Security Paranoia
It's very important that you completely understand the impact of
using the following command will have on your ability to make
changes to your system.

The simplest thing you can do is set the immutable flag on all
system binaries and /etc config files with:

chflags schg /bin/*(*) /sbin/*(*) /usr/bin/*(*) /usr/sbin/*(*)

Setting the immutable flag on, means the files are marked as being
protected from being written over. Once you execute the above
command, no process can over write those files thus increasing the
level of difficulty for the attacker and increasing the odds in your
favor of the attacker leaving error messages in the system log. On
the other hand you as root user can not make any changes to those
file so marked either.

Ever time you want to make changes you have to issue the command to
turn off the immutable flag on all the same files. Use this command
to do that:

chflags noschg /bin/*(*) /sbin/*(*) /usr/bin/*(*) /usr/sbin/*(*)

You can use "ls -lo" command to see the immutable flags of existing

You could do this to any slice with chflags noschg /*(*)  /usr/*(*)
what ever

-----Original Message-----
Sent: Saturday, June 26, 2004 6:46 AM
To: Matthew Seaman
Subject: Re: setting a disk read only

> > Is it possible to setting a *whole* disk read only? I mean the
way linux
> > does it with "hdparm -r 1 device". So adding an -o ro parameter
to mount
> > isn't enough, I want to be sure that the disk is unmodified.
> Hmmm... SCSI disks can be physically jumpered to be read-only.  I
> should think that ATA drives can be treated the same way.  Consult
> manufacturers' data sheets for details.

No, at least I've never seen it on any ATA drives. That's why I need
software solution.


[EMAIL PROTECTED] mailing list
To unsubscribe, send any mail to

[EMAIL PROTECTED] mailing list
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to