re: reboot looses configurations
hmmm, have you tried chattr +i on a list of the offending files once all
configurations are set correctly? There's a trick I'll do on my next
debian installation in which you get the lcap utility aptitude install
lcap and you set chattr +a on log files you don't want tampered and chattr
+i on valuable binaries including lcap itself. Then say in /etc/rc.local
put a couple lcap lines: lcap CAP_LINUX_IMMUTABLE lcap CAP_SYS_MODULE
After that, chattr +i /etc/rc.local then reboot your system. See if you
can modify /etc/rc.local. If not the trick was successful. What it's
supposed to do if it works is provide plenty of hacker frustration and
keep you with an undamaged system.
Reply to: