Dark Matter

The Linux Intrusion Detection System (LIDS) is a kernel patch and admin tools which enhances the kernel's security by implementing Mandatory Access Control (MAC).

When it is in effect, chosen file access, all system network administration operations, any capability use, raw device, memory, and I/O access can be made impossible even for root.
You can define which programs can access specific files. It uses and extends the system capabilities bounding set to control the whole system and adds some network and filesystem security features to the kernel to enhance the security. You can finely tune the security protections online, hide sensitive processes, receive security alerts through the network, and more. LIDS currently support kernel 2.6, 2.4. LIDS is released under GPL.

Visit LIDS
http://www.lids.org/

You may be wondering why anyone would choose LIDS over its more popular counterpart, SELinux. Both have their advantages. Both add MAC and the ability to limit the damage that can be done by the root account. There are two reasons why you may want to consider LIDS instead of SELinux.

First, LIDS is easier to implement on a wide range of Linux distributions. This is because LIDS ACLs are easier to configure than SELinux policies. SELinux policies are notoriously hard to implement correctly. For many distributions, using SELinux will not be a realistic choice unless they ship with pre-defined SELinux policies.

Second, LIDS does not contain any patented technologies. SELinux makes use of a technology known as Type Enforcement(TE). TE is patented by Secure Computing Corporation(SCC). Although SCC has pledged not enforce its patent against users of SELinux, it refuses to make this a condition for sale of the patent. In other words, if SCC sells the patent, the new owner could sue anyone using SELinux for patent infringement. That is just the most alarming clause. View their "statement of assurance" and decide for yourself.

http://www.securecomputing.com/pdf/S..._Assurance.pdf