Data XFS Immuability can delete

[Backupnews.fr]

Hi,
Today, I'm surprise because, with immuability on XFS, I can change attribut of backup file's Veeam and delete it.
I use this following command with ''root'' user :
1. chattr -i *.vbk --> remove attribut
2. rm *.vbk --> files deleted

Maybe, I forget something when I configured my XFS with immuability

Do you have an idea ... ?

[HannesK]

Hello,
that's not really surprising... you could also just delete the whole partition.

Please check out the sticky FAQ where that topic is covered.

Best regards,
Hannes

[Gostev]

I use this following command with ''root'' user :
1. chattr -i *.vbk --> remove attribut
2. rm *.vbk --> files deleted

That's too many steps... you could just format the volume instead.

[Backupnews.fr]

ok, thank you. So if I understand, it's not really immuable if I can change attribut ?

[HannesK]

it depends what you understand under "really immutable". There is always a layer that is mutable... I'm sure this hammer can change your data

Quote from the FAQ I posted earlier

WORM software has existed for many years as standalone software solutions or even as pre-configured virtual appliances. In both cases, the underlying operating system or infrastructure must be secured. If an attacker gets access to the virtualization platform, then they can delete the whole WORM VM without needing to attack the WORM software itself. Here's a similar situation for WORM software based on Windows or Linux: if an attacker becomes an administrator or root, they can destroy the data protected by the WORM software. As an administrator/root, there is always a way to get around the protections of a software running on that system (that includes countermeasures like filter drivers or encryption).

I also described the attack vectors and what needs to be done to minimize risk.

[Gostev]

The data is really immutable for anyone but root account.

While for root account, there are many ways to destroy the data (including even without removing the attribute). We already shared two ways above, neither of which requires removing the attribute first.

This is true even for specialized WORM storage appliances, because at the very least root can always simply do a factory reset of the device.

So just make sure no one knows the root account password, and your data will be really immutable. The password is not stored anywhere, so it cannot be extracted even during the successful attack.

But you can never protect the data from yourself or anyone else you decide to tell the root password to

[Backupnews.fr]

ok, thanks for your precision.