Securing System Files
Securing System Files
It's very important that you completely understand the impact of activating the following options will have on your ability to make changes to your system.
The simplest thing you can do is set the immutable flag on all system binaries and /etc config files with:
chflags schg /bin/*(*) /sbin/*(*) /usr/bin/*(*) /usr/sbin/*(*) /etc/*(*)
Setting the immutable flag on means the files are marked as being protected from being written over or deleted. Once you execute the above command, no process can overwrite those files, thus increasing the level of difficulty for the attacker and increasing the odds in your favor of the attacker leaving error messages in the system log. On the other hand, you as the root user can not make any changes to those files so marked either. Every time you want to make changes you have to issue the command to turn off the immutable flag on all the same files. Use this command to do that:
chflags noschg /bin/*(*) /sbin/*(*) /usr/bin/*(*) /usr/sbin/*(*) /etc/*(*)
You can use "ls -lo" command to see the immutable flags of existing files.