Re: LIDS Information/Question
From: Cedric Blancher (blancher@cartel-info.fr)Date: 09/22/01
- Previous message: Justin Lundy: "Re: Cisco IDS and Events"
- In reply to: Garrett Ellis: "LIDS Information/Question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Subject: Re: LIDS Information/Question From: Cedric Blancher <blancher@cartel-info.fr> To: Garrett Ellis <garrett.ellis@analexphoenix.com> Date: 22 Sep 2001 13:53:36 +0200 Message-Id: <1001159620.526.1.camel@elendil>
On ven, 2001-09-21 at 02:35, Garrett Ellis wrote:
> Is anyone experienced with the L.I.D.S. system? I've just applied
> version 1.0.14 to kernel 2.4.9 and it seems to be alright. I've found
> one questionable "vulnerability" being that you can display "hidden"
> files with the shell's command completion. As well if you have the
> directory /etc/lids hidden (by default), and you type 'cd /etc/lids/..',
> your bash prompt will reflect that you are in the directory /etc/lids/..
> rather than /etc.
> So far that's all I've found but I'm playing with symlink tricks and
> other ideas to see if I can bypass it. If any of you feel like sharing
> your experiences with LIDS, please let me know. I'm evaluating this to
> be put into production on our machines here and would love to hear what
> anyone else thinks about it.
You really should contact LIDS mailing list, and authors if you can
bypass security features.
-- Cédric Blancher Consultant sécurité systèmes et réseaux Cartel Informatique - Groupe CGBI - http://www.cartel-info.fr/ Tél : 01 44 06 97 87 - Fax 01 44 06 97 99
- Previous message: Justin Lundy: "Re: Cisco IDS and Events"
- In reply to: Garrett Ellis: "LIDS Information/Question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
