Return to BSD News archive
Path: euryale.cc.adfa.oz.au!newshost.anu.edu.au!harbinger.cc.monash.edu.au!simtel!news.sprintlink.net!howland.reston.ans.net!EU.net!Germany.EU.net!Dortmund.Germany.EU.net!not-for-mail From: bs@Germany.EU.net (Bernard Steiner) Newsgroups: comp.unix.bsd.misc,comp.unix.bsd.bsdi.misc Subject: Re: Circumventing immutable file protections Date: 9 Aug 1995 10:08:47 +0200 Organization: EUnet Deutschland GmbH, Dortmund, Germany Lines: 21 Message-ID: <409qef$t3n@Germany.EU.net> References: <DCvE8s.15A@candle.pha.pa.us> <4095br$3tj@kragar.kei.com> NNTP-Posting-Host: qwerty.germany.eu.net Xref: euryale.cc.adfa.oz.au comp.unix.bsd.misc:158 comp.unix.bsd.bsdi.misc:583 In article <4095br$3tj@kragar.kei.com>, ckd@loiosh.kei.com (Christopher Davis) writes: |> BM> == Bruce Momjian <root@candle.pha.pa.us> |> |> BM> If a hacker broke into a system, wouldn't he do his mischief, then |> BM> add entries to /etc/rc to truncate or modify the log files and then |> BM> cause a reboot. |> |> Make /etc/rc immutable, and he won't. (You want security? Make LOTS of |> stuff immutable. Sure, it's a bit more of a pain to maintain, but it's |> also a lot more of a pain to try to break into...) Make /etc/rc run only commands and scripts that are either immutable or reside on read-only filesystems. Make / read-only. Note: making / ro is actually possible *if* you have a seperate /var, a seperate /tmp *and* provide appropriate soft links such as /dev/log -> /var/dev/log so that syslog works. I tried this once, and the system continued nicely. I don't see why / should be read-write...