9.8. Searching Filesystems Effectively
Problem
You want to locate files of interest to detect security risks.
Solution
Use find and xargs, but be knowledgeable of their important options and limitations.
Discussion
Are security risks lurking within your filesystems? If so, they can be hard to detect, especially if you must search through mountains of data. Fortunately, Linux provides the powerful tools find and xargs to help with the task. These tools have so many options, however, that their flexibility can make them seem daunting to use. We recommend the following good practices:
- Know your filesystems
Linux supports a wide range of filesystem types. To see the ones configured in your kernel, read the file /proc/filesystems . To see which filesystems are currently mounted (and their types), run:
$ mount /dev/hda1 on / type ext2 (rw) /dev/hda2 on /mnt/windows type vfat (rw) remotesys:/export/spool/mail on /var/spool/mail type nfs (rw,hard,intr,noac,addr=192.168.10.13) //MyPC/C$ on /mnt/remote type smbfs (0) none on /proc type proc (rw) ...
with no options or arguments. We see a traditional Linux ext2 filesystem (/dev/hda1), a Windows FAT32 filesystem (/dev/hda2), a remotely mounted NFS filesystem (remotesys:/export/spool/mail), a Samba filesystem (//MyPC/C$) mounted remotely, and the proc filesystem provided by the kernel. See mount(8) for more details.
- Know which filesystems are local and which are remote
Searching network filesystems like NFS partitions can be quite slow. Furthermore, ...
Get Linux Security Cookbook now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
