Date: Sat, 26 Jun 2004 08:36:49 -0400 From: "JJB" <Barbish3@adelphia.net> To: "MICSKO Viktor" <candiru@bazmag.hu> Cc: freebsd-questions@freebsd.org Subject: RE: setting a disk read only Message-ID: <MIEPLLIBMLEEABPDBIEGMEDOGEAA.Barbish3@adelphia.net> In-Reply-To: <Pine.BSO.4.58L0.0406261203340.8509@bazmag.sch.bme.hu>
next in thread | previous in thread | raw e-mail | index | archive | help
Security Paranoia It's very important that you completely understand the impact of using the following command will have on your ability to make changes to your system. The simplest thing you can do is set the immutable flag on all system binaries and /etc config files with: chflags schg /bin/*(*) /sbin/*(*) /usr/bin/*(*) /usr/sbin/*(*) /etc/*(*) Setting the immutable flag on, means the files are marked as being protected from being written over. Once you execute the above command, no process can over write those files thus increasing the level of difficulty for the attacker and increasing the odds in your favor of the attacker leaving error messages in the system log. On the other hand you as root user can not make any changes to those file so marked either. Ever time you want to make changes you have to issue the command to turn off the immutable flag on all the same files. Use this command to do that: chflags noschg /bin/*(*) /sbin/*(*) /usr/bin/*(*) /usr/sbin/*(*) /etc/*(*) You can use "ls -lo" command to see the immutable flags of existing You could do this to any slice with chflags noschg /*(*) /usr/*(*) what ever -----Original Message----- From: owner-freebsd-questions@freebsd.org [mailto:owner-freebsd-questions@freebsd.org]On Behalf Of MICSKO Viktor Sent: Saturday, June 26, 2004 6:46 AM To: Matthew Seaman Cc: freebsd-questions@freebsd.org Subject: Re: setting a disk read only > > Is it possible to setting a *whole* disk read only? I mean the way linux > > does it with "hdparm -r 1 device". So adding an -o ro parameter to mount > > isn't enough, I want to be sure that the disk is unmodified. > > Hmmm... SCSI disks can be physically jumpered to be read-only. I > should think that ATA drives can be treated the same way. Consult the > manufacturers' data sheets for details. No, at least I've never seen it on any ATA drives. That's why I need a software solution. viktor _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?MIEPLLIBMLEEABPDBIEGMEDOGEAA.Barbish3>