> Or you could just set the file(s) immuteable flag with 'chattr -i', and > the file cannot be changed or deleted.
Which is essentially useless. The file can be set to be read only, with essentially the same result. If the attacker gets root they can unset the immutable flag and muck around with it. The immutable attribute is essentially pointless for files owned by root unless you want to prevent accidental changes (manual edits, or stupid config programs/etc). -Kurt Seifried
