Quoting Micah Anderson <[EMAIL PROTECTED]>: > One additional tweak which falls into line with the security setups, that I > think is a good idea is to made the log files in /var/log to be chattr +a > (append only) so logfiles cannot be modified or removed altogether to cover > up tracks. This isn't the the biggest security trick because all it does is > make it if you don't know about chattr then you can't install a trojan. If > you've got root then removing the immutability flags is trivial, but only if > you know how to, or even know they exist. But it has kept the lower-level > admins at a site I work at from modifying the logfiles, which is against > policy.
Not every filesystem that Linux works with supports the append-only flag. If append-only is attempted, it must be able to cope with this absence. (I'm sure I'm not the only one that has /var/log symlinked to /mnt/floppy ;) -- Andrew Stribblehill <[EMAIL PROTECTED]> Systems programmer, IT Service, University of Durham, England