LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 01-07-2002, 08:18 AM   #1
ForumKid
Member
 
Registered: Dec 2001
Posts: 195

Rep: Reputation: 30
chattr +i to all files on my box?


Is this a bad idea to do to my mail server. I know that i cannot chattr +i /var, but i think i should be able to do all other dir's. SHould i just be doing it to .conf files.

I read in a security book that its good to chattr +i files. Im just not so sure on which files.

Thanks
 
Old 01-07-2002, 11:14 AM   #2
Mik
Senior Member
 
Registered: Dec 2001
Location: The Netherlands
Distribution: Ubuntu
Posts: 1,316

Rep: Reputation: 47
Basically that's up to you. Any files which won't or shouldn't be modified when the system is running can be immutable. But that depends on how often you change things on it. If you do it to all your executables and libraries you will have to reset the bits each time you install something new which can be a pain if you do this often.
 
Old 01-07-2002, 11:57 AM   #3
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600
Basically The Linux File Standard (formerly FSSTND) regards system binary dirs /bin, /sbin, /usr/bin and /usr/sbin as places where *not* to put stuff local to your machine, so these are safe to chattr IMO, same goes for /boot, /dev, /lib, /misc, /opt, /root and /home. Exceptions are /etc and /usr, because /usr contains a tmpdir but you could loose that as well, /etc shouldn't be chattr'ed -R, it contains some files that maintain state for mounting, time, passwd and group.
Dirs that shouldnt be chatter'ed are /lost+found (fsck saves retrievable nodes in) /mnt, /proc, /var and /tmp.
Alternatively you could separate "/" to another partition and mount it -o ro and make /tmp and /var/tmp a ramdisk (this is what they do with say one-floppy distro's and cd bootable images).

I "chattr +iu" a lot of config files, and use a shellscript to backup, un/reset the bits when editing, never had any probs with it.

Also, if you won't use a kernelpatch like LIDS or GRSecurity which can handle Linux' /proc properties like CAP_LINUX_IMMUTABLE (/proc/sys/kernel/cap-bound), you could install "lcap" which can remove the ability on startup to use the immutable bit. Now even root can't unset with chattr, only a reboot, or a reboot to level 1 breaks out of this. Kinda neat.
 
Old 01-07-2002, 11:58 AM   #4
d3funct
Member
 
Registered: Jun 2001
Location: Centralia, WA
Posts: 274

Rep: Reputation: 31
If you do this to all your logfiles they will not update, and you will not be able to debug problems (even the logfiles not updating problem) because the system won't be able to tell you about them because it can't write to the logs. This is good for files like .rhosts and the like but I wouldn't do it to system files like /etc/passwd or /etc/shadow or you won't be able to change your passwords.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
FTP files from DOS box to LINUX box lobo1 Linux - Software 4 06-02-2005 11:57 AM
Transfairing files from windows xp box to mandrake linux 10.0 box. tyledogg Linux - Newbie 4 07-26-2004 12:24 AM
Pushing files from a Linux box to a Windows Box scottpioso Programming 2 11-27-2003 03:29 PM
How do I access files on Win box from Linux box zanew Linux - Networking 5 06-12-2002 12:58 PM
need help with chattr ruprick Linux - Newbie 4 02-19-2002 11:39 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 09:20 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration