Re: [fw-wiz] More Syslog Questions

From: Brian Hatch (bri_at_ifokr.org)
Date: 07/20/04

  • Next message: Paul D. Robertson: "Re: [fw-wiz] Firewalling at the domain users level instead of network level" 
    To: "Marcus J. Ranum" <mjr@ranum.com>
Date: Mon, 19 Jul 2004 16:25:40 -0700

    > >On Linux, the chattr command on ext2/3 filesystems is useful. From man
    > >chattr
    > > A file with the `a' attribute set can only be open in
    > > append mode for writing. Only the superuser or a process
    > > pessessing the CAP_LINUX_IMMUTABLE capability can set or
    > > clear this attribute.
    >
    > Is this Linux specific, or did the BSD guys change this, too? The original
    > idea of immutable files was that they were, uh, um, immutable. Making
    > them "immutable except by root" is stupid - that's the same as saying
    > chown root file && chmod 700 file

    They're immutable, even by root. However, root can remove the
    immutable bit. IE

      chattr +a /path/to/file # makes it immutable
      echo something >>/path/to/file # fails - file is immutable
      
      chattr -a /path/to/file
      echo something >>/path/to/file # works - file no longer immutable.

    To keep root from re-running the chattr command, you need to have
    CAP_LINUX_IMMUTABLE unavailable, either by removing it from the
    capability bounding set, or using a Linux security patch that does
    the same thing effectivly. (SELinux, Lids, GrSecurity, etc.) 

    -- 
Brian Hatch                  "Well, you know how I feel about telepaths.
   Systems and               "Do I ever. You threw one out of a third
   Security Engineer          story window on Io."
http://www.ifokr.org/bri/    "There was an ample pool below the window."
                             "Alas, I assume you knew that."
Every message PGP signed

    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

  • Next message: Paul D. Robertson: "Re: [fw-wiz] Firewalling at the domain users level instead of network level"

    Relevant Pages

    • Re: Password
      ... I ran a quick search on Ask with the phrase "linux lost ... Have you ever forgotten your root password? ... Fortunately, it wasn't a boot password, so I did have ... (although "mount" may say it is). ...
      (alt.os.linux)
    • RE: Linux hacked
      ... Subject: Linux hacked ... After you boot up into the OS running from CD, ... >> First let me say I'm a security novice. ... >> been unsuccessful in getting root back. ...
      (Security-Basics)
    • Re: Greetings / Newbie questions
      ... Please, don't jump on the "Linux is the be-all, end-all OS and is ... I am having a bit of trouble deciding which to use: Gnome or KDE. ... >I have found that alot of things need to be done as root. ...
      (alt.os.linux.redhat)
    • Linux boot hint needed
      ... We're gettting further in getting linux to run on our board. ... Looking up port of RPC 100003/2 on 172.22.33.87 ... RPC: sendmsg returned error 101 ... Unable to mount root fs via NFS, ...
      (comp.os.linux.embedded)
    • Re: Windows Managers/Linspire-Lindows
      ... > Windows as possible and so root is in control unless you create a user. ... This means a Windows_idiot can install it and use it ... > without having to learn all that hard linux stuff. ... This design flaw drives my level of trust in the design down to ...
      (comp.os.linux)