hmmm, have you tried chattr +i on a list of the offending files once all configurations are set correctly? There's a trick I'll do on my next debian installation in which you get the lcap utility aptitude install lcap and you set chattr +a on log files you don't want tampered and chattr +i on valuable binaries including lcap itself. Then say in /etc/rc.local put a couple lcap lines: lcap CAP_LINUX_IMMUTABLE lcap CAP_SYS_MODULE After that, chattr +i /etc/rc.local then reboot your system. See if you can modify /etc/rc.local. If not the trick was successful. What it's supposed to do if it works is provide plenty of hacker frustration and keep you with an undamaged system.

--
To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to