immutable storage - prevent deletion of logical volume

[SSSSSStorage]

Hi all,

I've had to reconfigure our Linux Hardened Repos and one thing that crossed my mind was is there anyway to prevent the deletion of a logical volume as root or is that impossible? as on a test box it was quite simple to delete the logical volume and then all the data is gone.
would it somehow be safer to not use logical volumes? - this does then create a level of complexity with 20+ drives per server.

I know physical access to a device and a bootable USB stick is all that is needed to wipe a repo anyway, but is there anything you can do to lock the root user out of modifying a logical volume?

[david.domask]

Hi SSSSSStorage,

off the top of my head and after a quick search, not finding a great way to prevent use of lvremove as root.

I think the best approach is to secure the Hardened Repository as per our Best Practices guide and focus on preventing and monitoring unauthorized access in the first place. Once access is obtained, a malicious actor can do quite a bit to 'punk' the system beyond just removing the logical volume, and probably it's best to focus on securing the Hardened Repository as per our best practices as opposed to trying to guess what means a malicious actor might use to punk the system.

The User Guide has a few specifics as well for Ubuntu and RHEL.

Similarly, consider our Hardened Repository ISO, which handles a lot of the security hardening automatically for you.