2016-01-21 (last updated at September 14th, 2019) Michael BoelenFile Integrity 3 comments

shadow password file

Linux password files and permissions The password files are an important cornerstone of the security of your Linux system. Commonly they are /etc/passwd and /etc/shadow, and installed by default. Sometimes we receive questions what the right permissions of these files should be. Therefore this blog post to have a look at the file permissions (and ownership) of both files. Passwd file The password file stores local accounts of the system. It is a readable text file and uses colons (:) […]

2016-01-05 (last updated at June 24th, 2018) Michael BoelenFile Integrity 2 comments

How to see the file type?

Did you come across a file, but don’t know what type it is? Let’s learn how to analyze it. The unknown file You may encounter a file on your system with known contents or goal. Usually, the first thing we do is then use cat to show the contents, or execute it. While that makes sense, it may be dangerous to do. It might be a piece of malware, disrupt your screen output or even hang the terminal. Here is […]

2014-08-24 (last updated at October 20th, 2014) Michael BoelenFile Integrity, Monitoring Leave a comment

Monitor for File System Changes on Linux

Monitor for File System Changes The most important areas with information security are preventing some events from occurring and detecting it if something still happens. Unfortunately most companies forget to put enough effort in detection unauthorized activities. In this article we have a special look at monitoring your file system, to detect changes to your critical system files and their configuration files. Method 1: File Integrity tools The first method is monitoring file changes with the help of specific tools. […]