Know file type linux

How to Find Out File Types in Linux

In Linux, everything is considered as a file. In UNIX, seven standard file types are regular, directory, symbolic link, FIFO special, block special, character special, and socket. In Linux/UNIX, we have to deal with different file types to manage them efficiently.

In Linux/UNIX, Files are mainly categorized into 3 parts:

The easiest way to find out file type in any operating system is by looking at its extension such as .txt, .sh, .py, etc. If the file doesn’t have an extension then in Linux we can use file utility. In this article, we will demonstrate file command examples to determine a file type in Linux.

To find out file types we can use the file command.

Syntax: file [OPTION…] [FILE…]

You can run the following command to verify the version of the file utility:

We can test a file type by typing the following command:

We can pass a list of files in one file and we can specify using the -f option as shown below:

cat file.txt file -f file.txt

Using the -s option we can read the block or character special file.

Using -b option will not prepend filenames to output lines

Using -F option will use string as separator instead of “:”.

Using -L option will follow symlinks (default if POSIXLY_CORRECT is set):

We can use the –extension option to print a slash-separated list of valid extensions for the file type found.

For more information and usage options, you can use the following command:

We can also use ls command to determine a type of file.

The following table shows the types of files in Linux and what will be output using ls and file command

File Type Command to create the File Located in The file type using “ls -l” is denoted using FILE command output
Regular FIle touch Any directory/Folder PNG Image data, ASCII Text, RAR archive data, etc
Directory File mkdir It is a directory d Directory
Block Files fdisk /dev b Block special
Character Files mknod /dev c Character special
Pipe Files mkfifo /dev p FIFO
Symbol Link Files ln /dev l Symbol link to
Socket Files socket() system call /dev s Socket

Types of File and Explanation

Regular Files

Regular files are ordinary files on a system that contains programs, texts, or data. It is used to store information such as text, or images. These files are located in a directory/folder. Regular files contain all readable files such as text files, Docx files, programming files, etc, Binary files, image files such as JPG, PNG, SVG, etc, compressed files such as ZIP, RAR, etc.

Or we can use the “file *” command to find out the file type

Directory Files

The sole job of directory files is to store the other regular files, directory files, and special files and their related information. This type of file will be denoted in blue color with links greater than or equal to 2. A directory file contains an entry for every file and sub-directory that it houses. If we have 10 files in a directory, we will have 10 entries in the directory file. We can navigate between directories using the cd command

We can find out directory file by using the following command:

We can also use the file * command

Special Files

1. Block Files:

Block files act as a direct interface to block devices hence they are also called block devices. A block device is any device that performs data Input and Output operations in units of blocks. These files are hardware files and most of them are present in /dev.

We can find out block file by using the following command:

We can use the file command also:

2. Character device files:

A character file is a hardware file that reads/writes data in character by character in a file. These files provide a serial stream of input or output and provide direct access to hardware devices. The terminal, serial ports, etc are examples of this type of file.

We can find out character device files by:

We can use the file command to find out the type of file:

3. Pipe Files:

The other name of pipe is a “named” pipe, which is sometimes called a FIFO. FIFO stands for “First In, First Out” and refers to the property that the order of bytes going in is the same coming out. The “name” of a named pipe is actually a file name within the file system. This file sends data from one process to another so that the receiving process reads the data first-in-first-out manner.

We can find out pipe file by using the following command:

We can use the file command to find out file type:

A symbol link file is a type of file in Linux which points to another file or a folder on your device. Symbol link files are also called Symlink and are similar to shortcuts in Windows.

We can find out Symbol link file by using the following command:

We can use the file command to find out file type:

5. Socket Files:

A socket is a special file that is used to pass information between applications and enables the communication between two processes. We can create a socket file using the socket() system call. A socket file is located in /dev of the root folder or you can use the find / -type s command to find socket files.

We can find out Symbol link file by using the following command:

We can use the file command to find out file type:

Источник

How to see the file type?

Did you come across a file, but don’t know what type it is? Let’s learn how to analyze it.

The unknown file

You may encounter a file on your system with known contents or goal. Usually, the first thing we do is then use cat to show the contents, or execute it. While that makes sense, it may be dangerous to do. It might be a piece of malware, disrupt your screen output or even hang the terminal. Here is a better way to do it, using the file command. Great for forensics, malware analysis, intrusion detection, and normal day-to-day system administration.

The file command

Most systems will have the file command available. It is a nifty small tool which helps you quickly determine what the purpose of a file is. Besides just telling if it is binary code or data, it will include additional details. For binaries, it may share that it is an ELF binary, for 64 bits systems, how it is linked and if it depends on external function libraries.

How does file work?

