LIDS is a kernel patch. Its aim is to be sure that when you log into you
box, you have the same kernel you have put the day before.
The philosophy is than when an intruder get a root shell, the machine is
functionnal, and so do the LIDS. WHen LIDS is functionnal, root can't
reach anything in kernel space. Thus, when LIDS is on, LIDS is on. And
when LIDS is on, it can protect anything related to boot up sequence (from
lilo and MBR to scripts in /etc/init.d. So you can't change the kernel
just by making a new binary an rebooting.
Ok, you can't verify that it is your kernel, but you already know the
answer (me ? optimistic ?)
In fact, I think the output of /proc/ksym can be a good fingerprint.
P-S: other mirrors (to be equitable :)
http://lids.webmotion.net,
http://www.lids.webmotion.net
ftp://ftp.lonyay.edu.hu/pub/mirrors/lids/
http://jane.swt.nu/lids/
http://homer.wnet.it/lids/
http://www.chorche.cz/mirrors/lids/
http://www.chorche.cz/linux/ids.html
http://www.soaring-bird.com.cn/oss_porj/lids/
http://gem.ncic.ac.cn/~xhg/lids/
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/