# 
#	Kconfig for LIDS
#

menu "LIDS support"
	depends on EXPERIMENTAL && SYSCTL && SECURITY && SECURITY_SECLVL!=y && SECURITY_ROOTPLUG!=y && SECURITY_SELINUX!=y &&  SECURITY_CAPABILITIES!=y

config LIDS
	tristate "Linux Intrusion Detection System support (EXPERIMENTAL)"
	help
	  LIDS - Linux Intrusion Detection System can let you protect
	  your linux kernel.

	  In order to use LIDS, you need to download the lidstools first
	  from http://www.lids.org/

	  Please read help provided with each option carefully. At the end
	  of each option we indicate what answer will increase security.
	  Be aware that security always has side effects, and some
	  programs could break.

	  If you have any questions about LIDS, mail to the authors :
	                   Huagang Xie ( xie@www.lids.org)
	                   Philippe.biondi (philippe.biondi@webmotion.net)

	  or visit lids home ,
	                http://www.lids.org/
	  
	  And you can get help from the LIDS Mailing list at
		http://www.lids.org/maillist.html

	  If your want to make LIDS as module, say "M" here , or if you
	  want to build it into the kernel, say "Y" here. otherwise,
	  say "N".

comment "LIDS Options"
	depends on LIDS

config LIDS_NO_FLOOD_LOG
	bool "Attempt not to flood logs"
	depends on LIDS
	default y
	help
	  If you say Yes here, LIDS will try not to flood logs with the
	  same message repeated a lot of times.

	  Saying yes will increase security.

config  LIDS_ALLOW_SWITCH
	bool "Allow switching the LFS and States"
	depends on LIDS && PROC_FS && CRYPTO_SHA256
	default y
	help
	  If you say Yes here, you will enable the switch the LIDS between states
	  Note: You must set a password with 'lidsadm -P'

config LIDS_ALLOW_LFS
	bool "Allow switch the Linux Free Session"
	depends on LIDS_ALLOW_SWITCH
	default y
	help
	 If you say Yes here, you will enable the possibility to switch LIDS on and off.  

	 You can turn LIDS off only on current console by 
		lidsadm -S -- -LIDS 
	 or globally off by 
		lidsadm -S -- -LIDS_GLOBAL 
	 by enable this option.  
	 
   	 Saying no increases security.

config LIDS_RESTRICT_MODE_SWITCH
	bool "Restrict mode switching to specified terminals"
	depends on LIDS && LIDS_ALLOW_SWITCH
	default n
	help
	  If you enable this option, mode switching will be only allowed
	  from specified terminal types.

config LIDS_MODE_SWITCH_CONSOLE
	bool "Allow mode switching from a Linux Console"
	depends on LIDS && LIDS_RESTRICT_MODE_SWITCH
	default y
	help
	  Allow mode switching from a Linux Console.

config LIDS_MODE_SWITCH_SERIAL
	bool "Allow mode switching from a serial Console"
	depends on LIDS && LIDS_RESTRICT_MODE_SWITCH
	help
	  Allow mode switching from a serial Console.

config LIDS_MODE_SWITCH_PTY
	bool "Allow mode switching from a PTY"
	depends on LIDS && LIDS_RESTRICT_MODE_SWITCH
	help
	  Allow mode switching from a PTY. 
endmenu
