<span><strong>1</strong></span><span style="font-family:宋体;"><strong>、</strong></span><span><strong>chattr </strong></span><span style="font-family:宋体;"><strong>概述</strong></span>



<span>chattr</span><span style="font-family:宋体;">命令的作用很大,其中一些功能是由</span><span>Linux</span><span style="font-family:宋体;">内核版本来支持的,如果</span><span>Linux</span><span style="font-family:宋体;">内核版本低于</span><span>2.2</span><span style="font-family:宋体;">,那么许多功能不能实现。同样-</span><span>D</span><span style="font-family:宋体;">检查压缩文件中的错误的功能,需要</span><span>2.5.19</span><span style="font-family:宋体;">以上内核才能支持。另外,通过</span><span>chattr</span><span style="font-family:宋体;">命令修改属性能够提高系统的安全</span> <span style="font-family:宋体;">性,但是它并不适合所有的目录。</span><span>chattr</span><span style="font-family:宋体;">命令不能保护</span><span>/</span><span style="font-family:宋体;">、</span><span>/dev</span><span style="font-family:宋体;">、</span><span>/tmp</span><span style="font-family:宋体;">、</span><span>/var</span><span style="font-family:宋体;">目录。</span>



<span style="font-family:宋体;"></span>&nbsp;



<span></span>



<span><strong>2</strong></span><span style="font-family:宋体;"><strong>、</strong></span><span><strong>chattr</strong></span><span style="font-family:宋体;"><strong>和</strong></span><span><strong>touch</strong></span><span style="font-family:宋体;"><strong>、</strong></span><span><strong>chown</strong></span><span style="font-family:宋体;"><strong>、</strong></span><span><strong>chmod</strong></span><span style="font-family:宋体;"><strong>等命令的比较</strong></span>



<span style="color:#e56600;">chmod</span><span style="font-family:宋体;color:#e56600;">只是改变文件的读写、执行权限,</span><span style="color:#e56600;">touch</span><span style="font-family:宋体;color:#e56600;">只能修改文件的创建时间,而</span><span style="color:#e56600;">chattr</span><span style="font-family:宋体;color:#e56600;">是基于内核的更底层的属性控制。</span>



<span style="font-family:宋体;color:#e56600;"></span>&nbsp;



<span></span>



<span><strong>3</strong></span><span style="font-family:宋体;"><strong>、</strong></span><span><strong>chattr</strong></span><span style="font-family:宋体;"><strong>命令的用法</strong></span>



<span>Usage: chattr [-RVf] [-+=AacDdijsSu] [-v version] files...</span>



<span style="font-family:宋体;">最关键的是在</span><span>[AacDdijsSu]</span><span style="font-family:宋体;">部分,</span><span>[AacDdijsSu]</span><span style="font-family:宋体;">部分是由</span><span>+-=</span><span style="font-family:宋体;">和</span><span>[ASacDdIijsTtu]</span><span style="font-family:宋体;">这些字符组合的,这部分是用来控制文件的属性。</span>



<span style="font-family:宋体;"></span>&nbsp;



<span></span>

+ :在原有参数设定基础上,追加参数。

<span style="font-family:宋体;color:#009900;">  </span><span style="color:#009900;">- </span><span style="font-family:宋体;color:#009900;">:在原有参数设定基础上,移除参数。</span>



<span style="font-family:宋体;color:#009900;">  </span><span style="color:#009900;">= </span><span style="font-family:宋体;color:#009900;">:更新为指定参数设定。</span>



<span style="font-family:宋体;"></span>&nbsp;



<span></span>

A:文件或目录的 atime (access time)不可被修改(modified), 可以有效预防例如手提电脑磁盘I/O错误的发生。

<span style="font-family:宋体;">  </span><span>S</span><span style="font-family:宋体;">:硬盘</span><span>I/O</span><span style="font-family:宋体;">同步选项,功能类似</span><span>sync</span><span style="font-family:宋体;">。</span>



<span></span>



<span style="font-family:宋体;">  </span><span>a</span><span style="font-family:宋体;">:即</span><span>append</span><span style="font-family:宋体;">,设定该参数后,只能向文件中添加数据,而不能删除,多用于服务器日志文</span> <span style="font-family:宋体;">件安全,只有</span><span>root</span><span style="font-family:宋体;">才能设定这个属性。</span>



