From owner-freebsd-security Fri Feb 16 9:40:35 2001 Delivered-To: freebsd-security@freebsd.org Received: from serenity.mcc.ac.uk (serenity.mcc.ac.uk [130.88.200.93]) by hub.freebsd.org (Postfix) with ESMTP id AFAF937B65D for ; Fri, 16 Feb 2001 09:40:22 -0800 (PST) Received: from dogma.freebsd-uk.eu.org ([130.88.200.97] ident=root) by serenity.mcc.ac.uk with esmtp (Exim 2.05 #4) id 14Tl0u-000PnR-00 for security@freebsd.org; Fri, 16 Feb 2001 13:33:32 +0000 Received: (from rasputin@localhost) by dogma.freebsd-uk.eu.org (8.11.1/8.11.1) id f1GDXWu48046 for security@freebsd.org; Fri, 16 Feb 2001 13:33:32 GMT (envelope-from rasputin) Date: Fri, 16 Feb 2001 13:33:31 +0000 From: Rasputin To: security@freebsd.org Subject: Re: File flags Message-ID: <20010216133331.A48008@dogma.freebsd-uk.eu.org> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0.1i In-Reply-To: ; from rbeer@uni-goettingen.de on Fri, Feb 16, 2001 at 02:15:31PM +0100 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org * Ragnar Beer [010216 13:17]: > Howdy! > > I'm wondering which files I should protect with file flags. So far I only > protected a couple of flags in /var/log but last week I read that someone Is that a good idea? What happens if they need ot be rotated? > suggested making files in the /bin /sbin /etc directories immutable. How much > sense does that make? Depends what securelevel you're in. Also there is a case for saying that this makes intrusions harder to detect, although that sounds to me like saying: "If the cupboards in your house are locked up, how are you supposedd to tell when you've been burgled?" -- Rasputin Jack of All Trades :: Master of Nuns To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message