The goal of this article is to define what may become LIDS 2.0. LIDS means Linux Intrusion Detection System. ``Linux'' because it works on Linux1.1. The aim is to prevent intruders from doing anything on a protected machine. Because it has several ways for warning you about unauthorized actions, we can say it is an intrusion detection system.
Ideally, an intrusion detection system must be invulnerable. However, this would result in a box that offers virtually no access to its administrator. The next best thing is to drastically limit vulnerability factors.
As in a scientific experiment, the best way to achieve this is to begin by removing all access privileges to any entity in the box and work one's way up from there.
The starting point is a box where each process has no rights at all. That means that it can't happen anything on the box as there isn't even the right to execute something. But this is pointless, the box has a job to fulfill (web server, firewall, ...). Then we give each entity the rights it needs. The final result is a box where each process running has the exact number of rights it needs to run and no one more.