<span></span>



<span style="font-family:宋体;">  </span><span>c</span><span style="font-family:宋体;">:即</span><span>compresse</span><span style="font-family:宋体;">,设定文件是否经压缩后再存储。读取时需要经过自动解压操作。</span>



<span></span>



<span style="font-family:宋体;">  </span><span>d</span><span style="font-family:宋体;">:即</span><span>no dump</span><span style="font-family:宋体;">,设定文件不能成为</span><span>dump</span><span style="font-family:宋体;">程序的备份目标。</span>



<span></span>



<span style="font-family:宋体;">  </span><span>i</span><span style="font-family:宋体;">:设定文件不能被删除、改名、设定链接关系,同时不能写入或新增内容。</span><span>i</span><span style="font-family:宋体;">参数对于文件</span> <span style="font-family:宋体;">系统的安全设置有很大帮助。</span>



<span></span>



<span style="font-family:宋体;"> </span> <span style="font-family:宋体;"> </span><span>j</span><span style="font-family:宋体;">:即</span><span>journal</span><span style="font-family:宋体;">,设定此参数使得当通过</span><span>mount</span><span style="font-family:宋体;">参数:</span><span>data=ordered </span><span style="font-family:宋体;">或者</span><span> data=writeback </span><span style="font-family:宋体;">挂</span> <span style="font-family:宋体;">载的文件系统,文件在写入时会先被记录</span><span>(</span><span style="font-family:宋体;">在</span><span>journal</span><span style="font-family:宋体;">中</span><span>)</span><span style="font-family:宋体;">。如果</span><span>filesystem</span><span style="font-family:宋体;">被设定参数为</span><span> data=journal</span><span style="font-family:宋体;">,则该参数自动失效。</span>



<span></span>



<span style="font-family:宋体;">  </span><span>s</span><span style="font-family:宋体;">:保密性地删除文件或目录,即硬盘空间被全部收回。</span>



<span></span>



<span style="font-family:宋体;">  </span><span>u</span><span style="font-family:宋体;">:与</span><span>s</span><span style="font-family:宋体;">相反,当设定为</span><span>u</span><span style="font-family:宋体;">时,数据内容其实还存在磁盘中,可以用于</span><span>undeletion.</span>



<span></span>



<span style="font-family:宋体;">各参数选项中常用到的是</span><span>a</span><span style="font-family:宋体;">和</span><span>i</span><span style="font-family:宋体;">。</span><span>a</span><span style="font-family:宋体;">选项强制只可添加不可删除,多用于日志系统的安全设定。而</span><span>i</span><span style="font-family:宋体;">是更为严格的安全设定,只有</span><span>superuser (root) </span><span style="font-family:宋体;">或具有</span><span>CAP_LINUX_IMMUTABLE</span><span style="font-family:宋体;">处理能力(标识)的进程能够施加该选项。</span>



<span style="font-family:宋体;"></span>&nbsp;



<span></span>



<span><strong>4</strong></span><span style="font-family:宋体;"><strong>、应用实例</strong></span>



<span>a</span><span style="font-family:宋体;">、用</span><span>chattr</span><span style="font-family:宋体;">命令防止系统中某个关键文件被修改</span>



<span># chattr +i /etc/fstab </span>



<span></span><span style="font-family:宋体;">然后试一下</span><span>rm mv rename</span><span style="font-family:宋体;">等命令操作于该文件,都是得到</span><span>Operation not permitted </span><span style="font-family:宋体;">的结果。</span>



<span>b</span><span style="font-family:宋体;">、让某个文件只能往里面追加内容,不能删除,一些日志文件适用于这种操作</span>



<span style="font-family:宋体;"></span><span># chattr +a /data1/user_act.log</span>



<span>注:该工具也经常会被hack们利用,如经典的ddrk就用到下面的语句:</span>



<span>chattr -AacdisSu /sbin/ttyload</span>



<span></span>&nbsp;



<span></span>



<span><strong>5</strong></span><span style="font-family:宋体;"><strong>、查看文件的属性</strong></span>



<span style="font-family:宋体;">与</span><span>chattr</span><span style="font-family:宋体;">相关的还有一个</span><span>lsattr</span><span style="font-family:宋体;">命令,</span><span>lsattr</span><span style="font-family:宋体;">比较简单,只是显示文件的属性。</span>



<span>[root]#lsattr<span>&nbsp; </span>test.txt</span>



<span>----ia---j---<span>&nbsp; </span>test.txt</span>



<span></span>