Ken Hornstein:

>I believe that in a secure environment you should make the kernel and the
>/etc/rc* files immutable, so even if a bad guy does get root they can't modify
>these files.

Also /.profile has to be immutable.

Also any programs/scripts executed from the rc-scripts and any files
that affect the behaviour of these scripts should probably made
immutable too.

>Unfortunately, that does make it so you have to go to single
>user to modify these files, which can be a drag at times.

That seems to be the price one has to pay for security.
-- 
Christoph Badura	bad@flatlin.ka.sub.org		+49 721 606137

Es genuegt nicht, keine Gedanken zu haben;
man muss auch unfaehig sein, sie auszudruecken.  - Karl Kraus