LIDS
  Linux Intrusion Detection System http://www.lids.org/
  Poor choice of name for a very cool kernel patch.
  Manages capabilities selectively
  Ability to have system wide defaults
  Ability to add capabilities to specific programs
  Ability to take away capabilities from specific programs
  Operates based on inodes (internally), not file names
  Adds new capabilities as well
  Has new file ACLs also
  Read / Write / Append / Hidden

Copyright 2003, Bri Hatch of Onsight, Inc.

Presented at ISSA Puget Sound, 2003.

Presentation created using vim and MagicPoint.