[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

re: reboot looses configurations

On Sun, 2006-29-10 at 06:26 -0500, Jude DaShiell wrote:
> hmmm, have you tried chattr +i on a list of the offending files once all 
> configurations are set correctly?  There's a trick I'll do on my next 
> debian installation in which you get the lcap utility aptitude install 
> lcap and you set chattr +a on log files you don't want tampered and chattr 
> +i on valuable binaries including lcap itself.  Then say in /etc/rc.local 
> put a couple lcap lines: lcap CAP_LINUX_IMMUTABLE lcap CAP_SYS_MODULE 
> After that, chattr +i /etc/rc.local then reboot your system.  See if you 
> can modify /etc/rc.local.  If not the trick was successful. What it's 
> supposed to do if it works is provide plenty of hacker frustration and 
> keep you with an undamaged system.

Interesting. I'll keep this in mind for use with my ids.

I think my problem is more related to scripts however. 
Any idea what scripts are at fault?


Reply to: