I would like to mount some filesystems or directories "immutable", so that their files can't be altered or added to, except by rebooting.
I currently use chattr +i filenames to make individual files immutable. Then I alter the kernel with lcap CAP_LINUX_IMMUTABLE so this immutability can't be changed without a reboot. As a result, those files cannot be altered without reboot, which is awkward for upgrades, but acceptably awkward to greatly limit attacks. Unfortunately, the use of "chattr" requires me to change tens of thousands of files, which takes time. It also alters the files atime, so an "aide" check for file changes doesn't straight forwardly work (although I could remount with "-o noatime"). A better approach would make all of a directory's or mount's files read-only unless the computer is rebooted. Unfortunately, "mount -o ro" can be changed with "mount -o rw" without reboot. A few hard drives are manufactured that can be physically changed to read-only, but this becomes awkward, especially for later file changes, but is also difficult to even purchase such a drive. Another possible approach "chattr +i some-directory" prevents removing or adding files from that directory, but does not prevent changing the files in that directory! And I know of no trick like "chmod +t some-directory" to prevent all users (including root) from changing that file except by reboot. Does anyone know how I might mount a filesystem or directory "immutably", except by reboot. -- Jameson C. Burt, NJ9L Fairfax, Virginia, USA [EMAIL PROTECTED] http://www.coost.com (202) 690-0380 (work) LTSP.org: magic "mysterious and awe-inspiring even though we know they are real and not supernatural" -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
