Read Only File System
Steve
steve at focb.co.nz
Tue Jun 8 22:27:46 UTC 2004
Yes, you can mark certain files as append only using chattr, but this does
not stop them being deleted by root as quite simply, root can do anything.
What it sounds like you need is a printer that syslog messages or the like
are streamed to.
Unless of course physical access to the box is an issue as well in which
case you are pretty much out of options..
You may want to look into putting a box in with DOS 6.x or the like,
connected via a serial cable only and a log daemon that takes log
messages from the serial port and writes them to a file. You may find that
there is a syslog type daemon out there that will stream output to a
serial port and then you can collect this on the DOS machine and you end
up with a reasonably secure logging box.
You may end up having to write some software yourself to do this, but may
find that there is already something out there on the net to do something
similar.
--
Steve.
On Tue, 8 Jun 2004, Nathaniel Hall wrote:
> Ok, building on that, is there anyway to make an append only file system and
> make it where root cannot change or delete anything in the logs?
>
> ~~~~~~~~~~~~~~~~~~~~~~~~~~
> Nathaniel Hall
> Intrusion Detection and Firewall Technician
> Ozarks Technical Community College -- Office of Computer Networking
> 417-799-0552
>
>
> -----Original Message-----
> From: Henry Axelrod [mailto:AxelrodH at emigrant.com]
> Sent: Tuesday, June 08, 2004 3:03 PM
> To: halln at otc.edu; redhat-list at redhat.com
> Subject: Re: Read Only File System
>
> You can do this by creating a sepreate partition or drive to mount for
> that fs. When you add the entry to /etc/fstab you can place "ro" in the
> options column. For Example:
>
> LABEL=/home /home ext3 ro 1 1
>
> The preceding line will mount the home directory as read only. You will
> of course have to remeber to label the partition as /home. You will also
> probably want to add more options then just read only. This is just an
> example.
>
> >>> halln at otc.edu 6/8/2004 3:44:25 PM >>>
> I am working a creating a remote log server using RedHat Advanced
> Server 3.
> I would like to be able to make an entire file system read only where
> root
> can't even change the contents. Does anybody know of a way to do
> this?
>
>
>
> ~~~~~~~~~~~~~~~~~~~~~~~~~~
>
> Nathaniel Hall
>
> Intrusion Detection and Firewall Technician
>
> Ozarks Technical Community College -- Office of Computer Networking
>
> 417-799-0552
>
>
>
>
More information about the redhat-list
mailing list