[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1654
  • Last Modified:

Hidden File

I need a way to hide a file in Solaris 2.6 or above.
This file will be accessible only by root, but it's name must not appear using ls, find, etc.
Just root (that knows it's name) will be able to see the contents of it.

Is there any way to do it ? Maybe a C program ?

Thanks in advance.
0
clebano
Asked:
clebano
  • 5
  • 4
  • 3
  • +5
1 Solution
 
UkWizardCommented:
Why dont you just create a directory, with the root only permissions. Then only root will be able to even go into the directory. Thus not being able to see it.

Example;

# mkdir /rootonly

# chmod 700 /rootonly

Then create any number of 'hidden' files in there.
0
 
razaCommented:

May be you need to write your own "ls" command in order to do this and replace the existing ls command.
0
 
newmangCommented:
raza

Just replacing the ls command is not enough, its easy enough to edit the directory with vi to see what it contains.
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
razaCommented:
what sun OS allow you to do that...? I don't get the directory listing on Solaris 2.8 by doing vi on a directory.
0
 
newmangCommented:
apologies raza - I was using Linux, you're right, I can't see the directory contents on my Solaris and AIX systems

(sound of head banging on table)

Cheers - Gavin
0
 
jlevieCommented:
How will you be using the data in the "file"? If it's to be access with anything that relies on normal file accesses then you can't hide the file so that it can't be found. You can, as has already been suggested make the file only visible and usable by root, but if you don't control the root account it really isn't hidden.

If only a program will be accessing the data you can always use a raw slice to hold the data. Of course that means that the code that will access the data needs to be run by root.

raza,

Try 'cat some-dir-name'...
0
 
festiveCommented:
creating hidden files 101

to create a hidden directory:
mkdir '.. '
(get into it by cd '.. ')

to create a hidden file/dir you can achieve this by
OVERMOUNTING

ie
mkdir /rootonly
(put files etc inside)
mount /dev/fd0a /rootonly

now the directory tree is invisible to everything
to access it you just unmount it and remount when finished.

other options include:
PGP volumes.
TAR archives secured with crypt.

obscuring the file ie calling it '/dev/null '
or some other suitably arcane device name.

You could also name it using non-printable characters
(this would obscure the file in most programs)
(there are some really obscure characters that you can get by using OCTAL sequences (ie \00..)
ie
touch 'CTRL-V CTRL-H CTRL-V CTRL-H CTRL-V CTRL-H'
(there are no spaces above - shown just for readability)
- if you put enough of these in you can remove a file from a find list completely.
to access the file again you use:
vi 'CTRL-V CTRL-H' etc (as above)

ALL of these options (except the overmount) will be
visible to find etc but may be easily overlooked.

What you are really asking for is a ROOT KIT.
- beware - if you are the system administrator of the
  system  - this could be used against you.
 
  * for the uninitiated: root kits will allow you to
    hide a series of files/folders/utils as well as
    processes etc, shielding your activities from
    all users (including root).

  some examples include: Adore, t0rn, Ark, Maniac etc

Another option is to put your users into a CHROOTed jail
(ie they do not see the real file system etc)

Regards,
Festive
0
 
newmangCommented:
apologies raza - I was using Linux, you're right, I can't see the directory contents on my Solaris and AIX systems

(sound of head banging on table)

Cheers - Gavin
0
 
jlevieCommented:
I can see them on my Solaris systems. Just do a 'cat some-dir-name'
0
 
festiveCommented:
we seemed to have veered away from the topic though...

jlevie - don't you mean 'strings some-dir-name'
or 'echo *' in a directory does the same.

i have also used an 'od -c some-dir-name' whilst
investigating break-ins.

Regards,
Festive
0
 
jlevieCommented:
Nope, I mean cat. A directory is just a special kind of file and cat really doesn't care that it's special. While I haven't tried that lately on an SGI, from what I do know about an SGI's file system I'm reasonably certain it would work.

echo and strings will also show the names and obviously od would.
0
 
festiveCommented:
On a Solaris system (SPARC 2.8)
you get text + binary content (presumably inode references etc) and a very nasty sideways stepping effect.

Thats why I thought you meant strings (the output of which is clean and programatically useful (though not Always reliable - depending upon the filenames).
0
 
jlevieCommented:
Well, I didn't say it was pretty, only that it works.
0
 
razaCommented:
jlevie, It doesn't work on mine Solaris 2.8

# cat 'top'
cat: input error on top: Is a directory
0
 
UkWizardCommented:
I think you are all diverting somewhat here, lets get back to the question in hand.

:)
0
 
clebanoAuthor Commented:
I'm seeking something like overmounting or mkdir '..' (not using spaces or other chars).

The problem is that overmounting is no working ... i'm getting error messages "no block device", "no log for ..."

Some more suggestions ...

0
 
jlevieCommented:
Are you trying to access the 'hidden file' while the directory that contains the file is over mounted? You can't do that. The proper method using over mounting is to do the file access, then over mount the directory to hide the file.
0
 
festiveCommented:
clebano - you need to mount a REAL device over the top.
your BEST option is a kernel rootkit or chrooted
environment - as this will insulate ALL of your activity/files from unauthorized view.
0
 
tfewsterCommented:
No comment has been added lately, so it's time to clean up this Topic Area.
I will leave a recommendation for this question in the Cleanup topic area as follows:

- Answered by festive

Please leave any comments here within the next 7 days

PLEASE DO NOT ACCEPT THIS COMMENT AS AN ANSWER !

tfewster
Cleanup Volunteer
0
 
SpideyModCommented:
per recommendation

SpideyMod
Community Support Moderator @Experts Exchange
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 5
  • 4
  • 3
  • +5
Tackle projects and never again get stuck behind a technical roadblock.
Join Now