Next: Permissions and capabilities
Up: The configuration file
Previous: The configuration file
  Contents
General configuration options
- VERBOSE=0-4:
- give the verbosity of LIDS (this is not
related to the security alerts).
- 0:
- Absolutely quiet
- 1:
- LIDS version and warnings only
- 2:
- Verbose
- 3:
- Debug
- 4:
- Heavy debug
- LOG_SWITCH=priority,mail,syslog,hang up :
- Give the logging methods when a LIDS
switch is switched
- priority :
- the logging priority from 0 (KERN_EMERG) to 7 (KERN_DEBUG), or -1 for no logs
through syslog.
- mail :
- 0 or 1, according to wether a mail
must be sent by LIDS.
- syslog :
- 0 or 1, according to wether a line
must be sent to a remote syslog daemon.
- hang up :
- 0 or 1, according to wether the
terminal must be hung up.
There is the same syntax for LOG_CAP_VIOL, LOG_PERM_VIOL, LOG_SCAN
- MAIL_RELAY=hex IP:port :
- IP10.1 of the machine that will be directly
connected by LIDS for relaying its mails. Port is usually 25, but who
knows...
- MAIL_SOURCE=source machine :
- Name of the source
machine, used for the ehlo identification. Note that a bad name
here could make the mail relay refuse your mails.
- MAIL_FROM=sender address :
- Sender address, which
will also be in the ``from'' field.
- MAIL_TO=recipient address :
- Recipient address.
- MAIL_SUBJECT=subject :
- Subject of the mail.
- REMOTE_SYSLOG=hex IP:port :
- IP"
HREF="footnode.html#fnm">10.of the machine that will receive the
UDP syslog packets. Port is usually 514, but who knows...
- BOOT_TIME=perm,caps :
- give the way LIDS will behave before sealing
- perm :
- 0 or 1, according to wether permission
checks will be performed only after sealing or also during the boot
sequence.
- caps :
- 0 or 1, according to wether
capabilities checks will be performed only after sealing or also
during the boot sequence.
- FLOOD_PROTECTION=0|1 :
- decide wether the same security
alert can be raised a lot of times in a short amount of time.
- ALLOW_SWITCH=0|1 :
- decide wether LIDS stuffs can be
switched.
- REMOTE_SWITCH=0|1 :
- if LIDS stuffs can be switched,
decide wether remote users can do it.
- RELOAD_CONF=0|1 :
- decide wether the configuration file
can be reloaded.
- SCAN_DETECTOR=0|1 :
- decide wether to activate the ports
scan detector. This option must also be activated in the kernel
compilation time options.
- HIDE_KLIDS=0|1 :
- In conjuntion with VERBOSE=0, can
make LIDS be invisible.
- NET_RETRIES=number :
- number of retries after a
failed connection.
- NET_SLEEP=time :
- number of seconds between two
failed connections.
- PASSWORD=password :
- RipeMD-160 twice10.1 encoded password.
- LOGIN_RETRIES=number :
- number of times a password
can be submitted before disabling the switch for the FAIL_DELAY
time.
- FAIL_DELAY=time :
- number of seconds to wait after
too many fails to be able to switch again.
Some options need to have the necessary code compiled into the kernel.
For example, you need to select the scan port detector option in the
compilation options of the kernel before SCAN_DETECTOR=1 can work.
Next: Permissions and capabilities
Up: The configuration file
Previous: The configuration file
  Contents
Biondi Philippe
2000-12-15