[ale] Help with server setup

Ed Cashin ecashin at noserose.net
Tue Sep 15 14:42:41 EDT 2009


On Tue, Sep 15, 2009 at 10:56 AM, Steve Brown <braino420 at gmail.com> wrote:
> On Tue, Sep 15, 2009 at 8:25 AM, Ed Cashin <ecashin at noserose.net> wrote:
>>
>> When I was in that situation, I used FreeBSD, which has an immutable
>> files feature.  With Linux you could get a similar effect by customizing
>> a live CD, so that the server runs off read-only media, so that a reboot
>> could undo any malicious attempts to take over the server.  Just a
>> thought.
>
> Linux has immutable files also, using the chattr +i command.

Last time I tried to use these, I ran into a lack of support from the
kernel.  In FreeBSD, you can arrange things so that even root cannot
alter the immutable property of the files or cause them to be modified.

They called that feature "secure levels", I think.  With console access,
you could cause the O.S. to boot into a lower secure level (with no
networking turned on).  Then you
could use chattr to remove the immutability and modify the files.

But
when I was looking into this (around 2000), Linux didn't have something
like that.  For me, a file isn't immutable from a security standpoint
if root can use chattr to
remove the immutability while the system is in production.

I've been keeping my eyes open, but I might have missed it if a
feature like that has come along since then.  I'd like to hear about
it if anybody has heard of a feature that could disallow root from
removing the immutability of files while the system is in production.

-- 
  Ed Cashin <ecashin at noserose.net>
  http://noserose.net/e/



More information about the Ale mailing list