2016-11-08 (last updated at April 30th, 2017) Michael BoelenNetwork Leave a comment

networks file

What is /etc/networks file? Also wondering what particular files do on Linux? One of those files we recently rediscovered during auditing is the /etc/networks file. For some reason it was always there, yet we never change it. When looking at the man page of networks(5) we learn its purpose (almost instantly): It translates between IP ranges and network names It is used for tools like netstat and route It only works on class A, B, or C networks It does […]

2016-08-30 (last updated at October 19th, 2020) Michael BoelenFile System 4 comments

Linux system hardening: adding hidepid to /proc mount point

When looking in /proc you will discover a lot of files and directories. Many of them are just numbers, which represent the information about a particular process ID (PID). By default, Linux systems are deployed to allow all local users to see this all information. This includes process information from other users. This could include sensitive details that you may not want to share with other users. By applying some file system configuration tweaks, we can change this behavior and improve the […]

2014-11-18 (last updated at June 26th, 2018) Michael BoelenAccess Control List, File System, Storage 3 comments

Using xattrs or Extended Attributes on Linux

What are extended attributes? Extended attributes or xattrs, are an extensible mechanism to store metadata on a filesystem. Metadata is a collection of information or data points about a particular object. If we would compare this article, the metadata contains the title, author, description, language, Twitter image, etc. Normally the file system can only store a limited set of information about files. Typically this is the filename, ownership, file permissions, and dates. By using extended attributes, we can describe more properties of the […]

2014-11-06 Michael BoelenHardening, Storage Leave a comment

Securing mount points on Linux

Securing mount points Mount points are defined in /etc/fstab. They link a particular disk pointer to the related device (disk, partition or virtual device). By default the mount options are not focused on security, which gives us a room to further improve hardening of the system. This hardening is especially important considering our most precious data is stored here. Via mount options we can apply additional security controls to protect our data. Mount points Let’s have a look at our […]

2014-07-06 (last updated at July 13th, 2018) Michael BoelenAccess Control List, Auditing, File System Leave a comment

Plus sign in ls output

What is the + sign when using ls? Ever wondered what the plus (+) sign is when showing a directory listing? It is part of a POSIX standard to support access control lists (ACL) on files. Normal files on a file system will have only 10 characters displayed, with the last 9 used for file permissions. However, when file access control lists are used, an 11th character shows up. This plus sign indicates the usage of a file ACL. total […]