Date: Fri, 16 Feb 2001 15:04:34 -0500 From: "Peter C. Lai" <sirmoo@cowbert.2y.net> To: "Rasputin" <rasputin@FreeBSD-uk.eu.org>, <security@freebsd.org> Subject: Re: File flags Message-ID: <000701c09853$af44c0c0$1e9e6389@137.99.156.23> References: <p04330100b6b2d6708b25@[134.76.136.114]> <20010216133331.A48008@dogma.freebsd-uk.eu.org>
next in thread | previous in thread | raw e-mail | index | archive | help
your metaphor/analogy is flawed. It should read "if my cupboards are locked, how can I tell if my house has been bugged?" since in most cases backdoored binaries are installed and logs are modified, and aren't deleted. ----- Original Message ----- From: "Rasputin" <rasputin@FreeBSD-uk.eu.org> To: <security@freebsd.org> Sent: Friday, February 16, 2001 8:33 AM Subject: Re: File flags > * Ragnar Beer <rbeer@uni-goettingen.de> [010216 13:17]: > > Howdy! > > > > I'm wondering which files I should protect with file flags. So far I only > > protected a couple of flags in /var/log but last week I read that someone > > Is that a good idea? What happens if they need ot be rotated? > > > suggested making files in the /bin /sbin /etc directories immutable. How much > > sense does that make? > > Depends what securelevel you're in. > > Also there is a case for saying that this makes intrusions harder > to detect, although that sounds to me like saying: > "If the cupboards in your house are locked up, how are you > supposedd to tell when you've been burgled?" > > -- > Rasputin > Jack of All Trades :: Master of Nuns > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?000701c09853$af44c0c0$1e9e6389>