netfilter firewalling problems and solutions

Dagmar d'Surreal dagmar.wants at nospam.com
Sat Feb 21 11:45:32 PST 2004


On Fri, 2004-02-20 at 16:34, Archaic wrote:
> On Fri, Feb 20, 2004 at 05:30:19PM -0500, Robert Connolly wrote:
> > 
> > If everything is immutable then nothing will be modified. /var/log can be 
> > ignored because logs don't need to be deinstalled. I don't think I want 
> > anything installing to /etc automaticly. The install log, and /etc files 
> > would need to be checked by hand after make install. Uniq can check install 
> > logs to make sure no two logs have the same entery.
> 
> That could be considered a big hassle to reset immutability each time
> you need to modify something. Granted, once it's set properly it
> shouldn't need changing often. Also, chattr is only for ext2/3.

Considering that filesystems can be mounted ro just as quickly as they
can be remounted rw, there doesn't seem to be a lot of benefit to be
gained from attempting to use the immutable flag to protect admin level
things from admin level accounts.  The immutable flag is mainly only
useful for restricting users from doing things (like changing their
.bashrc and other rather draconian measures).
-- 
The email address above is phony because my penis is already large enough, kthx. 
              AIM: evilDagmar  Jabber: evilDagmar at jabber.org




More information about the hlfs-dev mailing list