setting a disk read only
Sergey Zaharchenko
doublef at tele-kom.ru
Sat Jun 26 20:44:58 PDT 2004
On Sat, Jun 26, 2004 at 08:36:49AM -0400,
JJB probably wrote:
> Security Paranoia
> It's very important that you completely understand the impact of
> using the following command will have on your ability to make
> changes to your system.
>
> The simplest thing you can do is set the immutable flag on all
> system binaries and /etc config files with:
>
> chflags schg /bin/*(*) /sbin/*(*) /usr/bin/*(*) /usr/sbin/*(*)
> /etc/*(*)
>
> Setting the immutable flag on, means the files are marked as being
> protected from being written over. Once you execute the above
> command, no process can over write those files thus increasing the
> level of difficulty for the attacker and increasing the odds in your
> favor of the attacker leaving error messages in the system log. On
> the other hand you as root user can not make any changes to those
> file so marked either.
Only if you can't remove that flags (that is, only if you're running at
a securelevel>0).
--
DoubleF
If you only have a hammer, you tend to see every problem as a nail.
-- Maslow
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20040627/641c5db9/attachment.bin
More information about the freebsd-questions
mailing list