File System

Linux system hardening: adding hidepid to /proc mount point

The pseudo-filesystem /proc contains a lot of useful information for the system administrator. With the hidepid option we can restrict what users can see.

Summary of Linux system hardening: adding hidepid to /proc mount point

When looking in /proc you will discover a lot of files and directories. Many of them are just numbers, which represent the information about a particular process ID (PID). By default, Linux systems are deployed to allow all local users to see this all information. This includes process information from other users. This could include sensitive details that you may not want to share with other users. By applying some file system configuration tweaks, we can change this behavior and improve the security of the system.

Read the full article…

Plus sign in ls output

When file access control lists, or ACLs are being used, the output of ls will change. An additional character shows up (plus sign) to indicate the usage of these access control lists.

Summary of Plus sign in ls output

Ever wondered what the plus (+) sign is when showing a directory listing? It is part of a POSIX standard to support access control lists (ACL) on files. Normal files on a file system will have only 10 characters displayed, with the last 9 used for file permissions. However, when file access control lists are used, an 11th character shows up. This plus sign indicates the usage of a file ACL.

Read the full article…

Securing mount points on Linux

Since data is stored on file systems, appropriate measures should be taken to protect it. By securing mount points on Linux systems, we can improve the security of the system and data.

Summary of Securing mount points on Linux

Mount points are defined in /etc/fstab. They link a particular disk pointer to the related device (disk, partition or virtual device). By default the mount options are not focused on security, which gives us a room to further improve hardening of the system. This hardening is especially important considering our most precious data is stored here. Via mount options we can apply additional security controls to protect our data. Mount point example Let’s have a look at our /etc/fstab file.

Read the full article…

The purpose of the /etc/networks file

Also wondering what some files are used for on Linux systems? In this article we have a look at the /etc/networks file.

Summary of The purpose of the /etc/networks file

Also wondering what particular files do on Linux? One of those files we recently rediscovered during auditing is the /etc/networks file. For some reason it was always there, yet we never change it. Output of /etc/networks When looking at the man page of networks(5) we learn its purpose (almost instantly): It translates between IP ranges and network names It is used for tools like netstat and route It only works on class A, B, or C networks It does not work on subnets Surprisingly enough a test with subnetting actually showed the right names during our test.

Read the full article…

Using xattrs or Extended Attributes on Linux

Linux supports extended attributes (xattr) on most file systems. Learn how they work and allow security features like access control lists and more.

Summary of Using xattrs or Extended Attributes on Linux

What are extended attributes? Extended attributes or xattrs, are an extensible mechanism to store metadata on a filesystem. Metadata is a collection of information or data points about a particular object. If we would compare this article, the metadata contains the title, author, description, language, Twitter image, etc. Normally the file system can only store a limited set of information about files. Typically this is the filename, ownership, file permissions, and dates.

Read the full article…