lidsconf.sh
===========

This is a shell script developed for make lids.conf using a simple
rules file.
Only work for lids-0.10.x (kernel 2.2.x) that not using new features
(ACL's by time range, ports in CAP_NET_BIND_SERVICE, etc).
Next version include suport for lids-1.1.x (kernel 2.4.x).
This is a TODO.

WARNING: lidsconf.sh run 'lidsadm -Z' before include any rule !!!

Example:
-------------------------------------------------------------------
common: 
# lidsadm -A -o /etc -j READ

using lidsconf.sh:
# echo "OBJ:/etc:0:READ" > /etc/lids/lids.objs
# /path/of/script/lidsconf.sh

NOTE: /etc/lids/lids.objs is a default configuration file.
--------------------------------------------------------------------

OBJ -> instruct lidsconf.sh to use object
/etc -> object
0 -> inheritance level
READ -> target

For subjects:
SUB:/sbin/init:-1:WRITE:/var/log  (only example, off corse :)

SUB -> instruct lidsconf.sh to use subject
/sbin/init -> subject 
-1 -> inheritance level
WRITE -> target
/var/log -> object (previous declared -> OBJ:/var/log:0:APPEND)

If you need "-d" (domain) option use this:
SUB:/myscript:-1:WRITE:/var/log:WD

WD -> with domain option
	
NOTE: Objects (OBJ) need declared before subjects (SUB), off corse :-)

This form, you need only write this simple rules in configuration file and
run lidsconf.sh.
If you put conf file in another path, make it invisible:
OBJ:/path/of/file/conf:0:DENY

Features
========

- You can use '#' coments and blank lines in configuration file
- Log number of objects included successfull in lids.conf and errors, if exists
- Log all error messages and the number of a line that contains errors (this is
	a powerfull feature to find syntaxe errors :)
- Check if objects/subjects exists, if not, log a error
- Check syntaxe of capabilities/target, if incorrect, log a error
- Check if inheritance level is valid (0,1 or -1), if not, log a error

Requires
========

- bash 2
- sh-utils

Rodrigo P. Telles <rodrigo@telles.org>
http://www.dicaslinux.com.br
http://webtools.linuxsecurity.com.br
http://qmail.linuxsecurity.com.br
