append only file system - selinux?
Tim Daly
daly at rio.sci.ccny.cuny.edu
Fri Mar 25 18:58:41 UTC 2005
Chris,
>here is my issue, for security certification purposes I need to be able
>to create an append only file system for logs, such that no one *even
>root* will be able to futz with the log files on my log server.
Write the files to CD-Rom in multi-session mode. It may even be the case
that there is a continuous-journal kind of file system (one in which the
journal is never collapsed). Such a file system would just continuously
write the file system to CD. This is conceptually a write-once tape.
Since you're not creating file logs at CD rates (one hopes) there will
be a window where someone could modify a log entry before you write it
to a session.
Tim Daly
More information about the fedora-devel-list
mailing list