Date: Thu, 23 May 2002 17:34:29 -0400 (EDT)
From: Jason K. Schechner
> Why would you want to do this?
Logging. If a h@xx0r cracks your box he can't erase
anything that's already been written there. Often it takes
BSD enforces append-only when running proper securelevel. AFAIK,
Linux lacks this attribute, and root can disable the so-called
"immutable" attrib.
a physical change (jumper, dipswitch, etc) to change from
write-only to read-only making it pretty tough for the
h@xx0r to cover his steps.
Why not log to an external bastion host?
i think that modern linuxes have both of these capabilities,
but they need to be compiled into the kernel (they're actually
called "capabilities", as in capability.h), so they're cumbersome
to use.
BSD enforces append-only when running proper securelevel. AFAIK,
Linux lacks this attribute, and root can disable the so-called
"immutable" attrib.
bsd enforces append only or immutable when the flag is set, not
depending on the securelevel. there are "user" and "system" flag
sets. the "user" flag set can be turned off and on at any time by
either the file's owner or root. the "system" flag set can be set at
any time, but can only be removed when the securelevel is less than or
equal to zero, and can only be set or cleared by root.