It looks like lids requires patches to the kernel. I can't find a package with lidsadm in Debian (nor anything with "lids" in its name), so I don't know if there's a Debian kernel with the hacks or if you'll need to roll your own. Both possibilities are covered by these articles.

I've patched the kernel source,compiled and installed it.

@decbin:

I've patched the kernel source,compiled and installed it.

Are you sure that you're running it? You selected pvgrub in the linode manager and confirmed that you're running your custom-compiled kernel? Merely installing the kernel is insufficient.

@Guspaz:

@decbin:

I've patched the kernel source,compiled and installed it.

Are you sure that you're running it? You selected pvgrub in the linode manager and confirmed that you're running your custom-compiled kernel? Merely installing the kernel is insufficient.

Yes,also used "uname -a" to confirm.

I like Debian,but it seems that LIDS don't,LOL.

zgrep -i lids /proc/config.gz

dmesg | grep -i lids

You sure you have compiled it statically and not as a module (or

have it specified in /etc/modules)?

@rsk:

zgrep -i lids /proc/config.gz

dmesg | grep -i lids

You sure you have compiled it statically and not as a module (or

have it specified in /etc/modules)?

zgrep -i lids /proc/config.gz

CONFIG_LIDS=y

CONFIGLIDSNOFLOODLOG=y

CONFIGLIDSALLOW_SWITCH=y

CONFIGLIDSALLOW_LFS=y

CONFIGLIDSRESTRICTMODESWITCH=y

CONFIGLIDSMODESWITCHCONSOLE=y

CONFIGLIDSMODESWITCHSERIAL=y

CONFIGLIDSMODESWITCHPTY=y

CONFIGLIDSNF_MARK=y

CONFIGLIDSTPE=y

CONFIGLIDSTDE=y

CONFIGCAPLIDSSANDBOXEFF_SET=y

CONFIGLIDSSHRINK_SIZE=y

CONFIGLIDSDEBUG=y

dmesg | grep -i lids

LIDS: Initializing…

Failure registering LIDS with the kernel

@decbin:

dmesg | grep -i lids

LIDS: Initializing…

Failure registering LIDS with the kernel
This sure sounds bad… you sure the patch is meant for thie kernel version, that you have all the prereqs if any (does LIDS depend on grsec? Sorry, I don't use any of these hardening stuffs…)…

Got the basic security framework and securityfs enabled? Do you have any install docs there, and did you read them? (can't find a thing on their website… >.<)

@rsk:

@decbin:

dmesg | grep -i lids

LIDS: Initializing…

Failure registering LIDS with the kernel
This sure sounds bad… you sure the patch is meant for thie kernel version, that you have all the prereqs if any (does LIDS depend on grsec? Sorry, I don't use any of these hardening stuffs…)…

Got the basic security framework and securityfs enabled? Do you have any install docs there, and did you read them? (can't find a thing on their website… >.<)

Yes.I googled but found no solution.

Okay, okay.

dmesg | grep -A15 'LIDS:.*Initializing'

There may be lines without LIDS prefix between the initialize and the failure message….

This is above my pay grade, but all of the Google hits I found were quite old, but they all specified the need to use a vanilla kernel, and that the lids patch wouldn't work if other hardening patches were installed.

Thanks to everyone who replys this topic.

:/usr/src/linux# dmesg | grep -A15 'LIDS:.*Initializing'

LIDS: Initializing…

Failure registering LIDS with the kernel

Mount-cache hash table entries: 512

CPU: L1 I cache: 32K, L1 D cache: 32K

CPU: L2 cache: 256K

CPU: L3 cache: 8192K

CPU: Unsupported number of siblings 16

Performance Events: unsupported p6 CPU model 26 no PMU driver, software events only.

Freeing SMP alternatives: 25k freed

cpu 0 spinlock event irq 1

installing Xen timer for CPU 1

cpu 1 spinlock event irq 7

Initializing CPU#1

CPU: L1 I cache: 32K, L1 D cache: 32K

CPU: L2 cache: 256K

CPU: L3 cache: 8192K

Yeah, well… no additional info between the two linds-related lines… Tried asking in LIDS-related mailing lists?

OK,let me try,thanks a lot.