File permissions of the /etc/shadow password file

Linux password files and permissions The password files are an important cornerstone of the security of your Linux system. Commonly they are /etc/passwd and /etc/shadow, and installed by default. Sometimes we receive questions what the right permissions of these files should be. Therefore this blog post to have a look at the file permissions (and ownership) of both files. Passwd file The password file stores local accounts of the system. It is a readable text file and uses colons (:) […]

Read more

How to Determine a File Type on Linux

Finding Files and Understanding Their Content You may encounter a file on your system with known contents or goal. Usually, the first thing we do is then use cat to show the contents, or execute it. While that makes sense, it may be dangerous to do. It might be a piece of malware, disrupt your screen output or even hang the terminal. Here is a better way to do it, using the file command. Great for forensics, malware analysis, intrusion […]

Read more

Monitor for File System Changes on Linux

Monitor for File System Changes The most important areas with information security are preventing some events from occurring and detecting it if something still happens. Unfortunately most companies forget to put enough effort in detection unauthorized activities. In this article we have a special look at monitoring your file system, to detect changes to your critical system files and their configuration files. Method 1: File Integrity tools The first method is monitoring file changes with the help of specific tools. […]

Read more