lidsadm は LIDS の管理ユーティリティで、これを使ってシステムの LIDS を管理します。これには、LIDS を有効/無効にしたり、カーネルを封印したり、LIDS の状況を見たりすることが含まれます。
lidsconf は LIDS のアクセス制御リスト (ACL) を設定するのに使います。また、LIDS のパスワードをセットするのにも使います。
注意:LIDS 1.1.0 より前のバージョンでは、現在 lidsconf が行っている仕事も全て lidsadm がこなします。
利用可能なオプションを一覧するには、こう入力してください −
# lidsadm -h
これによって、以下の出力が返ってきます −
lidsadm version 1.1.1pre2-2.4.16 for LIDS project Huagang Xie<xie@gnuchina.org> Philippe Biondi <pbi@cartel-info.fr> Usage: lidsadm -[S|I] -- [+|-][LIDS_FLAG] [...] lidsadm -V lidsadm -h Commands: -S To submit a password to switch some protections -I To switch some protections without submitting password (sealing time) -V To view current LIDS state (caps/flags) -v To show the version -h To list this help Available capabilities: CAP_CHOWN chown(2)/chgrp(2) CAP_DAC_OVERRIDE DAC access CAP_DAC_READ_SEARCH DAC read CAP_FOWNER owner ID not equal user ID CAP_FSETID effective user ID not equal owner ID CAP_KILL real/effective ID not equal process ID CAP_SETGID set*gid(2) CAP_SETUID set*uid(2) CAP_SETPCAP transfer capability CAP_LINUX_IMMUTABLE immutable and append file attributes CAP_NET_BIND_SERVICE binding to ports below 1024 CAP_NET_BROADCAST broadcasting/listening to multicast CAP_NET_ADMIN interface/firewall/routing changes CAP_NET_RAW raw sockets CAP_IPC_LOCK locking of shared memory segments CAP_IPC_OWNER IPC ownership checks CAP_SYS_MODULE insertion and removal of kernel modules CAP_SYS_RAWIO ioperm(2)/iopl(2) access CAP_SYS_CHROOT chroot(2) CAP_SYS_PTRACE ptrace(2) CAP_SYS_PACCT configuration of process accounting CAP_SYS_ADMIN tons of admin stuff CAP_SYS_BOOT reboot(2) CAP_SYS_NICE nice(2) CAP_SYS_RESOURCE setting resource limits CAP_SYS_TIME setting system time CAP_SYS_TTY_CONFIG tty configuration CAP_MKNOD mknod operation CAP_LEASE taking leases on files CAP_HIDDEN Hidden process CAP_INIT_KILL Kill init children Available flags: LIDS_GLOBAL de-/activate LIDS entirely RELOAD_CONF reload config. file and inode/dev of protected programs LIDS de-/activate LIDS locally (the shell & childs)
利用できるオプションを一覧するには、こう入力してください −
# lidsconf -hこれによって、以下の出力が返ってきます −
lidsconf version 1.1.1pre2-2.4.16 for the LIDS project Huagang Xie<xie@gnuchina.org> Philippe Biondi <philippe.biondi@webmotion.net> Usage: lidsconf -A [-s subject] -o object [-d] [-t from-to] [-i level] -j ACTION lidsconf -D [-s file] [-o file] lidsconf -Z lidsconf -U lidsconf -L [-e] lidsconf -P lidsconf -v lidsconf -h Commands: -A,--add To add an entry -D,--delete To delete an entry -Z,--zero To delete all entries -U,--update To update dev/inode numbers -L,--list To list all entries -P,--passwd To encrypt a password with RipeMD-160 -v,--version To show the version -h,--help To list this help subject: -s,--subject subj can be any program, must be a file object: -o,--object [obj] can be a file, directory or special device (e.g. MEM, HD, NET, IO, HIDDEN, KILL) ACTION: -j,--jump DENY deny access READONLY read only APPEND append only WRITE writable GRANT grant capability to subject IGNORE ignore any permissions set on this object OPTION: -d,--domain The object is an EXEC Domain -i,--inheritance Inheritance level -t,--time Time dependency -e,--extended Extended list Available capabilities: CAP_CHOWN chown(2)/chgrp(2) CAP_DAC_OVERRIDE DAC access CAP_DAC_READ_SEARCH DAC read CAP_FOWNER owner ID not equal user ID CAP_FSETID effective user ID not equal owner ID CAP_KILL real/effective ID not equal process ID CAP_SETGID set*gid(2) CAP_SETUID set*uid(2) CAP_SETPCAP transfer capability CAP_LINUX_IMMUTABLE immutable and append file attributes CAP_NET_BIND_SERVICE binding to ports below 1024 CAP_NET_BROADCAST broadcasting/listening to multicast CAP_NET_ADMIN interface/firewall/routing changes CAP_NET_RAW raw sockets CAP_IPC_LOCK locking of shared memory segments CAP_IPC_OWNER IPC ownership checks CAP_SYS_MODULE insertion and removal of kernel modules CAP_SYS_RAWIO ioperm(2)/iopl(2) access CAP_SYS_CHROOT chroot(2) CAP_SYS_PTRACE ptrace(2) CAP_SYS_PACCT configuration of process accounting CAP_SYS_ADMIN tons of admin stuff CAP_SYS_BOOT reboot(2) CAP_SYS_NICE nice(2) CAP_SYS_RESOURCE setting resource limits CAP_SYS_TIME setting system time CAP_SYS_TTY_CONFIG tty configuration CAP_MKNOD mknod operation CAP_LEASE taking leases on files CAP_HIDDEN Hidden process CAP_INIT_KILL Kill init children