2001.5.x 0.9.10 for 2.2.19
1. after long time to a stable version of LIDS
2. fixed sent alert mail alert compatible with qmail (Yannick Le Briquer).
3. many code clean and typo fixed (Sander Klein). 
4. fixed a added return character in do_execve().

2001.3.27 0.9.15 for 2.2.19
1. upgrade to 2.2.19
2. bugfixed the sysctl from Dieter Stolte.
3. add a lids.conf format checker in lidsadm.

2001.3.23 0.9.14 for 2.2.18
1. Add new features -  inherit level from 1.0.6
2. update lidsadm
3. fixed the default lids.conf

2001.3.9 0.9.13 for 2.2.18
1. bugfixed the lidsadm compiling error.
2. code clean 
3. add information when access hidden file.
4. add lids_script.sh from steve bremer.
5. fixed the default lids.conf

2001.1.10 0.9.12 for 2.2.18
Add new file ACLs inherit feature.
multi-platform support.

2000.12.15 release lids 0.9.11 for 2.2.18

moving to the new release of 2.2.18

2000.11.28 prerelease lids 0.9.11
1.  bugfixed the file ACLs inherit.
2.  add EXEC domain support in kernel and lidsadm (me), check doc/exec_domain for details.
3.  change lidsadm to support steve's denied program to access denied files.(steve).
4.  remove security alerts from lids_cap_log in capable (Chuan-kai Lin)
5.  LIDS_DBG caused deadlock in capable (may be SMP specific) (Chuan-kai Lin)
6.  Compilation error in lids_set_flags when LIDS_DEBUG is set (Chuan-kai Lin)
7.  Potential race in lids_local_off (Chuan-kai Lin)
8.  Potential race in lids_klids_thread (Chuan-kai Lin)
9.  Incomplete CAP_SETUID and CAP_SETGID checking (Chuan-kai Lin)
10.  Add a CREDITS files.

2000.11.15 release the lids.0.9.10
1. fixed umount filesystem bug.
2. fixed NFSd and FTPd capability usages.
3. fixed capability inherit
4. sys_sysctl() bugfixed.

2000.09.07 release the lids 0.9.8.
1. code clean for proc_xxx_
2. bugfixed to protect removing the /proc/sys/lids/locks
3. bugfixed to lids_cap_reading.
4. bugfixed to LIDS_DBG()

2000.9.7 release of lids 0.9.8 
1 Move lids send mail parameter to /etc/lids/lids.net. 
	Now the remote ip address,
	port, subject..etc are now in /etc/lids/lids.net.
2 Fix the klids hidden bugs..
3 Fix the network module inserting problems 
4. Add new directory /etc/lids/
  o Move /etc/lids.conf to /etc/lids/lids.conf
  o Add lids.pw to store the encrypted password which is 
      stored when config the kernel. Use "lidsadm -P" to 
      update and generate the password.
  o Add lids.cap to store the capability valule (enable,disable).

5. Add the patch from Phil. for the serious bugs 
   found by Matthew J Dainty. 

6. Simply sealing kernel by "lidsadm -I" and the default enable capability is stored in /etc/lids/lids.cap. 

7. Move lids.c from fs/lids.c to kernel/lids.c.

8. Fix the compiling bugs of "lids_first_time". 


2000.07.08 release of lids 0.9.7 for 2.2.16

Thanks Andreas Steinmetz <ast@domdv.de> for the patch, it do

1.  initrd support (already posted)
2.  amount of inodes and acls configurable in kernel configuration
3.  protection against kernel panic when config reload is initiated
    while protection is enabled
4.  various changes to fix the problems when the config is reloaded,
    note that the inherit flags fix during process creation isn't
    tested as I don't use it
5.  various cleanups including removal of dead code (I had to do this
    to be able to work effectively through the code)
6.  changed acl management to use memory pool to assert that all
    required acls are actually entered
7.  fixed usage of memscan() in lids.c (memscan returnes addr+len
    if the given character is not found)
8.  miscellaneous bugfixes, e.g. in lids_init_add_file
9.  added statistics message (you can tune pool sizes with this info)
10. added educated guess, if dev/inode pair may exist in secured
    list
11. added sort of inode and acl source tables, the search functions now
    use a fast 2^n search algorithm
12. config file processing tuning

The following things are added by me. ;-).

