0

A few years ago when I was reading something about linux server security (maybe it was a book) I encountered a command or an application that prevented the netfilter (iptables) rules from being changed, even by the root. Problem is, I don't remember the name or how to find it. But I want it again as I need it now.

Does anyone have any ideas?

Edit: on *BSD is 'kern.securelevel=x'

Thank you, Matic

Matic
  • 35
  • 5

2 Answers2

2

I think what you are looking for is LIDS.

More specifically: set root's capabilities to near-nothing, "seal the kernel", and then you would have to modify anything from then on with lidsadm and the like. You can always give yourself capabilities as root, however, with lidsadm -S (LIDS password required.)

A short example would be: lidsadm -S -- +CAP_NET_ADMIN to allow you administer the firewall, and then followed with lidsadm -S -- -CAP_NET_ADMIN.

Further discussion of LIDS is out of the scope of this reply, but suffice it to say it can cause you as much grief as grsecurity/SELinux/libcap2/etc if you are not a careful admin. There is plenty of documentation and it is working with the latest kernels.

HTH.

Sam Halicke
  • 6,222
  • 1
  • 25
  • 35
0

iptables-restore in crontab ?

quaie
  • 1,122
  • 6
  • 14
  • No, if you tried to change the rules with iptables it said something like permission denied. The iptables binary was fine and permissions for the file were fine as well. It did something on the kernel level. – Matic Oct 24 '09 at 18:52
  • grsec - http://en.wikipedia.org/wiki/Grsecurity - or something similar ? – quaie Oct 24 '09 at 22:33