Solved

Hidden File

Posted on 2002-04-04
20
1,633 Views
Last Modified: 2013-12-27
I need a way to hide a file in Solaris 2.6 or above.
This file will be accessible only by root, but it's name must not appear using ls, find, etc.
Just root (that knows it's name) will be able to see the contents of it.

Is there any way to do it ? Maybe a C program ?

Thanks in advance.
0
Comment
Question by:clebano
  • 5
  • 4
  • 3
  • +5
20 Comments
 
LVL 3

Expert Comment

by:UkWizard
ID: 6918845
Why dont you just create a directory, with the root only permissions. Then only root will be able to even go into the directory. Thus not being able to see it.

Example;

# mkdir /rootonly

# chmod 700 /rootonly

Then create any number of 'hidden' files in there.
0
 

Expert Comment

by:raza
ID: 6919109

May be you need to write your own "ls" command in order to do this and replace the existing ls command.
0
 
LVL 4

Expert Comment

by:newmang
ID: 6919500
raza

Just replacing the ls command is not enough, its easy enough to edit the directory with vi to see what it contains.
0
 

Expert Comment

by:raza
ID: 6919696
what sun OS allow you to do that...? I don't get the directory listing on Solaris 2.8 by doing vi on a directory.
0
 
LVL 4

Expert Comment

by:newmang
ID: 6919727
apologies raza - I was using Linux, you're right, I can't see the directory contents on my Solaris and AIX systems

(sound of head banging on table)

Cheers - Gavin
0
 
LVL 40

Expert Comment

by:jlevie
ID: 6919739
How will you be using the data in the "file"? If it's to be access with anything that relies on normal file accesses then you can't hide the file so that it can't be found. You can, as has already been suggested make the file only visible and usable by root, but if you don't control the root account it really isn't hidden.

If only a program will be accessing the data you can always use a raw slice to hold the data. Of course that means that the code that will access the data needs to be run by root.

raza,

Try 'cat some-dir-name'...
0
 
LVL 2

Accepted Solution

by:
festive earned 200 total points
ID: 6919747
creating hidden files 101

to create a hidden directory:
mkdir '.. '
(get into it by cd '.. ')

to create a hidden file/dir you can achieve this by
OVERMOUNTING

ie
mkdir /rootonly
(put files etc inside)
mount /dev/fd0a /rootonly

now the directory tree is invisible to everything
to access it you just unmount it and remount when finished.

other options include:
PGP volumes.
TAR archives secured with crypt.

obscuring the file ie calling it '/dev/null '
or some other suitably arcane device name.

You could also name it using non-printable characters
(this would obscure the file in most programs)
(there are some really obscure characters that you can get by using OCTAL sequences (ie \00..)
ie
touch 'CTRL-V CTRL-H CTRL-V CTRL-H CTRL-V CTRL-H'
(there are no spaces above - shown just for readability)
- if you put enough of these in you can remove a file from a find list completely.
to access the file again you use:
vi 'CTRL-V CTRL-H' etc (as above)

ALL of these options (except the overmount) will be
visible to find etc but may be easily overlooked.

What you are really asking for is a ROOT KIT.
- beware - if you are the system administrator of the
  system  - this could be used against you.
 
  * for the uninitiated: root kits will allow you to
    hide a series of files/folders/utils as well as
    processes etc, shielding your activities from
    all users (including root).

  some examples include: Adore, t0rn, Ark, Maniac etc

Another option is to put your users into a CHROOTed jail
(ie they do not see the real file system etc)

Regards,
Festive
0
 
LVL 4

Expert Comment

by:newmang
ID: 6919750
apologies raza - I was using Linux, you're right, I can't see the directory contents on my Solaris and AIX systems

(sound of head banging on table)

Cheers - Gavin
0
 
LVL 40

Expert Comment

by:jlevie
ID: 6919837
I can see them on my Solaris systems. Just do a 'cat some-dir-name'
0
 
LVL 2

Expert Comment

by:festive
ID: 6919862
we seemed to have veered away from the topic though...

jlevie - don't you mean 'strings some-dir-name'
or 'echo *' in a directory does the same.

i have also used an 'od -c some-dir-name' whilst
investigating break-ins.

Regards,
Festive
0
Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

 
LVL 40

Expert Comment

by:jlevie
ID: 6919935
Nope, I mean cat. A directory is just a special kind of file and cat really doesn't care that it's special. While I haven't tried that lately on an SGI, from what I do know about an SGI's file system I'm reasonably certain it would work.

echo and strings will also show the names and obviously od would.
0
 
LVL 2

Expert Comment

by:festive
ID: 6919990
On a Solaris system (SPARC 2.8)
you get text + binary content (presumably inode references etc) and a very nasty sideways stepping effect.

Thats why I thought you meant strings (the output of which is clean and programatically useful (though not Always reliable - depending upon the filenames).
0
 
LVL 40

Expert Comment

by:jlevie
ID: 6920017
Well, I didn't say it was pretty, only that it works.
0
 

Expert Comment

by:raza
ID: 6921595
jlevie, It doesn't work on mine Solaris 2.8

# cat 'top'
cat: input error on top: Is a directory
0
 
LVL 3

Expert Comment

by:UkWizard
ID: 6921622
I think you are all diverting somewhat here, lets get back to the question in hand.

:)
0
 

Author Comment

by:clebano
ID: 6928411
I'm seeking something like overmounting or mkdir '..' (not using spaces or other chars).

The problem is that overmounting is no working ... i'm getting error messages "no block device", "no log for ..."

Some more suggestions ...

0
 
LVL 40

Expert Comment

by:jlevie
ID: 6928677
Are you trying to access the 'hidden file' while the directory that contains the file is over mounted? You can't do that. The proper method using over mounting is to do the file access, then over mount the directory to hide the file.
0
 
LVL 2

Expert Comment

by:festive
ID: 6929975
clebano - you need to mount a REAL device over the top.
your BEST option is a kernel rootkit or chrooted
environment - as this will insulate ALL of your activity/files from unauthorized view.
0
 
LVL 20

Expert Comment

by:tfewster
ID: 8052626
No comment has been added lately, so it's time to clean up this Topic Area.
I will leave a recommendation for this question in the Cleanup topic area as follows:

- Answered by festive

Please leave any comments here within the next 7 days

PLEASE DO NOT ACCEPT THIS COMMENT AS AN ANSWER !

tfewster
Cleanup Volunteer
0
 

Expert Comment

by:SpideyMod
ID: 8099576
per recommendation

SpideyMod
Community Support Moderator @Experts Exchange
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

In tuning file systems on the Solaris Operating System, changing some parameters of a file system usually destroys the data on it. For instance, changing the cache segment block size in the volume of a T3 requires that you delete the existing volu…
My previous tech tip, Installing the Solaris OS From the Flash Archive On a Tape (http://www.experts-exchange.com/articles/OS/Unix/Solaris/Installing-the-Solaris-OS-From-the-Flash-Archive-on-a-Tape.html), discussed installing the Solaris Operating S…
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
This video shows how to set up a shell script to accept a positional parameter when called, pass that to a SQL script, accept the output from the statement back and then manipulate it in the Shell.

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now