General configuration options

VERBOSE=0-4:

give the verbosity of LIDS (this is not related to the security alerts).

0:

Absolutely quiet

1:

LIDS version and warnings only

2:

Verbose

3:

Debug

4:

Heavy debug

LOG_SWITCH=priority,mail,syslog,hang up :

Give the logging methods when a LIDS switch is switched

priority :

the logging priority from 0 (KERN_EMERG) to 7 (KERN_DEBUG), or -1 for no logs through syslog.

mail :

0 or 1, according to wether a mail must be sent by LIDS.

syslog :

0 or 1, according to wether a line must be sent to a remote syslog daemon.

hang up :

0 or 1, according to wether the terminal must be hung up.

There is the same syntax for LOG_CAP_VIOL, LOG_PERM_VIOL, LOG_SCAN

MAIL_RELAY=hex IP:port :

IP^10.1 of the machine that will be directly connected by LIDS for relaying its mails. Port is usually 25, but who knows...

MAIL_SOURCE=source machine :

Name of the source machine, used for the ehlo identification. Note that a bad name here could make the mail relay refuse your mails.

MAIL_FROM=sender address :

Sender address, which will also be in the ``from'' field.

MAIL_TO=recipient address :

Recipient address.

MAIL_SUBJECT=subject :

Subject of the mail.

REMOTE_SYSLOG=hex IP:port :

IP" HREF="footnode.html#fnm">^10.of the machine that will receive the UDP syslog packets. Port is usually 514, but who knows...

BOOT_TIME=perm,caps :

give the way LIDS will behave before sealing

perm :

0 or 1, according to wether permission checks will be performed only after sealing or also during the boot sequence.

caps :

0 or 1, according to wether capabilities checks will be performed only after sealing or also during the boot sequence.

FLOOD_PROTECTION=0|1 :

decide wether the same security alert can be raised a lot of times in a short amount of time.

ALLOW_SWITCH=0|1 :

decide wether LIDS stuffs can be switched.

REMOTE_SWITCH=0|1 :

if LIDS stuffs can be switched, decide wether remote users can do it.

RELOAD_CONF=0|1 :

decide wether the configuration file can be reloaded.

SCAN_DETECTOR=0|1 :

decide wether to activate the ports scan detector. This option must also be activated in the kernel compilation time options.

HIDE_KLIDS=0|1 :

In conjuntion with VERBOSE=0, can make LIDS be invisible.

NET_RETRIES=number :

number of retries after a failed connection.

NET_SLEEP=time :

number of seconds between two failed connections.

PASSWORD=password :

RipeMD-160 twice^10.1 encoded password.

LOGIN_RETRIES=number :

number of times a password can be submitted before disabling the switch for the FAIL_DELAY time.

FAIL_DELAY=time :

number of seconds to wait after too many fails to be able to switch again.

Some options need to have the necessary code compiled into the kernel. For example, you need to select the scan port detector option in the compilation options of the kernel before SCAN_DETECTOR=1 can work.