[plug] LIDS - Linux Intrusion Detection System: thoughts?

[Denis Brown]

Dear Plug list members,

While looking for kernel security updates I stumbled across LIDS.   The 
overview seems to be hardening a la Bastille (making certain files / 
directories read-only, restricting write privs, etc) plus some 
network-specific features preventing processes from working with sockets 
(perhaps along netfiltering lines.)   The aim being to prevent worms from 
invading the kernel space.   It is early days of glancing at the doco so 
forgive the brief summary.   There is obviously a fairly steep learning 
curve to prevent it from eating the system unexpectedly with mis-configured 
options.

Questions:  Is anybody here using it?   If so, how many penguins does it 
rate: is it a Worth While Thing (tm) - five penguins - or a Stay Away At 
All Costs (tm) - zero penguins?

My interest in it concerns a server that I want to harden as much as 
humanly possible short of powering it off, detaching all its cables and 
burying it in much concrete.

Thoughts appreciated,
Denis