setting a disk read only
Malcolm Kay
malcolm.kay at internode.on.net
Sat Jun 26 23:44:28 PDT 2004
On Saturday 26 June 2004 22:06, JJB wrote:
> Security Paranoia
> It's very important that you completely understand the impact of
> using the following command will have on your ability to make
> changes to your system.
>
> The simplest thing you can do is set the immutable flag on all
> system binaries and /etc config files with:
>
> chflags schg /bin/*(*) /sbin/*(*) /usr/bin/*(*) /usr/sbin/*(*)
> /etc/*(*)
>
It seems to me that mounting all partitions from the disk as read only
would achieve rather more; and more simply.
But neither protects against direct writes to the raw device.
And if you are really paranoid about this I think the only solution is a
hardware switch. I suspect the linux 'hdparm' also has its limitations;
only a hardware switch can protect against software bugs or a successful
invasion.
> Setting the immutable flag on, means the files are marked as being
> protected from being written over. Once you execute the above
> command, no process can over write those files thus increasing the
> level of difficulty for the attacker and increasing the odds in your
> favor of the attacker leaving error messages in the system log. On
> the other hand you as root user can not make any changes to those
> file so marked either.
>
> Ever time you want to make changes you have to issue the command to
> turn off the immutable flag on all the same files. Use this command
> to do that:
>
> chflags noschg /bin/*(*) /sbin/*(*) /usr/bin/*(*) /usr/sbin/*(*)
> /etc/*(*)
>
> You can use "ls -lo" command to see the immutable flags of existing
>
> You could do this to any slice with chflags noschg /*(*) /usr/*(*)
> what ever
>
Malcolm
More information about the freebsd-questions
mailing list