> Of course, if the cracker has gotten root, they can chattr it right > back. In fact, the first thing I'd do as an attacker is to find all > chattr'd files on the filesystem since they're probably important.
I seem to recall a few years back reading about a utility that sets the kernel such that attributes can not be further modified until the box is rebooted. Can anyone confirm, hopefully with a pointer? Terry import StandardDisclaimer
