CompTIA Linux+ XK0-006 (V8) Practice Question

The correct command is chattr +a /var/log/audit/app_security.log. The chattr command is used to change file attributes on a Linux file system. The +a option sets the 'append-only' attribute. A file with this attribute can only be opened in append mode for writing, meaning data can be added to the end of the file, but existing data cannot be modified or deleted. This restriction applies even to the root user.

• chattr +i /var/log/audit/app_security.log is incorrect because the +i option sets the 'immutable' attribute. An immutable file cannot be modified in any way; it cannot be deleted, renamed, and no data can be written to it, including appending.
• chmod 640 /var/log/audit/app_security.log is incorrect. The chmod command changes the standard read, write, and execute permissions. While this command restricts write access to the file's owner, it does not prevent the owner or the root user from overwriting or deleting the file. It does not enforce an 'append-only' behavior.
• chown audit:root /var/log/audit/app_security.log is incorrect. The chown command changes the user and/or group ownership of a file. While this is an important security practice, it does not, by itself, prevent the file from being modified or deleted by its new owner or the root user.