From owner-freebsd-questions@FreeBSD.ORG Sun Jun 27 03:44:58 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2C17E16A4CF for ; Sun, 27 Jun 2004 03:44:58 +0000 (GMT) Received: from ns3.tele-kom.ru (ns3.tele-kom.ru [217.107.251.251]) by mx1.FreeBSD.org (Postfix) with SMTP id 03C4243D41 for ; Sun, 27 Jun 2004 03:44:57 +0000 (GMT) (envelope-from doublef@tele-kom.ru) Received: (qmail 11709 invoked from network); 27 Jun 2004 03:44:01 -0000 Received: from mx.tele-kom.ru (213.80.148.6) by ns.tele-kom.ru with SMTP; 27 Jun 2004 03:44:01 -0000 Received: (qmail 19718 invoked by uid 555); 27 Jun 2004 03:45:07 -0000 Received: from shark (213.80.149.247) by t-k.ru with TeleMail/2 id 1088307907-19698 for barbish3@adelphia.net; Sun, 27 Jun 07:45:07 2004 +0400 (MSD) Received: by shark (Postfix, from userid 1000) id 182EB180; Sun, 27 Jun 2004 07:44:51 +0400 (MSD) Date: Sun, 27 Jun 2004 07:44:51 +0400 From: Sergey Zaharchenko To: JJB Message-ID: <20040627034451.GB367@shark.localdomain> Mail-Followup-To: Sergey Zaharchenko , JJB , MICSKO Viktor , freebsd-questions@freebsd.org References: Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="fUYQa+Pmc3FrFX/N" Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.4.2.1i cc: MICSKO Viktor cc: freebsd-questions@freebsd.org Subject: Re: setting a disk read only X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 27 Jun 2004 03:44:58 -0000 --fUYQa+Pmc3FrFX/N Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sat, Jun 26, 2004 at 08:36:49AM -0400, JJB probably wrote: > Security Paranoia > It's very important that you completely understand the impact of > using the following command will have on your ability to make > changes to your system. >=20 > The simplest thing you can do is set the immutable flag on all > system binaries and /etc config files with: >=20 > chflags schg /bin/*(*) /sbin/*(*) /usr/bin/*(*) /usr/sbin/*(*) > /etc/*(*) >=20 > Setting the immutable flag on, means the files are marked as being > protected from being written over. Once you execute the above > command, no process can over write those files thus increasing the > level of difficulty for the attacker and increasing the odds in your > favor of the attacker leaving error messages in the system log. On > the other hand you as root user can not make any changes to those > file so marked either. Only if you can't remove that flags (that is, only if you're running at a securelevel>0). --=20 DoubleF If you only have a hammer, you tend to see every problem as a nail. -- Maslow --fUYQa+Pmc3FrFX/N Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) iD8DBQFA3kKywo7hT/9lVdwRAno4AJ4lEbqnzv3oQVE7Gao9/qh9Y0UW5gCfdCvX ayLRyrDUvUCPQEEVoA4yzCY= =A6lx -----END PGP SIGNATURE----- --fUYQa+Pmc3FrFX/N--