Increase security with extended file attributes

This tool is very important for the system administrator to protect important files from getting misused by any other users. The “chattr” utility can be used to secure your important file systems like
  • hosts.allow & hosts.deny
  • /etc/hosts
  • /etc/ssh/*
  • /etc/xinetd.d/*
and many more…
NOTE: Once you add ‘+i‘ attribute to any file even the root user will not be allowed to make any changes in that file unless you change the attribute using ‘-i

Usage:
# chattr +i “filename

Here using +i you can add or override this attribute to your file according to which this file cannot be modified any more by any user unless the root user reverts the changes.

# chattr -i “filename
Using -i you can remove the attributes from the file.


To view the attributes on the files
# lsattr “filename”
Examples

# chattr +i /etc/hosts

# lsattr /etc/hosts
—-i——–e- hosts

Here ‘i‘ shows the current attribute provided and ‘e‘ attribute indicates that the file is using extents for mapping the blocks on disk. This comes default for ext4 file systems and can’t be removed using chattr.

Now when you try to make any change.

# vi /etc/hosts
127.0.0.1 localhost localhost.localdomain 10.10.10.xx server server.example.com
.
.
“hosts” [
readonly] 3L, 186C

So the file has become read-only even for the root users so now the users having root privilege also will be not allowed to make any changes in this file.

If you want to remove the attribute
# chattr -i /etc/hosts
# lsattr /etc/hosts
————e- hosts

Leave a Comment

close button