Yes, you can mark certain files as append only using chattr, but this does not stop them being deleted by root as quite simply, root can do anything. What it sounds like you need is a printer that syslog messages or the like are streamed to. Unless of course physical access to the box is an issue as well in which case you are pretty much out of options.. You may want to look into putting a box in with DOS 6.x or the like, connected via a serial cable only and a log daemon that takes log messages from the serial port and writes them to a file. You may find that there is a syslog type daemon out there that will stream output to a serial port and then you can collect this on the DOS machine and you end up with a reasonably secure logging box. You may end up having to write some software yourself to do this, but may find that there is already something out there on the net to do something similar. -- Steve. On Tue, 8 Jun 2004, Nathaniel Hall wrote: > Ok, building on that, is there anyway to make an append only file system and > make it where root cannot change or delete anything in the logs? > > ~~~~~~~~~~~~~~~~~~~~~~~~~~ > Nathaniel Hall > Intrusion Detection and Firewall Technician > Ozarks Technical Community College -- Office of Computer Networking > 417-799-0552 > > > -----Original Message----- > From: Henry Axelrod [mailto:AxelrodH@xxxxxxxxxxxx] > Sent: Tuesday, June 08, 2004 3:03 PM > To: halln@xxxxxxx; redhat-list@xxxxxxxxxx > Subject: Re: Read Only File System > > You can do this by creating a sepreate partition or drive to mount for > that fs. When you add the entry to /etc/fstab you can place "ro" in the > options column. For Example: > > LABEL=/home /home ext3 ro 1 1 > > The preceding line will mount the home directory as read only. You will > of course have to remeber to label the partition as /home. You will also > probably want to add more options then just read only. This is just an > example. > > >>> halln@xxxxxxx 6/8/2004 3:44:25 PM >>> > I am working a creating a remote log server using RedHat Advanced > Server 3. > I would like to be able to make an entire file system read only where > root > can't even change the contents. Does anybody know of a way to do > this? > > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~ > > Nathaniel Hall > > Intrusion Detection and Firewall Technician > > Ozarks Technical Community College -- Office of Computer Networking > > 417-799-0552 > > > > -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
