Re: More Syslog Questions

["Marcus J. Ranum" <mjr () ranum com>]

Devdas Bhagat wrote:
> On Linux, the chattr command on ext2/3 filesystems is useful. From man
> chattr
>       A file with the `a' attribute set  can  only  be  open  in
>       append  mode for writing.  Only the superuser or a process
>       pessessing the CAP_LINUX_IMMUTABLE capability can  set  or
>       clear this attribute.

Is this Linux specific, or did the BSD guys change this, too? The original
idea of immutable files was that they were, uh, um, immutable. Making
them "immutable except by root" is stupid - that's the same as saying
chown root file && chmod 700 file

The original idea of immutable files was that you could rename them
(so you could rotate logs) but otherwise they'd be append-only unless
you brought the system into a secure state to operate on them. Yes,
that requires a reboot - but that's the Right Thing in this case.

Hmm... I am just musing as to how web servers/web services and
the Internet Explosion have made "scheduled reboot" no longer
particularly acceptable. I used to think nothing of having my firewall
restart itself every monday at 4:00am - the 30 seconds of downtime
were acceptable. Gone are those days.

mjr.

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards