Re: aide or tripwire
From: bugtraq@seifried.orgDate: 12/19/01
- Previous message: Ross Vandegrift: "Re: Logcheck entries"
- In reply to: Rob 'Feztaa' Park: "Re: aide or tripwire"
- Next in thread: Philipp Schulte: "Re: aide or tripwire"
- Next in thread: Jason Kohles: "Re: aide or tripwire"
- Next in thread: dewt: "Re: aide or tripwire"
- Reply: Philipp Schulte: "Re: aide or tripwire"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 19 Dec 2001 12:49:54 -0700 (MST) From: <bugtraq@seifried.org> To: Rob 'Feztaa' Park <feztaa@shaw.ca>
> Or you could just set the file(s) immuteable flag with 'chattr -i', and
> the file cannot be changed or deleted.
Which is essentially useless. The file can be set to be read only, with
essentially the same result. If the attacker gets root they can unset the
immutable flag and muck around with it. The immutable attribute is
essentially pointless for files owned by root unless you want to prevent
accidental changes (manual edits, or stupid config programs/etc).
-Kurt Seifried
- Previous message: Ross Vandegrift: "Re: Logcheck entries"
- In reply to: Rob 'Feztaa' Park: "Re: aide or tripwire"
- Next in thread: Philipp Schulte: "Re: aide or tripwire"
- Next in thread: Jason Kohles: "Re: aide or tripwire"
- Next in thread: dewt: "Re: aide or tripwire"
- Reply: Philipp Schulte: "Re: aide or tripwire"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
