3.3. What options are available for lidsadm?

To get a list of the available options, enter the following:
bash# lidsadm -h
This will return the following output:
lidsadm version 0.4.1 for LIDS project
       Huagang Xie <xie@gnuchina.org>
       Philippe Biondi <pbi@cartel-info.fr>

Usage: lidsadm -[S|I] -- [+|-][LIDS_FLAG] [...]
       lidsadm -V
       lidsadm -h

Commands:
       -S  To submit a password to switch some protections
       -I  To switch some protections without submitting password (sealing time)
       -V  To view current LIDS state (caps/flags)
       -v  To show the version
       -h  To list this help 

Available capabilities:
           CAP_CHOWN chown(2)/chgrp(2)
    CAP_DAC_OVERRIDE DAC access
 CAP_DAC_READ_SEARCH DAC read
          CAP_FOWNER owner ID not equal user ID
          CAP_FSETID effective user ID not equal owner ID
            CAP_KILL real/effective ID not equal process ID
          CAP_SETGID set*gid(2)
          CAP_SETUID set*uid(2)
         CAP_SETPCAP transfer capability
 CAP_LINUX_IMMUTABLE immutable and append file attributes
CAP_NET_BIND_SERVICE binding to ports below 1024
   CAP_NET_BROADCAST broadcasting/listening to multicast
       CAP_NET_ADMIN interface/firewall/routing changes
         CAP_NET_RAW raw sockets
        CAP_IPC_LOCK locking of shared memory segments
       CAP_IPC_OWNER IPC ownership checks
      CAP_SYS_MODULE insertion and removal of kernel modules
       CAP_SYS_RAWIO ioperm(2)/iopl(2) access
      CAP_SYS_CHROOT chroot(2)
      CAP_SYS_PTRACE ptrace(2)
       CAP_SYS_PACCT configuration of process accounting
       CAP_SYS_ADMIN tons of admin stuff
        CAP_SYS_BOOT reboot(2)
        CAP_SYS_NICE nice(2)
    CAP_SYS_RESOURCE setting resource limits
        CAP_SYS_TIME setting system time
  CAP_SYS_TTY_CONFIG tty configuration
           CAP_MKNOD mknod operation
           CAP_LEASE taking leases on files
          CAP_HIDDEN hidden process
  CAP_KILL_PROTECTED kill protected programs
       CAP_PROTECTED Protect the process from signals

Available flags:
                LIDS de-/activate LIDS locally (the shell & childs)
         LIDS_GLOBAL de-/activate LIDS entirely
         RELOAD_CONF reload config. file and inode/dev of protected programs