JKS> Date: Thu, 23 May 2002 17:34:29 -0400 (EDT) JKS> From: Jason K. Schechner JKS> > Why would you want to do this? JKS> JKS> Logging. If a h@xx0r cracks your box he can't erase JKS> anything that's already been written there. Often it takes BSD enforces append-only when running proper securelevel. AFAIK, Linux lacks this attribute, and root can disable the so-called "immutable" attrib. JKS> a physical change (jumper, dipswitch, etc) to change from JKS> write-only to read-only making it pretty tough for the JKS> h@xx0r to cover his steps. Why not log to an external bastion host? -- Eddy Brotsman & Dreger, Inc. - EverQuick Internet Division Phone: +1 (316) 794-8922 Wichita/(Inter)national Phone: +1 (785) 865-5885 Lawrence ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Date: Mon, 21 May 2001 11:23:58 +0000 (GMT) From: A Trap <blacklist@brics.com> To: blacklist@brics.com Subject: Please ignore this portion of my mail signature. These last few lines are a trap for address-harvesting spambots. Do NOT send mail to <blacklist@brics.com>, or you are likely to be blocked.