Home IT Linux Windows Database Network Programming Server Mobile  
  Home \ Linux \ Increase Linux system security --chattr     - Understanding the Linux load average on other UNIX-Like systems (Linux)

- OpenGL Superb Learning Notes - Fragment Shader (Programming)

- Windows Desktop use VNC remote connect Linux (Linux)

- About the replication of JavaScript (Programming)

- Java Concurrency - processes and threads (Programming)

- Linux performance monitoring - CPU, Memory, IO, Network (Linux)

- Root of AVL Tree- achieve balanced search trees AVL tree (Programming)

- Linux install Samba file sharing server (Server)

- Ubuntu iptables prevent IP attacks (Linux)

- Access.log Apache access log analysis and how to import it into MySQL (Server)

- Kibana use installation (Linux)

- Fast Sort Algorithms (Programming)

- Generate two-dimensional code parsing code Java (Programming)

- Zabbix configuration external network mail alarm (Server)

- C ++ function object (Programming)

- Oracle create a temporary table space group (Database)

- The basic principles of AIX system security (Linux)

- Simple to use Linux GPG (Linux)

- The ActiveMQ JMS installation and application examples for Linux (Linux)

- CentOS installed JDK8 (Linux)

  Increase Linux system security --chattr
  Add Date : 2018-11-21      
  Chattr role is to modify the permissions ext3 / ext2 file system, it can only be used by the superuser, its function is to set the file's hidden attribute, the hidden attribute is set for the security of the system is of great help.

chattr usage:

chattr [-RV] [- + = AacDdijsSu] [-v version] file or directory

The main parameters

-R: Recursively all files and subdirectories.

-V: Detailed display content, and print output.

-: Failure property.

+: Active properties.

=: Specifies the property.

A: Atime, tell the system not to modify this file last access time.

S: Sync, once applications have been written to the file, the system is modified changes are written to disk.

a: Append Only, the system only allows additional data after this document, the process does not allow any cover or truncate the file. If the directory has this attribute, the system will only allow the establishment in this directory and modify files, but you can not delete any files.

i: Immutable, the system does not allow this document to make any changes. If the directory has this attribute, any process can only modify the files under the directory are not allowed to create and delete files.

D: Check the compressed file errors.

d: No dump, during file system backup, dump will ignore the file.

C: Compress, the system transparently compress the file. When reading from the file, the data is returned after decompression; and when writing data to the file, the data is first written to disk only after being compressed.

s: Secure Delete, delete the system at the time of this file, use the area filled with zeros file.

u: Undelete, when an application request to delete the file, the system will retain the data block for later able to recover the deleted files.

But one common options is only a two and i.

For example: # ls -l

-rw-r - r-- 1 root root 0 Mar 15 16:26 chattrtest

#chattr + i chattrtest

# Rm chattrtest

rm: remove write-protected regular empty file `chattrtest 'y?

rm: can not remove `chattrtest ': Operation not permitted

Tip can not be deleted, but the root can not be deleted.

Only after releasing settings can be deleted: #chattr -i chattrtest

When we set the hidden attribute, and how to view it?

Use lsattr command:

#lsattr -a chattrtest

---- I -------- chattrtest

Role lsattr is hidden attribute display file usage is: lsattr [-aR] file or directory

Parameters: -a hidden files property page is displayed

-R Data along with subdirectories are also shown out

These two commands in the use to be especially careful, otherwise it will cause a lot of trouble, such as the / etc / shadow password file attribute set i, then we want to add a user, you will not be increased in, so long as we place i attribute.
- Security: set limits on password (Linux)
- CentOS installation Percona Server 5.5.42 compiling problem solve one case (Linux)
- Ubuntu UFW firewall settings Introduction (Linux)
- Linux create and delete user step (Linux)
- Ubuntu 14.10 / 14.04 / 12.04 virtual users to install the printing software Boomaga (Linux)
- Why is better than Git SVN (Linux)
- namespace mechanism Linux kernel analysis (Linux)
- CentOS 6.6 install rsync server (Server)
- Swift acquaintance of values and references, the circular reference, Agent Precautions (Programming)
- Android Notification (Programming)
- Django1.8 return json json string and the string contents of the received post (Programming)
- Linux performance monitoring (Linux)
- Android project using the command to create and install the package (Programming)
- Grep how to find files based on file contents in UNIX (Linux)
- crontab task scheduling Health Check (Linux)
- Several configuration changes illustrate deployment of PHP (Server)
- Close and limit unused ports computer server security protection (Linux)
- Binary Packages Golang (Linux)
- Installation GitLab appears ruby_block supervise_redis_sleep action run (Linux)
- Ubuntu 15.04 installed Nvidia Quadro series graphics driver (Linux)
  CopyRight 2002-2016 newfreesoft.com, All Rights Reserved.