Jail and monitor your applications

Malware can occasionally become an issue for Linux users. If you download software package from third-party providers then install them manually rather than relying on a distribution's official standard repositories, you need to trust the provider. If you aren't sure, you can monitor these programs to check which files they open and which network connections they establish. Starting these tests in a sandbox also denies the program access to your physical system and private configuration files. This article looks at strace as a monitoring tool and Firejail as a sandbox.

Finding Traces

The strace [1] system call tracer can be used to discover which software accesses which files. As an example, I'll show you how to use strace to find out which files the passwd command opens when you change your password.

Open two terminal windows and enter passwd as a normal user in one window. Do not answer the prompts for the time being. Instead, pop up a second terminal and enter as root:

[...]

Use Express-Checkout link below to read the full article (PDF).

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy Linux Magazine

SINGLE ISSUES
 
SUBSCRIPTIONS
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • Laptop Security

    Linux is quite secure compared to the alternatives, but you'll need a few additional steps if you really want to lock it down. We'll introduce you to some practical tools for antivirus protection, firewall configuration, and sandboxing.

  • Tracing Tools

    Programs rarely reveal what they are doing in the background, but a few clever tools, of interest to both programmers and administrators, monitor this activity and log system functions.

  • strace

    Get started with strace by examining a pair of "Hello World" programs. Next month, in the second part of this two-part series, I'll take a deeper look at strace output.

  • Practical strace

    After "Hello World," you really need to look at system calls in more detail. In this second of two articles, we'll look at debugging in the real world.

  • LD_PRELOAD

    A little C code and the LD_PRELOAD variable let you customize library functions to modify program behavior.

comments powered by Disqus
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters

Support Our Work

Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.

Learn More

News