While hardening a server, you run chattr against /var/audit/audit.log to prevent the file's existing records from being altered or deleted, but you still need the audit daemon to continue writing new events to the same file. Which attribute flag accomplishes this goal?
The append-only attribute (+a) allows write operations only in append mode. Once the flag is set, the kernel refuses any attempt to overwrite, truncate, rename, or delete the file, yet processes that open the file with O_APPEND can still add data. This satisfies the requirement that historical audit entries remain intact while new entries are still recorded.
The immutable flag (+i) is more restrictive: it blocks all changes, including appending, so the audit daemon would fail. The no-atime flag (+A) merely stops access-time updates and offers no protection against modification or deletion. The no-dump flag (+d) only prevents the file from being included in dump-style backups and does not stop edits or removal.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What does the append-only (+a) flag do?
Open an interactive chat with Bash
Why can't the immutable (+i) flag be used for the audit.log file?
Open an interactive chat with Bash
How does the no-dump (+d) flag differ from append-only?
Open an interactive chat with Bash
CompTIA Linux+ XK0-006 (V8)
Security
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
IT & Cybersecurity Package Join Premium for Full Access