From owner-freebsd-security Fri Feb 16 9:44:42 2001 Delivered-To: freebsd-security@freebsd.org Received: from mail.wlcg.com (mail.wlcg.com [207.226.17.4]) by hub.freebsd.org (Postfix) with ESMTP id 86FDC37B491 for ; Fri, 16 Feb 2001 09:44:39 -0800 (PST) Received: from localhost (rsimmons@localhost) by mail.wlcg.com (8.11.2/8.11.2) with ESMTP id f1GHgnQ91569; Fri, 16 Feb 2001 12:42:49 -0500 (EST) (envelope-from rsimmons@wlcg.com) Date: Fri, 16 Feb 2001 12:42:49 -0500 (EST) From: Rob Simmons To: Rasputin Cc: security@FreeBSD.ORG Subject: Re: File flags In-Reply-To: <20010216133331.A48008@dogma.freebsd-uk.eu.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Turn off log rotation and set the append only flag Robert Simmons Systems Administrator http://www.wlcg.com/ On Fri, 16 Feb 2001, Rasputin wrote: > * Ragnar Beer [010216 13:17]: > > Howdy! > > > > I'm wondering which files I should protect with file flags. So far I only > > protected a couple of flags in /var/log but last week I read that someone > > Is that a good idea? What happens if they need ot be rotated? > > > suggested making files in the /bin /sbin /etc directories immutable. How much > > sense does that make? > > Depends what securelevel you're in. > > Also there is a case for saying that this makes intrusions harder > to detect, although that sounds to me like saying: > "If the cupboards in your house are locked up, how are you > supposedd to tell when you've been burgled?" > > -- > Rasputin > Jack of All Trades :: Master of Nuns > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message