Making Log Files Append Only
On Linux systems, you may want to make your log files append only, particularly if you use a separate syslog server. To do this, use the change attribute command, as follows:
$ chattr + a [logname]
If an attacker tries to edit the log file, he will find it write protected because it is append-only. Of course, any slightly sophisticated attacker with root privileges will notice this and simply change the attribute back to make the alterations. However, many of the log-cleaning scripts used by the rank-and-file script kiddie masses will not function if this simple change is implemented.