How to Determine a File Type on Linux

Finding Files and Understanding Their Content You may encounter a file on your system with known contents or goal. Usually, the first thing we do is then use cat to show the contents, or execute it. While that makes sense, it may be dangerous to do. It might be a piece of malware, disrupt your screen output or even hang the terminal. Here is a better way to do it, using the file command. Great for forensics, malware analysis, intrusion […]

Read more

Intrusion detection: Linux rootkits

Intrusion detection: Linux rootkits Rootkits Rootkits are installed components on a server by a person with malicious intent. The main goal is hiding its presence and avoid the eye of the system administrator. Rootkits usually consist of a set of tools, to manipulate the Linux kernel, alter output to the screen or avoid some software from doing its tasks. Nowadays rootkits are less popular than they were before. One of the reasons is the increased security in the Linux kernel, […]

Read more

Configuring and auditing Linux systems with Audit daemon

Configuring and auditing Linux systems with Audit daemon The Linux Audit Daemon is a framework to allow auditing events on a Linux system. Within this article we will have a look at installation, configuration and using the framework to perform Linux system and security auditing. Auditing goals By using a powerful audit framework, the system can track many event types to monitor and audit the system. Examples include: Audit file access and modification See who changed a particular file Detect […]

Read more