Using LIDS

LIDS, be default, is always running on your EnGarde system. If you will be doing your administration via the GD WebTool you can skip this section, but it's suggested reading anyway.

Minimal maintenance is required to keep LIDS running. Management of LIDS on servers that are co-located with Guardian Digital is included with your support contract.

You may sometimes need to change the configuration or add new packages requiring you to disable LIDS. The GD WebTool will automatically enable and disable LIDS while you administer the system. For administration from a shell, a program called lidsadm is used to interface with LIDS.

First you have to disable LIDS. After logging in as root type:

/sbin/lidsadm -S - -LIDS 

This will prompt you for your password. After entering your password LIDS is disabled for the current session you are in. This method will still apply all the LIDS resource settings and rules to every other user on the system while you administer the system. Optionally, issuing:

/sbin/lidsadm -S - -LIDS_GLOBAL

will disable LIDS globally. While in this mode no LIDS rules will be applied to any user or resource. Use this with caution. Once you have LIDS turned off you may configure your capabilities, file permissions, resource permissions, etc. If you changed the LIDS configuration while LIDS was turned off you will need to reload the configuration file into LIDS. Before turning LIDS on enter this:

/sbin/lidsadm -S - +RELOAD_CONF

This will make sure you have the latest configuration loaded into LIDS. It is suggested you run this command every time you make a change to the LIDS configuration. To turn LIDS protection back on after administration simply issue:

/sbin/lidsadm -S - +LIDS

or to enable it globally:

/sbin/lidsadm -S - +LIDS_GLOBAL

Your system is now protected again by LIDS. When enabling, disabling and reloading the configuration information with lidsadm you will be prompted for a password every time. You will see the following message:

SWITCH 
 
WARNING: Only system administrators should enable/disable LIDS. Disabling LIDS can open your Lockbox to possible attacks. Make sure you read the LIDS section in your included manual before manually changing options in LIDS. Incorrect configurations can have drastic effects.  
 
enter password:

At this point you can enter in your password.