You a kernel hacker? If so, I *think* that could could go into the source
code for the IDE driver and change it so that it would refuse to write to
the HD at all. You'd then create your custom Linux kernel like any other.
When you booted from it, the software simply wouldn't write to the HD. You'd
need to reboot using a different kernel. Make your custom kernel the default
loaded by LILO so that if, somehow, the system got rebooted, it would
default to the no-write kernel. But the more I think about this the worse it
gets. Doesn't Linux want to write stuff to the /var and /tmp subdirectories?
Maybe make specific partitions read-only via the kernel modification. I
guess this wouldn't secure against INT 13, but if you can't write to the HD,
how would the intruder install his/her modifications?
Another thought, if this is a separate machine, why not just get rid of root
and mount the HD read-only? If nobody has authority to issue mount command
and the /etc/fstab says to mount read-only, how could they add/delete/modify
any files on that partition?
If this is a shared machine, can you reboot it when on the Internet? If so,
create a kernel image which has a different "/" partition from the "real"
one. That "/" would be stand-alone (no access to any other partitions
defined in its /etc/fstab). Remove root from that partition's security (or
remove the mount command entirely). Again, make this the default boot kernel
for LILO. If the partition is read-only and there is no mount command
available, then I simply don't see any way for an intruder to
add/delete/modify a file. Without mount, the partition cannot be made
writable. If the partition cannot be made writeable, nobody can
add/delete/modify any files or directories. Of course, your alternate kernel
would boot with a different partition as "/" which would have root in the
security file. Perhaps having your Web's "/" mounted at a different mount
point. A real waste of disk space, but that's all I can think of.