13 individual capability of program ( process ).
Now, not only the program has the ability to access the protected file, but also the has the capability which the system has turn off. You can do such as 
"lidsadm -A -s /../../XF86_SVGA -t -o CAP_SYS_RAWIO -j NO_INHERIT" to make X window to run on a RAWIO disable system by "lidsadm -S -- -CAP_SYS_RAWIO".

14  Remove the special object to capability based.

  MEM, IO change to CAP_SYS_RAWIO, 
  CHROUTE change to CAP_NET_ADMIN
  HD -> CAP_SYS_RAWIO,.. 
  HIDDEN -> CAP_HIDDEN ( newly added) , 
  INIT_CHILDREN_LOCK  --> CAP_INIT_KILL (newly added) 

15 No more INIT_CHILDREN_LOCK when kernl config. It turn to CAP_INIT_KILL. Add max children locking number. 

16 Redesign the inherit flag of the capability, more stable now.

-------------------------------------------------------------------------
2000.06.12 release of lids-0.9.6
o bugfixed for protect mount point
o bugfixed for the port scanner detector's dead lock problem.
o Moving to 2.2.16 and fixed compiling error of previous version.

2000.05.27 release of lids-0.9.5
o bugfixed for protect mount point.
o bugfixed for lids_check_base.
o bugfixed for lidsadm when adding ACLs.
o change for capability for sparc64 , thanks  Veselin Mijuskovic <panzer@etf.bg.ac.yu>.

2000.05.15 release of lids-0.9.4 
o rewrite the no_inherit and inherit part.
o bugfixed when adding lids acl
o checking more situation in lidsadm when adding acls.

2000.05.04 release of lids-0.9.2pre1
 o A new design of LIDS framework including ACLs, policy database and other news features.
 o Add a DENY acess feature
 o Add ACL for LIDS
 o Move the MEM,HD,RAW_IO,change_ROUTE ability from kernel configurate to
   the lids.conf and merge into the ACL framework of LIDS.
 o modified the lidsadm to meet the change of LIDS.
 o add a man page to lidsadm.
 
2000.04.29 release of lids-0.9.1
 Bug fixed for compiling error.
2000.04.26 release of lids-0.9
  Bug fixed
2000.04.14 release of lids-0.9pre4
  -Fixes the bug which prevented LIDS from protecting files under the root
   directory of a partition in some particular cases.
  -Fixes lidsadm switch check, which claimed a failure with +RELOAD_CONF flag.
  -Added a path canonization in lidsadm (f.e in "lidsadm -A -r .", "." expands
   to "/the/current/dir")

2000.04.11 release of lids-0.9pre3
  -Fixed missing symbols for modules
  -Fixed oops at sealing time
  -Made console hangup optional

2000.04.04 release of lids-0.9pre2
  - Port scanner detector in kernel.
    You can now disable raw socket and can have a powerful scanner detector
    in kernel.
  - Auto hangup console(tty) when user violate rule.
  - Add CAP_SYS_BIND_SERVICE violate logging information.
    use this capability, we can prevent user create socket < 1024 
    on the system. 
  

2000.03.30 release of lids-0.9pre1
  -lidsadm says when the switch has failed

  -For lidsadm, LIDS becomes LIDS_GLOBAL and LIDS_LOCAL becomes LIDS
 
  -LIDS_LOCAL, now known as LIDS, isn't limited to four children anymore

  -If the LIDS_LOCAL top process is killed, LIDS_LOCAL is switched on
   This prevents a pid cycle attack, and if you log in, -LIDS, delog, 
   you don't have to log, +LIDS, -LIDS. Just log, -LIDS. (is that clear ?)
	
  -The security alerts are now on only one line.

  -Hidden process network connections are also hidden

  -Send security alerts through network (to a mail relay, a remote 
   syslog, etc.), directly from kernel

	
2000.02.17 release of lids-0.8.1pre1-psk

  -Can allow programs to change routes/firewall rules

  -lids.conf is the truth

  -LIDS_LOCAL flag has been added (to switch lids off locally)


2000.02.04 release of lids-0.8pre4-psk-2.2.14 as lids-0.8-2.2.14

   An even better design

  -Use of the kernel capabilities
 
  -Hot switching capabilities

  -Allow unmount when shutdown (for UPS)

  -Allow to kill protected processes when shutdown (for UPS)

  -Added the execution control of non-protected programs before sealing

  -New behaviour for interpretation of lids.conf (boot or RELOAD_CONF time)

  -Buffers containing passwd are cleaned

  -lidsadm can update lids.conf

  -2-level encryption password 


1999.12.9 release lids-0.6.1-2.2.13
	Bugfixed. 

