Re: securelevel 1

From: void <void_at_f-m.fm>
Date: Tue, 24 Oct 2023 17:33:22 UTC
On Tue, 24 Oct 2023, at 11:31, Miroslav Lachman wrote:

> root@neon ~/ # find -s -x / -flags +schg,sappnd
> /.sujournal
> /lib/libc.so.7
> /lib/libcrypt.so.5
> /lib/libthr.so.3
> /libexec/ld-elf.so.1
> /libexec/ld-elf32.so.1
> /sbin/init
> /usr/bin/chpass
> /usr/bin/crontab
> /usr/bin/login
> /usr/bin/opieinfo
> /usr/bin/opiepasswd
> /usr/bin/passwd
> /usr/bin/su
> /usr/lib/librt.so.1
> /usr/lib32/libc.so.7
> /usr/lib32/libcrypt.so.5
> /usr/lib32/librt.so.1
> /usr/lib32/libthr.so.3
> /var/empty
>
> Log files are not protected.

Thanks for explaining.

The reason for setting the securelevel to 1 would be so that the log files can't 
be modified/deleted. So I'm glad you explained that because I didn't twig
the securelevel only disallows changing flags and the log files weren't protected.

In order to accomplish what I'd like, I understand that I'd need to set +schg
on the individual logs, then set the securelevel afterwards and reboot.

But if this is done, it seems there's no way (at least directly) for the log
file to be rotated?