File Manipulation Tools – SY0-601 CompTIA Security+ : 4.1

An important skill of any IT security professional is the ability to manipulate files. In this video, you’ll learn about cat, head, tail, grep, chmod, and logger.

If you’re using Linux or Mac OS and you want to see the contents of a file, then you want to use the cat command. Cat is short for concatenate. Concatenating a file means that you would either view the contents of a particular file to the screen or you would link multiple files together to create a larger file.

For example, if you’d like to copy files to the screen, use the cat command and then the name of the files that you would like to display on the screen. You could also copy those files into a larger file. So you would cat file number one, file number two, and then use the greater than sign to pipe the contents of both of those files into a single file called both.

Here’s the Var log directory of my Kali Linux, you can see if I perform in ls command, there are many files in this particular directory. And I would like to see the contents of a file called sys log. I want to run this command with enhanced permission, I will use the cat command and then choose sys log as the file that I would like to view. And if I’d enter, a lot of information goes by.

I’m going to scroll up a bit just so we can get a feel for what all of that information looks like. You can see that it’s sent all of the contents of this file to the screen and now we’re able to read through the information that was stored in that individual file. If you’d like to view this information a page at a time, we can run the same command. But I’m going to pipe this to the more command.

And now we can view the first page of information, there is a more option at the bottom. We can hit the space bar to look at the next page, or we can hit the Enter key to go a single line at a time so that you’re able to read this much easier than sending everything to the screen at one time.

And exit from this view, I can simply push the Q key. And now we’re back at the command prompt. Sometimes, you just need to see part of a file. Maybe, the information you’d like to see is written at the beginning of the file and you don’t need to parse through the entire file or display everything in the file on the screen. If you just want to see the top part of the file, we can use the head command.

And there are a number of options that would allow you to view a certain number of lines into the file or you can customize how that information is displayed on the screen. For instance, if you’d like to display the first five lines of a file, you can use the head command, with the dash in, to specify the number of lines. You would choose the number you would like, in this case five lines, and in the name of the file you’d like to view. This will view you just the first five lines from the beginning or the head of the file.

It may be that the information you need is not at the beginning of the file, but it’s at the end of the file, and the opposite of the head command is the tail command. This allows you to view the last part of the file. And the syntax of the head and the tail commands are very similar. For example, if you want to see the last five lines in the file, you would use the -tail command with the -n option, which is the same for the head command. Will choose five lines and then the name of the file, in this example, that file was this syslog.

Let’s view you the contents of a file. We’ll start with the head command to view the beginning of this file. I’m going to choose sudo because this file normally is one that I would not have access to with my user account, we’ll use the head command. And I’m going to choose the messages file to view. And if we hit Enter, we’ll see, by default, the first 10 lines that come from the file messages.

Let’s now look at the last 10 lines of this file. I’m going to clear the screen to make this easier to see. We’ll choose sudo again. And I’m going to use the tail command to that same file messages and now we get the last 10 lines in the messages file. As we were displaying those files to the screen, you could see there’s a lot of information stored inside of those log files. But we may be looking for just a little piece of information that may be contained within this entire file. And that’s a lot like trying to find a needle in a very large Haystack.

Fortunately, we have a tool that can help us search through the file to find exactly what we’re looking for. And that command is called grep. This allows us to find any bit of text we’d like in a file and we can even search through multiple files at one time to find any line that might have some text in it. For example, if we would like to find the pattern failed within a file called auth.log, we can use the grep command to find that information.

Back in my Kali distribution, in the /var/log directory, there is a file called auth.log. And let’s look for the word field within that auth.log. Before we do that, I’m going to cat auth.log to the screen so you can see just how big this file is. As you can see, there are many, many lines of information. And if we were trying to find one specific piece of text, it would take us a very long time to do this manually. Instead, we’re going to use the grip command.

I’m going to search for the word failed and we’re going to search inside of the auth.log file. And as you can see, there were only three lines in that file where that particular word of failed happens to appear. In this first line, you can see that conversation failed. And in the next two lines, you can see that I was trying to perform a function and I used the wrong password. So it tells me that the authentication failed.

There may be times when you want to change how a file is viewed or whether a file might be able to be written to or even executed in your operating system. The way that you would define these parameters is by using the chmod command, which allows you to change the mode of a file system object. In this context, the term mode means that we are changing it to either be read, write, or execute, enabled by setting the parameters for that particular file. We commonly do this by setting the binary patterns within an individual file. But we can also use octal notation to abbreviate this by setting this for the file owner, the group, others, or everyone.

