Re: securelevel 1
- Reply: Cy Schubert : "Re: securelevel 1"
- Reply: Gareth de Vaux : "Re: securelevel 1"
- Reply: Dag-Erling_Smørgrav : "Re: securelevel 1"
- In reply to: Miroslav Lachman : "Re: securelevel 1"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Tue, 24 Oct 2023 17:33:22 UTC
On Tue, 24 Oct 2023, at 11:31, Miroslav Lachman wrote: > root@neon ~/ # find -s -x / -flags +schg,sappnd > /.sujournal > /lib/libc.so.7 > /lib/libcrypt.so.5 > /lib/libthr.so.3 > /libexec/ld-elf.so.1 > /libexec/ld-elf32.so.1 > /sbin/init > /usr/bin/chpass > /usr/bin/crontab > /usr/bin/login > /usr/bin/opieinfo > /usr/bin/opiepasswd > /usr/bin/passwd > /usr/bin/su > /usr/lib/librt.so.1 > /usr/lib32/libc.so.7 > /usr/lib32/libcrypt.so.5 > /usr/lib32/librt.so.1 > /usr/lib32/libthr.so.3 > /var/empty > > Log files are not protected. Thanks for explaining. The reason for setting the securelevel to 1 would be so that the log files can't be modified/deleted. So I'm glad you explained that because I didn't twig the securelevel only disallows changing flags and the log files weren't protected. In order to accomplish what I'd like, I understand that I'd need to set +schg on the individual logs, then set the securelevel afterwards and reboot. But if this is done, it seems there's no way (at least directly) for the log file to be rotated?