Securing log rotation
Martijn van Oosterhout
kleptog at svana.org
Sun Aug 12 18:14:46 EST 2001
On Sun, Aug 12, 2001 at 05:41:42PM +1000, Daniel McNamara wrote:
> True but it's mainly to prevent this script kiddies who tend not to know
> more commands than ls, mv and cp from running scripts that may remove traces
> of whatever they have done. It's more or less to increase my chances of
> being able to do forensics not so much for total protection. In the case of
> the"i" and "a" attributes the man pages for chattr clearly states that only
> the superuser may set them not ordinary users.
Well, I was under the impression that these script kiddies use precooked
packages they got from somewhere else. It would be trivial for the maker of
such a package to add a chattr command in with all the other hide-my-tracks
code.
Maybe I'm being pessamistic.
--
Martijn van Oosterhout <kleptog at svana.org>
http://svana.org/kleptog/
> It would be nice if someone came up with a certification system that
> actually separated those who can barely regurgitate what they crammed over
> the last few weeks from those who command secret ninja networking powers.
More information about the linux
mailing list