If you list the contents of a directory with the -l option, you’ll see these modes are listed at the very beginning, it’s in the first column that’s presented. And this particular set of odd letters and dashes is actually separated into different pieces. This first column of the group tells us what type of object this is. If it’s a file, then there’s just a dash. If there’s a directory, then there’s the letter D.

This could also list symbolic links and other types of objects as well. But for the purposes of the chmod command, we’re going to ignore that first column for now. The next set of characters are separated into three apiece. So we have three characters that designate the user permissions. Three characters that designate the group. And the last three designate what the rights and permissions are for everyone else.

For example, for this particular file, you can see that you have rwx as the first three, r– as the middle three, and r– as the last three. This means that the user, and in this case, the user for the file is professor, the user has read, write, and execute rights to that file. If you are in the group and the group is the second designation here, which is right after the name professor, the group is staff. If someone from the staff group was to use this file, they would have read access to the file but no right or execute access because those bits are not enabled. And if you are anyone else who is either not professor or not staff, then your rights would also be read-only with no write permission and no execute permission.

If you wanted these rights to be different, then you would change what these bits represented for this individual file. For example, if you use chmod 744 and the name of the file, it turns it into a 7 for the user, you can see that there is read, write, and execute, has a 4 the group, and that is our read-only, and a 4 for everyone else, which is also read-only.

If you would like to remove all access for everyone else, then you would change the chmod command to be 740, and the 0 would mean that there would be no access for everyone else who is not the user or the group.

There are also some shortcuts that you can use to help the process and easier to remember some of these rather than to use the binary and the numbers associated with those. In our previous example, we use numbers to designate what those permissions were. So with chmod 744 for a particular file, means that the 7 for the user, they had read, write, and execute permission. The 4 for the group meant that the group had read-only permission. And the last 4 meant that everyone else also had read-only permission.

You can also use letters to designate the type of designation and permissions that you would like to set. For example, chmod with an a means all users. This would mean the user, the group, and the other, would have a -w or would not be able to write to first.text. You might also try another one like chmod u, which would be for just the user with a +x, that means that we would turn on the execute capabilities for a particular file.

So by using these shortcuts or these numeric representations of the permissions, we can define exactly what type of access a particular person may have to any one of the files on your system. Let’s change the permissions of some of the files on my system. We scroll down a bit so we can see this. And I’ll perform an ls-l that allows us to see the two files that I have in this documents directory. One is the app.conf and the other is a readme.text.

Both of these are owned by the professor user in the group netdev. And you can see that it is rw- for the user, which means that professor has read and write permission. We have r–, which means that the group netdev has read permission. And we can also see that everyone else or others also has read permission.

Let’s say in this case, we wanted to modify readme.text so that the only people who can read that file is the owner of this particular file or professor. So we’re going to perform a chmod command. We’re going to maintain the read-write associated with this. And read-write together is simply a 6. So we’ll choose 6 as the value there. We’ll also keep the read only for the group, netdev. And that read-only is a 4. And in the last 3 which represents everyone else on the system and the group of people that we would like to remove access, we will put 0. So they have no access. And we’ll refer to the readme.text file.

And if I hit Enter, and perform another ls-l, you can see that readme.text has been changed to be read-write for professor, read-only for netdev, and then no access for anyone else on the system.

There may be times when you’re working on a system. And in order to document some information and a log file or to designate when a particular series of steps may be starting or ending, you may want to add some additional details into the logs on the system. One way to do that is to use the logger command. And the logger command will add additional information into the system log in that operating system, which is commonly the file syslog.

For example, we could use logger and inside of quotes we’ll put, this information is added to syslog, and that entire bit of information inside the quotes will then be written to the syslog file. This is very useful if you’re running a script and you want that script to log this information so that we can grep or find this information later. We may even want to log important events that occur and have that information documented in all of the files on that system. Or we may want to log an important event and make sure that the documentation for that event is stored in the system log of that computer.

Let’s look at the very last section of the syslog file on my system. We’ll perform a sudo. I’ll use the tail command to look at the last 10 lines of the syslog file. But now, we would like to put our own information into this file. So let’s use the logger command and let’s put information that says, backup starts here. And I’ll hit Enter, will then run that same tail command. And you can see that a line of information has been added to the end of the syslog file. And this allows me to document when things may be occurring and allows me later on to go back into this file get a timestamp of exactly when that occurred and be able to locate this information very easily.