The /etc/shadow File

There are several different authentication schemes that can be used on Linux systems. The most commonly used and standard scheme is to perform authentication against the /etc/passwd and /etc/shadow files.

/etc/shadow is a text file that contains information about the system’s users’ passwords. It is owned by user root and group shadow, and has 640 permissions.

Continue reading “The /etc/shadow File”

Using lsof to Recover Deleted Files

If an open file is deleted accidentally, it is possible to use lsof to recreate a copy of the file; provided this is done before the file is closed by the application holding it open.

If you have inadvertently removed a file from the filesystem it is still recoverable if the application using the file it still running. This is because the inode is still open and therefore the data blocks are still on the disk until the application closes the file or exits.

Continue reading “Using lsof to Recover Deleted Files”

The Linux Filesystem Explained

Have you ever wondered what all the folders on the root (/) directory of the Linux filesystem are for? Which file goes into which directories and why are they saved in those directories? On this post, we’ll check out each folder and what purpose or function they serve for the operating system itself. Continue reading “The Linux Filesystem Explained”

Comparing files using the diff command

The diff command outputs the differences between two files, line by line. For files that are identical it produces no output, for binary files only reports if they are different or not.

The set of differences produced by diff is often called a diff or patch, and this output can be used later on by the patch command to change other files. Continue reading “Comparing files using the diff command”

How To Tell If Your Linux Server Has Been Compromised

A server being compromised or hacked for the purpose of this guide is an unauthorized person or bot logging into the server in order to use it for their own, usually negative ends. However, the majority of compromised servers are carried out by bots i.e. automated attack programs, in-experienced attackers e.g. “script kiddies”, or dumb criminals. These sorts of attackers will abuse the server for all it’s worth whilst they have access to it and take few precautions to hide what they are doing.

Continue reading “How To Tell If Your Linux Server Has Been Compromised”

How to effectively use the GREP command

Grep is a very important & powerful Linux commands. It stands for ‘Global Regular Expression Print’ & is used for matching & printing a search pattern or a regular expression from a single or multiple text files. It will look for the pattern if the mentioned files & will than print the result on screen or to an output file.
In this tutorial, we are going to learn to use grep command with examples. Continue reading “How to effectively use the GREP command”