[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

re: reboot looses configurations

hmmm, have you tried chattr +i on a list of the offending files once all configurations are set correctly? There's a trick I'll do on my next debian installation in which you get the lcap utility aptitude install lcap and you set chattr +a on log files you don't want tampered and chattr +i on valuable binaries including lcap itself. Then say in /etc/rc.local put a couple lcap lines: lcap CAP_LINUX_IMMUTABLE lcap CAP_SYS_MODULE After that, chattr +i /etc/rc.local then reboot your system. See if you can modify /etc/rc.local. If not the trick was successful. What it's supposed to do if it works is provide plenty of hacker frustration and keep you with an undamaged system.

Reply to: