Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Introduction to Linux - A Hands on Guide
This guide was created as an overview of the Linux Operating System, geared toward new users as an exploration tour and getting started guide, with exercises at the end of each chapter.
For more advanced trainees it can be a desktop reference, and a collection of the base knowledge needed to proceed with system and network administration. This book contains many real life examples derived from the author's experience as a Linux system and network administrator, trainer and consultant. They hope these examples will help you to get a better understanding of the Linux system and that you feel encouraged to try out things on your own.
Click Here to receive this Complete Guide absolutely free.
Is this a bad idea to do to my mail server. I know that i cannot chattr +i /var, but i think i should be able to do all other dir's. SHould i just be doing it to .conf files.
I read in a security book that its good to chattr +i files. Im just not so sure on which files.
Basically that's up to you. Any files which won't or shouldn't be modified when the system is running can be immutable. But that depends on how often you change things on it. If you do it to all your executables and libraries you will have to reset the bits each time you install something new which can be a pain if you do this often.
Basically The Linux File Standard (formerly FSSTND) regards system binary dirs /bin, /sbin, /usr/bin and /usr/sbin as places where *not* to put stuff local to your machine, so these are safe to chattr IMO, same goes for /boot, /dev, /lib, /misc, /opt, /root and /home. Exceptions are /etc and /usr, because /usr contains a tmpdir but you could loose that as well, /etc shouldn't be chattr'ed -R, it contains some files that maintain state for mounting, time, passwd and group.
Dirs that shouldnt be chatter'ed are /lost+found (fsck saves retrievable nodes in) /mnt, /proc, /var and /tmp.
Alternatively you could separate "/" to another partition and mount it -o ro and make /tmp and /var/tmp a ramdisk (this is what they do with say one-floppy distro's and cd bootable images).
I "chattr +iu" a lot of config files, and use a shellscript to backup, un/reset the bits when editing, never had any probs with it.
Also, if you won't use a kernelpatch like LIDS or GRSecurity which can handle Linux' /proc properties like CAP_LINUX_IMMUTABLE (/proc/sys/kernel/cap-bound), you could install "lcap" which can remove the ability on startup to use the immutable bit. Now even root can't unset with chattr, only a reboot, or a reboot to level 1 breaks out of this. Kinda neat.
If you do this to all your logfiles they will not update, and you will not be able to debug problems (even the logfiles not updating problem) because the system won't be able to tell you about them because it can't write to the logs. This is good for files like .rhosts and the like but I wouldn't do it to system files like /etc/passwd or /etc/shadow or you won't be able to change your passwords.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
