[ale] Help with server setup
Michael B. Trausch
mbt at zest.trausch.us
Tue Sep 15 16:13:43 EDT 2009
On Tue, 2009-09-15 at 14:42 -0400, Ed Cashin wrote:
> On Tue, Sep 15, 2009 at 10:56 AM, Steve Brown <braino420 at gmail.com> wrote:
> > On Tue, Sep 15, 2009 at 8:25 AM, Ed Cashin <ecashin at noserose.net> wrote:
> >>
> >> When I was in that situation, I used FreeBSD, which has an immutable
> >> files feature. With Linux you could get a similar effect by customizing
> >> a live CD, so that the server runs off read-only media, so that a reboot
> >> could undo any malicious attempts to take over the server. Just a
> >> thought.
> >
> > Linux has immutable files also, using the chattr +i command.
>
> Last time I tried to use these, I ran into a lack of support from the
> kernel. In FreeBSD, you can arrange things so that even root cannot
> alter the immutable property of the files or cause them to be modified.
>
> They called that feature "secure levels", I think. With console access,
> you could cause the O.S. to boot into a lower secure level (with no
> networking turned on). Then you
> could use chattr to remove the immutability and modify the files.
>
> But
> when I was looking into this (around 2000), Linux didn't have something
> like that. For me, a file isn't immutable from a security standpoint
> if root can use chattr to
> remove the immutability while the system is in production.
>
> I've been keeping my eyes open, but I might have missed it if a
> feature like that has come along since then. I'd like to hear about
> it if anybody has heard of a feature that could disallow root from
> removing the immutability of files while the system is in production.
>
I'm not 100% sure on this, but you might be able to restrict the power
of root within linux containers in a way similar to this. It'd probably
be worth looking into.
--- Mike
--
Blog: http://mike.trausch.us/blog/
Misc. Software: http://mike.trausch.us/software/
More information about the Ale
mailing list