Re: aide or tripwire

From: Jason Kohles (jkohles@redhat.com)
Date: 12/19/01


Date: Wed, 19 Dec 2001 14:04:29 -0600
From: Jason Kohles <jkohles@redhat.com>
To: focus-linux@securityfocus.com

On Tue, Dec 18, 2001 at 03:24:22PM -0700, Rob 'Feztaa' Park wrote:
> On Mon, Dec 17, 2001 at 08:34:01PM -0500, Jim Zajkowski (dis)graced my inbox with:
> > Of course, you should still protect your tripwire database by burning it onto
> > CD, since tripwire has no protection against the database being deleted,
> > only modified.
>
> Or you could just set the file(s) immuteable flag with 'chattr -i', and
> the file cannot be changed or deleted.
>
I think you mean "chattr +i", and "cannot be changed or deleted except by
someone who then runs 'chattr -i'".

-- 
Jason Kohles                                 jkohles@redhat.com
Senior System Architect                      (703)786-8036 (cellular)
Red Hat Professional Consulting              (703)456-2940 (office)



Relevant Pages

  • Re: aide or tripwire
    ... you should still protect your tripwire database by burning it onto ... "You're one of those condescending Unix computer users!" ...
    (Focus-Linux)
  • Re: Root cant delete files
    ... > put a file into /bin is also able to execute chattr and delete any immutable ... > attributes that the admin might have set to protect his trusted shells and so ... write-protect tab and leave the disk in the drive for when you need it. ... amount of root kit is going to flip that tab back over again. ...
    (Focus-Linux)
  • Re: Binaries within bash
    ... I never run with noclobber set. ... I protect important files ... with chattr -a or -i. ... And backups, of course. ...
    (alt.lang.asm)