[olug] more chattr

mesc mescie at home.com
Sun Sep 17 05:34:37 UTC 2000


I think I'm getting it now.The only reason you would want to chattr +i a file
is if it's a old log file for example and it  might contain evidence of someone
comprimising your box and you didn't want that person to get back in your box
and change the logfile in his favor or just delete the whole log file.Am I
warmer?

            Gary Martin


Mike McNally wrote:

> archival log file.... not log file.  And no I haven't yet figured out
> how to set up the archival logs to be immutable.  There's probably some
> syslog.conf file where it could be done from.  Here's the source of this
> info:
>         http://www.softpanorama.org/Security/best_unix_security_papers.shtml
>
> ...and the info I am refurring to:
> Secure log files
>      The immutable and append-only attributes are particularly effective
> when used in combination with log files and log
>      backups. You should set active log files to append only. When the
> logs are rotated, the backup log file created by the
>      rotation should be set to immutable, while the new active log file
> becomes append only. This usually requires some
>      manipulation of your log rotation scripts.
>
> mike
>
> mesc wrote:
> >
> > I've read the chattr man page and one thing still  confuses me,with the
> > +i option it says no data can be written to it so how can that option
> > be used  on a log file?
> >
> >             Confused,Gary Martin :)
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: olug-unsubscribe at bstc.net
> > For additional commands, e-mail: olug-help at bstc.net
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: olug-unsubscribe at bstc.net
> For additional commands, e-mail: olug-help at bstc.net


---------------------------------------------------------------------
To unsubscribe, e-mail: olug-unsubscribe at bstc.net
For additional commands, e-mail: olug-help at bstc.net



More information about the OLUG mailing list