Find the answer to your Linux question:
Results 1 to 2 of 2
I was reading Marcel Gagne's book called 'Linux System Administration' and whilst reading his chapter on security techniques, I came across an interesting thing he mentioned. He was discussing various ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Feb 2004
    Location
    /home
    Posts
    16

    neat little tip...


    I was reading Marcel Gagne's book called 'Linux System Administration' and whilst reading his chapter on security techniques, I came across an interesting thing he mentioned. He was discussing various ways to tell if one's system had been cracked. The one that really got my attention was the part whereby an attacker puts a file in a user's home directory named '.. '. That is two periods followed by a space! I checked it out, and thought to myself, 'The clever, nasty, little bugger!' The first period hides the directory from normal view on a typical 'ls -l' command and even when one uses the 'ls -la' command to show all hidden files, the '.. ' directory shows itself to be an innocuous, little directory just like the normal '..' thing one always sees in a listing. It's very easy to miss if one isn't paying attention.

    Just thought I'd throw that idea out. I tried it on my linux system, and found that, yes, indeed, one can really hide a file like that! Checking it out from the command line via a 'ls -a' command, the partial list looks something like
    ./
    ../
    .. /
    a_file/

    and so on. Note the space in the third entry!

    Cheers.

  2. #2
    Linux Guru
    Join Date
    Apr 2003
    Location
    London, UK
    Posts
    3,284
    there are a lot of tricks that are often used.

    A very good piece of software is www.chkrootkit.org which can look for various known pieces of "malicious" software that would indicate your system had been rooted.

    Jason

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •