File Integrity

The password files are an important cornerstone of the security of your Linux system. Commonly they are /etc/passwd and /etc/shadow, and installed by default. Sometimes we receive questions what the right permissions of these files should be. Therefore this blog post to have a look at the file permissions (and ownership) of both files. Passwd file The password file stores local accounts of the system. It is a readable text file and uses colons (:) to separate the fields.

Did you come across a file, but don’t know what type it is? Let’s learn how to analyze it. The unknown file You may encounter a file on your system with known contents or goal. Usually, the first thing we do is then use cat to show the contents, or execute it. While that makes sense, it may be dangerous to do. It might be a piece of malware, disrupt your screen output or even hang the terminal.

The most important areas with information security are preventing some events from occurring and detecting it if something still happens. Unfortunately most companies forget to put enough effort in detection unauthorized activities. In this article we have a special look at monitoring your file system, to detect changes to your critical system files and their configuration files. Method 1: File Integrity tools The first method is monitoring file changes with the help of specific tools.