Securing log rotation

Martijn van Oosterhout kleptog at
Sun Aug 12 18:14:46 EST 2001

On Sun, Aug 12, 2001 at 05:41:42PM +1000, Daniel McNamara wrote:
> True but it's mainly to prevent this script kiddies who tend not to know
> more commands than ls, mv and cp from running scripts that may remove traces
> of whatever they have done. It's more or less to increase my chances of
> being able to do forensics not so much for total protection. In the case of
> the"i" and "a" attributes the man pages for chattr clearly states that only
> the superuser may set them not ordinary users.

Well, I was under the impression that these script kiddies use precooked
packages they got from somewhere else. It would be trivial for the maker of
such a package to add a chattr command in with all the other hide-my-tracks

Maybe I'm being pessamistic.

Martijn van Oosterhout <kleptog at>
> It would be nice if someone came up with a certification system that
> actually separated those who can barely regurgitate what they crammed over
> the last few weeks from those who command secret ninja networking powers.

More information about the linux mailing list