Stefaan A Eeckels wrote:
> On 1 Sep 2006 12:28:12 -0700
> "Karen Hill" <karen_hill22@yahoo.com> wrote:
>
> > Immutable files are files where not even root
> > can change/delete/move a file set as immutable.
>
> But root can unset the immutable flag. Thus it only serves as
> protection against accidental deletions or modifications. This is
> slightly useful. Roles are better for that purpose.

Not when they are at a networked run level according to the OpenBSD man
page on the subject. They would have to reboot, or bring it down to
single user mode to do that. Rebooting an OS running a production
database would be extremely difficult to cover by an admin.

> > For the Oracle DBAs, how can you guarentee an audit trail without
> > immutable files?
>
> You cannot guarantee it with immutable files.

Are you sure? I'm read in the man pages that root cannot change or
delete an immutable file in BSD without rebooting the server. And
restarting a server is something that one could easily detect. I'm
adding the openbsd group to see if they have anything to add of
relevance to the immutable file discussion.

OpenBSD is a great system, unfortunately, scaling up to the processor
level required to run a medium sized corporate database server is
something only Solaris / AIX seem to be able to do.

> Immutability is _not_ a security feature. It does _not_ solve the
> problem that root can change any file. If you cannot trust your root
> user, you've got major problems. Trust is a difficult concept for PHBs,
> but there is no magic solution.
> Learn to live with it.
>

When an auditor has to sign off on it, "learn to live with it" is not a
very good solution when dealing with Sarb-Ox.