hello
is there any freeze software for Linux-redhat system to prevent any changes on /root
(wish open topic on right forum)
On systems that support MAC you may be able to modify a policy to deny writes to files, denying policy alteration and denying reboot (convoluted). On file systems that support it you can set the immutable bit (weak). On file systems that do not support extended attributes you could mount another /root directory over it with the ro flag set (even weaker option).
*Do note anyone with root privileges can undo things. Also note immutable files are of no use if the real cause of the problem should not be addressed through the use of technology (as in PEBCAK).
1 Like
can you explain more?how can i do this?
how about scrub command? is it possible to set it to files i need to prevent any changes by other ?
Mandatory Access Controls (MAC) like SELinux or TOMOYO allow you to create a policy that can deny access to files. The problem, and that's why I said it would probably be convoluted, is that it is unlikely that any existing policies will match your needs so you'll have to write your own policy: tedious, bothersome and no guarantee your policy works until you have tested it. If you want to learn more best read the documentation first.
Never heard of it.
Immutable bit, yes.