Linux Intrusion Detection System FAQ
PrevChapter 5. Configuring LIDSNext

5.5. If nothing is allowed to read my /etc/shadow file, how can I authenticate myself to the system?

In order to allow users to authenticate themselves to the system, it is necessary to give certain programs read only access to the /etc/shadow. Some of the programs you may want to consider giving read access to are: login, sshd, su, and vlock. To allow the login program to read /etc/shadow, use the following ACL: 
bash# lidsconf -A -s /bin/login -o /etc/shadow -j READONLY
The "-s" option specifies a subject, which is /bin/login in this case. We are giving the subject read only access to the object (/etc/shadow in this case). This will protect all files under /var/log as append only. As with READ and DENY, this target is also recursive.

PrevHomeNext
How can I protect log files so they can only be appended to?UpIf I protect /etc as read only, how will mount be able to write to /etc/mtab?