LIDS Information/Question
From: Garrett Ellis (garrett.ellis@analexphoenix.com)Date: 09/21/01
- Previous message: Korkmaz, Murat: "SNORT, WIN2000 and Syslog"
- Next in thread: Cedric Blancher: "Re: LIDS Information/Question"
- Reply: Cedric Blancher: "Re: LIDS Information/Question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Message-ID: <3BAA8B57.D0F7039A@analexphoenix.com> Date: Thu, 20 Sep 2001 17:35:35 -0700 From: Garrett Ellis <garrett.ellis@analexphoenix.com> To: Focus IDS <focus-ids@securityfocus.com> Subject: LIDS Information/Question
Is anyone experienced with the L.I.D.S. system? I've just applied
version 1.0.14 to kernel 2.4.9 and it seems to be alright. I've found
one questionable "vulnerability" being that you can display "hidden"
files with the shell's command completion. As well if you have the
directory /etc/lids hidden (by default), and you type 'cd /etc/lids/..',
your bash prompt will reflect that you are in the directory /etc/lids/..
rather than /etc.
So far that's all I've found but I'm playing with symlink tricks and
other ideas to see if I can bypass it. If any of you feel like sharing
your experiences with LIDS, please let me know. I'm evaluating this to
be put into production on our machines here and would love to hear what
anyone else thinks about it.
Thanks,
Garrett Ellis
- Previous message: Korkmaz, Murat: "SNORT, WIN2000 and Syslog"
- Next in thread: Cedric Blancher: "Re: LIDS Information/Question"
- Reply: Cedric Blancher: "Re: LIDS Information/Question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
