LIDS modes
  BOOT
  Valid until LIDS is 'Sealed" (/sbin/lidsadm -I)
  No capability-related ACLs are enforced
  File ACLs are still enforced
  POSTBOOT
  After LIDS sealing time
  Both capability and file ACLs are enforced
  SHUTDOWN
  After "lidsadm -S -- +SHUTDOWN" is called
  Allow more capabilities here to allow unmounting, for example.
  LEARNING
  ACL violation are logged, but not restricted
  lids_learnd can read message and write out related rules for integration into your ACL lists.

Copyright 2003, Bri Hatch of Onsight, Inc.

Presented at ISSA Puget Sound, 2003.

Presentation created using vim and MagicPoint.