@laks wrote:
Lets create a secret file with top secret content
echo "Earth is our home!!!!" > secretfile.txt
Now some intruders got root access wants to destory
your secretfile with simple command like
#rm -f secretfile.txthow to prevent him? . Though we can't him completely,
we might make him to think for a moment before he
realizes what going on. If he is an average intruder,
he may give up too![:smiley:]( ":smiley:")
What we need to do - is set an immutable flag like
#chattr +i secretfile.txt
Now even he tries to delete that file as root, he will
getsecretfile.txt': Operation not permitted
# rm -rf secretfile.txt
rm: cannot remove
message. Probably he might do an 'ls -l' command to
check everything is fine or not. But he will see
# ls -l secretfile.txt
-rwxrwxrwx. 1 root root 18 Sep 12 13:33 secretfile.txt
Permission looks fine, but owner might have set immutable flag on it.
If he is an well-experienced hacker, he might guess 'immutable'
flag and run
# lsattr secretfile.txt
----i--------e- secretfile.txt
then think, "hmm, idiots ,they think simple immutable flag can prevent
me? aha" and removes the flags within 5 seconds with a command like
# chattr -i secretfile.txt
and does
#rm -f secretfile.txt
`
There goes our filebut hacker will be happy
but hacker will be happy Posts: 1
Participants: 1