top of page

Immutable XFS for Rocky Linux

IFS is an Immutable Filesystem that implements the function of preventing unauthorized file deletion and forgery/alteration of files in XFS. To use the IFS function, replace the existing kernel with a new kernel built by adding WORM (Write-Once Read-Many) function to XFS in the Kernel Source Code of the corresponding Linux distribution. Linux, which provides IFS function, is 100% compatible with original Linux distributions, enabling the creation and utilization of Immutable Filesystem for data deletion, tamper prevention, and compliance assurance.

Linux with IFS

Linux with IFS Configuration Example

l Create Immutable Filesystem

Creates an XFS filesystem and assigns immutability to the filesystem through a command.

At this time, the following three properties can be set for the filesystem.

① Default Retention Period

- Retention period automatically assigned to all files stored in this file system when a specific retention period is not explicitly specified for a file

- The retention period is specified as a number of minutes. (1minute=1, 1hour=60, 1day=1,440, 1week=10,080, 1month=43,920, 1year=525,600, permanent=0)

② Auto Trigger enable

- The auto trigger property can be enabled with the mount option.

- For a detailed description of Trigger and Auto Trigger, see the "File Retention Period and Making a file immutable" paragraph below.

③ Compliance Clock enable

- Set whether to apply "Compliance Clock" to the file system through the command

- For a detailed description of Compliance Clock, see the "Compliance Clock" paragraph below.

l File Retention Period and Making a file immutable

The act of granting immutability to a specific file stored in IFS is defined as a “Trigger” and is performed through a command. Even files stored in IFS can be freely modified or deleted before triggering, and after triggering, files cannot be deleted or modified during the specified retention period. Trigger is an irreversible action. There are two types of Trigger: Auto Trigger and Manual Trigger.

① Auto Trigger

▪ Applies to IFS mounted with the "auto trigger" option.

▪ When a file is created, a "Default Retention Period" is assigned to the file and immutability is automatically assigned.

② Manual Trigger

▪ Without the “auto trigger” option, the command that makes a file immutable, i.e. the trigger command, must be explicitly performed on the file.

▪ If you specify a retention period for a file and trigger it, the file will have the specified retention period. If a trigger is executed without a separate retention period designation process, the volume default retention period is specified for the file.

l Compliance Clock

If the expiration of the retention period is determined based on the system time, there is a risk of avoiding the retention period by changing the system time. The Compliance Clock is a kind of software clock mechanism that operates independently of the system time for the purpose of judging the expiration of the retention period. Compliance Clock can be selectively enabled for each file system, and cannot be disabled once enabled.

l Append-Only Write Mode

In general write mode, it is possible to edit the recorded part until the file is finally triggered. When a file is set to Append-Only, data can be appended to the end of the file, but already recorded parts cannot be modified or deleted. When a file is created for the first time, this property is given through the first trigger, and when there is no more data to be added, the final immutable property that cannot be modified any more is confirmed through the second trigger. (Two-phase trigger)

l License

There are free licenses and capacity-based paid licenses.

① Free License

▪ All features can be used without restrictions.

▪ The only limitation is that the total capacity of immutable volumes that can be created is limited to 100GB.

② Paid License

▪ A policy on paid licenses will be announced soon.

조회수 0회댓글 0개


bottom of page