When Root Meets Immutable: OpenBSD chflags vs. Log Tampering
Contributed by Peter N. M. Hansteen on from the unmuted, immutable dept.
rsadowski@
) takes a deep dive into an infrequently mentioned feature of our favorite operating system: file immutability and the chflags command. From the article:
" ... anyone who’s ever had to investigate a security incident knows the harsh reality: logs are only as trustworthy as their protection against post-incident tampering. An attacker who gains root access isn’t going to politely leave their tracks in the log files – unless they physically can’t alter them anymore."
Read the whole thing, When Root Meets Immutable: OpenBSD chflags vs. Log Tampering, over at Rafael's site!