Hello,
I have a question for the list. Is there a general concensus on whether to deploy LIDS or not (http://www.lids.org) ? I am asking as I see plenty of recommendations for other security patches (such as OpenWall for the kernel) but I don't see LIDS mentioned much.
From reading about LIDS capabilities I am supprised to see it abscent in recommendations (although I haven't as yet tried to deploy it, just read about it's features).
LIDS and Openwall do _completely_ different things. It's like saying "which is a better, a firewall, or an anti-virus scanner?". I'd say openwall is pretty much mandatory for any server, it stops a lot of attacks, LIDS is higher level, requires a lot of configuration/management, but if you want to completely lock the system down and not have it change (sort of like BSD securelevel's) then it's a great tool.
Does anyone have any experience in applying and using LIDs on a SuSE 6.4/7.0 system ? Any comments on this would be appreciated.
Be careful to allow access to change LIDS settings from something other then the console if it is a remote machine =) (glad I tested it, finding out the hard way would have sucked).
Thank you for your time.
Stephen Thompson
Kurt Seifried - seifried@securityportal.com SecurityPortal, your focal point for security on the net http://www.securityportal.com/