Protecting Integrity

Whenever possible, we would like to prevent unauthorized alteration or deletion of data on our systems. We can do so via software controls and some hardware means. We have discussed many of the software methods available on Unix systems in other chapters. These have included setting appropriate permissions on files and directories, restricting access to the root account, and controlling access to remote services.

Unfortunately, no matter how vigilant we may be, bugs occur in software (more often than they should!), and configuration errors are made.[297] In such cases, we want our data to be protected by something at a lower level—something in which we might have more confidence.

Immutable and Append-Only Files

Two helpful mechanisms were built into BSD 4.4 Unix: immutable files and append-only files. These wonderful mechanisms are present only (at the time of this writing, to the best of our knowledge) in the FreeBSD, NetBSD, OpenBSD, BSDOS, and Linux[298] versions of Unix. It is a pity that more commercial vendors have not seen fit to integrate these ideas in their products.

As their name implies, immutable files are files that cannot be modified once the computer is running. They are ideally suited to system configuration files, such as /etc/rc and /etc/inetd.conf, as well as for the Unix kernel itself. Append-only files are files to which data can be appended, but in which existing data cannot be changed. They are ideally suited for log files.

The chflags ...

Get Practical UNIX and Internet Security, 3rd Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.