• VMware

    Learn about VMware virtualization for its products like vsphere ESX and ESXi, vCenter Server, VMware View, VMware P2V and many more

  • Linux

    Step by step configuration tutorials for many of the Linux services like DNS, DHCP, FTP, Samba4 etc including many tips and tricks in Red Hat Linux.

  • Database

    Learn installation and configuration of databases like Oracle, My SQL, Postgresql, etc including many other related tutorials in Linux.

  • Life always offers you a second chance ... Its called tomorrow !!!

    Thursday, October 04, 2012

    Increase security with extended file attributes

    This tool is very important for the system administrator to protect important files from getting misused by any other users. The "chattr" utility can be used to secure your important file systems like
    • hosts.allow & hosts.deny
    • /etc/hosts
    • /etc/ssh/*
    • /etc/xinetd.d/*
    and many more...

    NOTE: Once you add '+i' attribute to any file even the root user will not be allowed to make any changes in that file unless you change the attribute using '-i'

    Usage:
    # chattr +i "filename"
    Here using +i you can add or override this attribute to your file according to which this file cannot be modified any more by any user unless the root user reverts the changes.
    # chattr -i "filename"
    Using -i you can remove the attributes from the file.

    To view the attributes on the files
    # lsattr "filename"
    Examples

    # chattr +i /etc/hosts

    # lsattr /etc/hosts
    ----i--------e- hosts

    Here 'i' shows the current attribute provided and 'eattribute indicates that the file is using extents for mapping the blocks on disk. This comes default for ext4 file systems and can't be removed using chattr.

    Now when you try to make any change.
    # vi /etc/hosts
    127.0.0.1 localhost localhost.localdomain 10.10.10.xx server server.example.com
    .
    .
    "hosts" [
    readonly] 3L, 186C

    So the file has become read-only even for the root users so now the users having root privilege also will be not allowed to make any changes in this file.

    If you want to remove the attribute
    # chattr -i /etc/hosts
    # lsattr /etc/hosts
    ------------e- hosts


    0 comments:

    Post a Comment