Next: Prepare the LIDS sealing
Up: Secure some files
Previous: With chattr
Contents
Some file need to be written to when system boots up, but will be protected
by LIDS. Usually files that change are stored in /var directory, but there are
some exceptions.
- modules.dep : you don't need to make it each time you boot but each time
you add/change a module. Build the file with depmod and remove its update from
the boot sequence (it is in /etc/init.d/modutils, for me)
- ld.so.conf : as modules.dep, you have to update it only when you
add/change libraries. Remove its update from the boot sequence (I didn't find it
in my boot sequence).
- mtab : use the -n option for each mount command issued in the bootup
sequence and create a link from /etc/mtab to /proc/mounts. (they have the same
format, except that you loose extra options like umask=, gid=, etc.)
Biondi Philippe
2000-02-24