Projects / Linux Intrusion Detection System

Linux Intrusion Detection System

The Linux Intrusion Detection System (LIDS) is a patch which enhances the kernel's security by implementing a reference monitor and Mandatory Access Control (MAC). When it is in effect, chosen file access, all system/network administration operations, any capability use, raw device, memory, and I/O access can be made impossible even for root. You can define which programs can access specific files. It uses and extends the system capabilities bounding set to control the whole system and adds some network and filesystem security features to the kernel to enhance the security. You can finely tune the security protections online, hide sensitive processes, receive security alerts through the network, and more.


Recent releases

  •  13 Dec 2007 19:25

    Release Notes: Upgraded to Linux 2.6.21. Minor capability syntax changes.

    •  21 Jun 2005 21:18

      Release Notes: This version fixed a security bug when checking the "LD_" exploit , enhanced lids hooks to support capability-enable applications, and enhanced the Kconfig to make LIDS visible when other modules are marked as modules.

      •  28 Mar 2005 11:51

        Release Notes: This version added support for the x86_64 platform, was enhanced to prevent /etc/lids/ from being read by normal users, and fixed a filp_open bug. Major cleanups were made with regard to spelling and formatting.

        •  09 Mar 2005 11:36

          Release Notes: This release updates the Kconfig to make the LIDS kernel options configuration easier, and is upgraded to use kernel 2.6.11.

          •  16 Dec 2004 22:44

            Release Notes: This version fixed a bug that prevented it from working with Fedora Core 3 by enhancing the the boot loading hooks. It also fixed a minor compiling warning in lids_sysctl.c and a segment fault error in lidstools.

            Recent comments

            06 Apr 2005 09:16 jsuthan

            love it..
            This is a great tools to protect linux system. Basic setup and don't have to recompile other program to work.. just nice. I looking forward for sandbox feature from kernel 2.4 to 2.6. which is missing.

            Also like to see one technique in future, process isolation via old chroot method .. using init like process to be isolated into an enviroment. Acting more like virtual host.

            09 Jul 2000 13:46 andreassteinmetz

            important bug fix for lids-0.9.7
            There is a problem with the admin tool (lidsadm-0.9.7) included in the lids-0.9.7 package which does effectively deny switching off lids locally and reloading of the lids configuration. As I can't reach the author right now I posted a fix to the lids mailing list. Details and the fix can be found at:

            22 Oct 1999 06:47 valerio

            LIDS - Linux Intrusion Detection System
            Even if this is a very early version of this software, i find it quite intriguing. This will make software like Tripwire or Fcheck obsolete, or at least redundant. I can't think of a better way of protecting files than doing it at kernel level ( media are better i guess :). Protect your binaries. Protect your kernel file. Protect your lilo.conf. Now you got a secure system, and all that's left to hope is that your system was not trojanized BEFORE applying the patch :)
            I look forward for the next releases of this patch. Good work guy.


            Project Spotlight


            A Fluent OpenStack client API for Java.


            Project Spotlight

            TurnKey TWiki Appliance

            A TWiki appliance that is easy to use and lightweight.