[ale] Help with server setup

Michael B. Trausch mbt at zest.trausch.us
Tue Sep 15 16:13:43 EDT 2009


On Tue, 2009-09-15 at 14:42 -0400, Ed Cashin wrote:
> On Tue, Sep 15, 2009 at 10:56 AM, Steve Brown <braino420 at gmail.com> wrote:
> > On Tue, Sep 15, 2009 at 8:25 AM, Ed Cashin <ecashin at noserose.net> wrote:
> >>
> >> When I was in that situation, I used FreeBSD, which has an immutable
> >> files feature.  With Linux you could get a similar effect by customizing
> >> a live CD, so that the server runs off read-only media, so that a reboot
> >> could undo any malicious attempts to take over the server.  Just a
> >> thought.
> >
> > Linux has immutable files also, using the chattr +i command.
> 
> Last time I tried to use these, I ran into a lack of support from the
> kernel.  In FreeBSD, you can arrange things so that even root cannot
> alter the immutable property of the files or cause them to be modified.
> 
> They called that feature "secure levels", I think.  With console access,
> you could cause the O.S. to boot into a lower secure level (with no
> networking turned on).  Then you
> could use chattr to remove the immutability and modify the files.
> 
> But
> when I was looking into this (around 2000), Linux didn't have something
> like that.  For me, a file isn't immutable from a security standpoint
> if root can use chattr to
> remove the immutability while the system is in production.
> 
> I've been keeping my eyes open, but I might have missed it if a
> feature like that has come along since then.  I'd like to hear about
> it if anybody has heard of a feature that could disallow root from
> removing the immutability of files while the system is in production.
> 

I'm not 100% sure on this, but you might be able to restrict the power
of root within linux containers in a way similar to this.  It'd probably
be worth looking into.

	--- Mike

-- 
Blog:  http://mike.trausch.us/blog/
Misc. Software:  http://mike.trausch.us/software/



More information about the Ale mailing list