Read Only File System

Nathaniel Hall halln at otc.edu
Thu Jun 10 13:04:54 UTC 2004 

Does anybody know of an append only file system that can be used on RedHat
AS 3?

~~~~~~~~~~~~~~~~~~~~~~~~~~
Nathaniel Hall
Intrusion Detection and Firewall Technician
Ozarks Technical Community College -- Office of Computer Networking
417-799-0552


-----Original Message-----
From: redhat-list-bounces at redhat.com [mailto:redhat-list-bounces at redhat.com]
On Behalf Of Steve
Sent: Tuesday, June 08, 2004 5:28 PM
To: General Red Hat Linux discussion list
Subject: RE: Read Only File System


Yes, you can mark certain files as append only using chattr, but this does 
not stop them being deleted by root as quite simply, root can do anything.

What it sounds like you need is a printer that syslog messages or the like 
are streamed to.

Unless of course physical access to the box is an issue as well in which 
case you are pretty much out of options..

You may want to look into putting a box in with DOS 6.x or the like, 
connected via a serial cable only and a log daemon that takes log 
messages from the serial port and writes them to a file. You may find that 
there is a syslog type daemon out there that will stream output to a 
serial port and then you can collect this on the DOS machine and you end 
up with a reasonably secure logging box.

You may end up having to write some software yourself to do this, but may 
find that there is already something out there on the net to do something 
similar.


-- 
Steve.


On Tue, 8 Jun 2004, Nathaniel Hall wrote:

> Ok, building on that, is there anyway to make an append only file system
and
> make it where root cannot change or delete anything in the logs?
> 
> ~~~~~~~~~~~~~~~~~~~~~~~~~~
> Nathaniel Hall
> Intrusion Detection and Firewall Technician
> Ozarks Technical Community College -- Office of Computer Networking
> 417-799-0552
> 
> 
> -----Original Message-----
> From: Henry Axelrod [mailto:AxelrodH at emigrant.com] 
> Sent: Tuesday, June 08, 2004 3:03 PM
> To: halln at otc.edu; redhat-list at redhat.com
> Subject: Re: Read Only File System
> 
> You can do this by creating a sepreate partition or drive to mount for
> that fs. When you add the entry to /etc/fstab you can place "ro" in the
> options column. For Example:
> 
> LABEL=/home     /home      ext3     ro    1 1
> 
> The preceding line will mount the home directory as read only. You will
> of course have to remeber to label the partition as /home. You will also
> probably want to add more options then just read only. This is just an
> example.  
> 
> >>> halln at otc.edu 6/8/2004 3:44:25 PM >>>
> I am working a creating a remote log server using RedHat Advanced
> Server 3.
> I would like to be able to make an entire file system read only where
> root
> can't even change the contents.  Does anybody know of a way to do
> this?
> 
>  
> 
> ~~~~~~~~~~~~~~~~~~~~~~~~~~
> 
> Nathaniel Hall
> 
> Intrusion Detection and Firewall Technician
> 
> Ozarks Technical Community College -- Office of Computer Networking
> 
> 417-799-0552
> 
>  
> 
> 


-- 
redhat-list mailing list
unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

More information about the redhat-list mailing list