But, if you still want to keep your heart on FOSS, I'd give Linux Capabilities a try.
Ever heard of it? You can set a files in 'append-only' mode in a way that even root user can't mess with the data.
Check this link, a bit old but interesting: http://www.linuxjournal.com/article/5737
From the link:
If your system logs are append-only and your core system utilities immutable (see chattr(3) for details), removing the CAP_LINUX_IMMUTABLE capability will make it virtually impossible for intruders to erase their tracks or install compromised utilities. Traffic sniffers like tcpdump become unusable once CAP_NET_RAW is removed. Remove CAP_SYS_PTRACE and you've turned off program debugging. Such a hostile environment is a script kiddy's worst nightmare, and there is no choice but to disconnect and wait for the intrusion to be discovered.
Not bullet-proof, but still free and open source.
Check also those SElinux and, why not, OpenBSD. You might find something that suits you.
Slashdot Mirror
Check this link, a bit old but interesting: http://www.linuxjournal.com/article/5737
From the link: If your system logs are append-only and your core system utilities immutable (see chattr(3) for details), removing the CAP_LINUX_IMMUTABLE capability will make it virtually impossible for intruders to erase their tracks or install compromised utilities. Traffic sniffers like tcpdump become unusable once CAP_NET_RAW is removed. Remove CAP_SYS_PTRACE and you've turned off program debugging. Such a hostile environment is a script kiddy's worst nightmare, and there is no choice but to disconnect and wait for the intrusion to be discovered.
Not bullet-proof, but still free and open source.
Check also those SElinux and, why not, OpenBSD. You might find something that suits you.