Home > Articles > Security > Network Security

  • Print
  • + Share This
Like this article? We recommend

Making Log Files Append Only

On Linux systems, you may want to make your log files append only, particularly if you use a separate syslog server. To do this, use the change attribute command, as follows:

$ chattr + a [logname]

If an attacker tries to edit the log file, he will find it write protected because it is append-only. Of course, any slightly sophisticated attacker with root privileges will notice this and simply change the attribute back to make the alterations. However, many of the log-cleaning scripts used by the rank-and-file script kiddie masses will not function if this simple change is implemented.

  • + Share This
  • 🔖 Save To Your Account