1999.12.9 release lids-0.6-2.2.13
    A total new design. bugfixed and add new features.

  - No modules and more flexible.
  
	* The basic behaviour (files/dir/dev selection...) remain the same.
    But what was modularized is now already in the kernel. To keep the
    "seal" concept (ie sealing modules/mounted devices/daemons at a given 
    time) some sysctl have been created. 

  -  Add Hide sensitive processes.
	* You can hide some procees with the giving program path in the kernel.

  -  Add IP firewall rules protection.
	* You can protect your ip firewall rules when the system runing.

  - control the lids from proc file system. 
	* use echo 1 > /proc/sys/lids/xxxx to switch the lids protection on. 

1999.11.25 release lids-0.4.1-2.2.13
	Fixed bugs and Add new features.

 -  Fixed bug in protecting MBR writing.
 -  Fixed bug in log file protection.
 -  Add Password switching lids security mode.(ture on/off).
	* Now you can use "lidsadm" to turn on/off the security.
	  This features is supported by a new module name switch.
	  insert the module before check_moduels and seal being inserted.
 - Fixed bugs in lidsadm for security reason.


1999.11.19 release lids-0.4-2.2.12
More new features. added to the outgoing version. 
	
1.   Seal the kernel.
	Thanks to John Carol Langford <jcl@gs176.sp.cs.cmu.edu> for providing
	the "seal kernel" program. Based on the seal method and intercepting
	method , I have developed some more security functions as showed below.
	

2.   Mounted filesystem protection .
        After you boot up the system , the mounted fileystems will be protected 
	and no one can umount them . But after the boot time ,  a new file 
	system can be mounted and umounted but will be restricted to   
	diretory of /mnt/.

3.   Loaded modules protection .
      	After you boot up the system , the loaded modules are protected by the 
	lids .  No one can unload the modules( rmmod ) . After  the booting ,
	a new module can be loaded in the kernel and also can be unload(rmmod)
	,but it is restricted that the loading program must be in "/sbin/insmod"
 	which is changed to check the path of the loaded modules.  The loaded 
       	modules MUST be resided in the /lib/modules/ and are protected by lids. 
	Since the "modprobe" also use /sbin/insmod , so the using "modprobe" 
	also can be protected.

4.   Running processes protection.
     	After the system boot up , the loaded processes are protected by lids.
	No one can send any signal to the process(pid) which parent is "init".
	Thus you can load program before the "seal" modules running and then
	you can protect your program from being killed.

5.   More safty & detailed logging.
	Thanks to Bosko Radivojevic <bole@bolex.bolex.co.yu> for providing 
	the Linux open wall project's logging routine. It can protect the 
	logging flood.
	
	More detailed information about a user violate the rule have been 
	added to this version. 


1999.10.20 
	Releasing the lids-0.3-2.2.13
1999.10.28
	Add the code privide by Bosko Radivojevic <bole@bolex.bolex.co.yu>
	for the EXT2 APPEND_ONLY and IMMUTABLE FLAG and Net DEVICE Promise.

	Add DEVICE MBR protection.
	Change the lids configuration tools lids.
	
1999.10.27
	Finished modify the configuration file format.
	Add the append-only tag .
	Add a tools to create configuration files.
		
1999.10.19 Release lids-0.2-2.2.12  
	Thanks to Bosko Radivojevic <bole@bolex.bolex.co.yu>, 
		Valerio <valerio@wnet.it>,
        	Thomas Tschoepke Soares <ttsoares@cedep.ifch.ufrgs.br>,  
         	tamas <tamas@tamas.satimex.tvnet.hu> , 

	They are kindly tell me the problem they meet during using lids,
	
	I have fixed the bug for hard link ,moving the files, symlink, 
	and mknod , and some releasing memory.
1999.10.16   
	Thanks to Valerio <valerio@wnet.it> asking me the question
                about hardlink, and I fixed the bug in hard link .

1999.10.15 Relase lids-0.1-2.2.12 
	write a README file. 
	release it to freshmeat.net. 
1999.10.14	finished v0.1 
	change the boot param to "security=1".
	change the default security.
	add a file :  fs/security.c , include all the ids_function.
	change the Documents/Configure.help ,fs/Config.in
	add the #ifdef CONFIG_VFS_SECURITY into the system.
	add the configuration file /etc/ids.conf.
			
1999.10.11 
begin to make change to kernel.
	1 . main.c , add "ids=1|0" support.
	2 . add in super.c , the "int load_ids" support.

