was caused becausse command was smthn like 'lidsconf -A
-s /dir//file' .

Maybe lids read 3 files outof /dir//file and "middle one" (which is NULL) causes crash ?

> 
> related to submitting bugs
> http://www.grassouille.org/blogmax/041009.html
> -- 
> Regards,
> 
> Mariuz - developer www.flamerobin.org

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com
(Continue reading)

Permalink | Reply | 1 comment |
headers
Syed Ahemed | 7 Dec 2004 17:01
Picon

Patch command for LIDS hangs forever

Hello All
I am trying to patch  lids-1.2.2-2.4.28.patch in the  Linux kernel
directory   linux-2.4.28 .

But the patch command ( patch -p1 /home/lids-1.2.2-2.4.28.patch) hangs forever .

The strace to the patch command stops the read call as shown below.

fstat64(0, {st_mode=S_IFCHR|0620, st_rdev=makedev(136, 0), ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1,
0) = 0x40018000
read(0, 

I am not too sure  if this information is sufficient .
Please let me know if am missing an idea or two.

Thanks
Syed Khan

-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now. 
http://productguide.itmanagersjournal.com/
Permalink | Reply | 1 comment |
headers
Vlado Blaskov | 8 Dec 2004 00:17
Picon

Re: Patch command for LIDS hangs forever

On Tue, 7 Dec 2004 21:31:42 +0530, Syed Ahemed <kingkhan <at> gmail.com> wrote:
> Hello All
> I am trying to patch  lids-1.2.2-2.4.28.patch in the  Linux kernel
> directory   linux-2.4.28 .
> 
> But the patch command ( patch -p1 /home/lids-1.2.2-2.4.28.patch) hangs forever .
> 

Try with 'patch -p1 < /home/lids-1.2.2-2.4.28.patch' ;)

> The strace to the patch command stops the read call as shown below.
> 
> fstat64(0, {st_mode=S_IFCHR|0620, st_rdev=makedev(136, 0), ...}) = 0
> mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1,
> 0) = 0x40018000
> read(0,
> 
> I am not too sure  if this information is sufficient .
> Please let me know if am missing an idea or two.
> 
> Thanks
> Syed Khan
> 
> -------------------------------------------------------
> SF email is sponsored by - The IT Product Guide
> Read honest & candid reviews on hundreds of IT Products from real users.
> Discover which products truly live up to the hype. Start reading now.
> http://productguide.itmanagersjournal.com/
> _______________________________________________
> lids-user mailing list
(Continue reading)

Permalink | Reply | 0 comments |
headers
Huagang Xie | 13 Dec 2004 09:31

Re: work LIDS on FedoraCor3

The problem is, FC3 used initrd, at the time when it mount root,
it is the root in initrd image, not the real filesystem. Since LIDS 
configuration directory "/etc/lids" is not in the initrd image, 
so it won't be able to start.

But the system will mount and remount the real filesystem again after
it pass to the init process. At this point, since you changed to
use remount to initialize the LIDS by calling do_lids_setup(), you
will get the system booted up. 

I changed some codes to make LIDS initialize as early as it find that
/etc/lids is accessable. It will make the system boot up cleanly 
whatever it uses initrd image or not. 

I have a working system with FC3 with LVM and initrd built up. After I 
do some more test, I will release the new version with the changes.

Thanks,
huagang

On Sun, Dec 05, 2004 at 09:56:43AM +0900, Omo Kazuki wrote:
> Dear, all,
> 
> I still can't understand why, but I could work LIDS on FC3.
> I've changed 1 line in /usr/src/linux/security/lids/lids_lsm.c
> to ".sb_post_remount = lids_post_mountroot,";
> 
> [root <at> 0-c-29-ba-fc-c9 /]# diff
> /usr/src/linux-2.6.8.1/security/lids/lids_lsm.c /
> usr/src/linux-2.6.8.1/security/lids/lids_lsm.c.org
(Continue reading)

Permalink | Reply | 1 comment |

Gmane