Even veteran administrators might never have looked into the details of the file command, but taken its power for granted. The tool is pretty nifty, because it uses a staged set of tests, working towards a final answer. Depending on the outcome of each test it continues, till it finds useful details to share.

Stage 1: File system tests

The file command starts with determining if a file is a “simple” file. It can be a symbolic link to another file, or a directory. Yes, directories are files as well. To help with this, file uses the stat(2) system call, which is also a standalone utility.

Screenshot of stat utility showing file details

Regular file is shown by stat utility

From this output, we can see that the stat command does not reveal much. It is considered to be a regular file, which might hold any type of data. So time to go the next phase.

Stage 2: Magic discovery

When the file command knows the type of file we are dealing with, it can test more in-depth. This is done via a magic file, which represents many text strings, or character combinations. For example, a file starting with PK might be a compressed file.

Screenshot of file -l with magic strings

Output of file -l displaying magic strings

With this predefined list of strings and regular expressions, most file types can be discovered.

Stage 3: Text files

The last stage is determining if the file is a text file. If it didn’t find a match by using tips from the magic dataset, it will assume it is a normal file with text in it. To be sure, it will check the character set used (ASCII, UTF-8). Also if line breaks are used and what type, like applied line feed and carriage returns, which differ between files created in MS-DOS/Windows, Mac OS and Linux systems.

Common types of output are:

  • ASCII text
  • ASCII text, with very long lines
  • gzip compressed data, from Unix, last modified:

File Command and Parameters

The file utility is very easy to use, as it actually does not require any parameter, except the file you want to analyze. While there are parameters available, most of them cover very specific cases. An example is changing the behavior of the tool, or the output itself.

  • brief (-b) – Do not show the file name
  • uncompress (-z) – Uncompress the data file for further inspection

See the man page for more specific use cases.

One more thing.

Keep learning

So you are interested in Linux security? Join the Linux Security Expert training program, a practical and lab-based training ground. For those who want to become (or stay) a Linux security expert.

Lynis Enterprise screenshot to help with system hardening

Security scanning with Lynis and Lynis Enterprise

Run automated security scans and increase your defenses. Lynis is an open source security tool to perform in-depth audits. It helps with system hardening, vulnerability discovery, and compliance.

Continue reading

2 comments

Q. What can be determine by the “file” command? 1. File type
2. File contents
3. File permissions
4. File supper block. I have confused that choice answer. Please answer me Reply

Leave a Reply Cancel reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

About Linux Audit

This blog is part of our mission: help individuals and companies, to scan and secure their systems. We simply love Linux security, system hardening, and questions regarding compliance.

Besides the blog, we have our security auditing tool Lynis. Open source, GPL, and free to use.

For those with enterprise needs, or want to audit multiple systems, there is an Enterprise version.

«One security solution to audit, harden, and secure your Linux/UNIX systems.»

Lynis Enterprise screenshot

  • Perform audits within a few minutes
  • Central management
  • Powerful reporting
  • Compliance checks (e.g. PCI DSS)
  • Additional plugins and more tests

Linux and UNIX security automation

Lynis is a free and open source security scanner. It helps with testing the defenses of your Linux, macOS, and Unix systems. Typical use-cases for this software include system hardening, vulnerability scanning, and checking compliance with security standards (PCI-DSS, ISO27001, etc).

Recent Posts

Contact

This blog is part of our mission to share valuable tips about Linux security. We are reachable via @linuxaudit

Company details

CISOfy
De Klok 28,
5251 DN, Vlijmen, The Netherlands
+31-20-2260055

Источник

How linux know the type of the file it is dealing with? [duplicate]

In windows the OS know the type of file by using extension: exe,doc,ppt,pdf . etc In Linux as we know that the extension is useless. My question is how can Linux know the type of file it is dealing with: shell script, audio file,video file . etc or is it dealing with all the files in the same way?

2 Answers 2

File extensions aren’t useless for Linux distros, they are just a shortcut that is often uneeded. There are a couple of tools that Linux uses which make file extensions largely uneeded. The first, and perhaps the most obvious, is the shebang ( #! ).

The shebang is a line at the top of scripts executed by a shell to tell the shell what should be used to execute it. For example, the standard line to be included for a bash script is something like this:

This line tells the shell that the scripts contents should be executed by the utility located at /usr/bin/bash . However, shebangs are really only helpful for executable items.

The next tool used widely by modern applications are MIME types. Mime types are a declaration of file type used widely on the internet so that web browsers and email clients can know what type of file is being transferred. However, many programs rely on these types to know how to handle them (for example, X’s .desktop files may include a mimetype line to declare a file-type association with a particular program).

Finally, a C library and command-line frontend were developed to detect mimetypes through heuristics. These are libmagic and file , respectively. Libmagic and file allow a program, or a user, to detect a file’s mimetype even if it is not explicitly declared.

Admittedly, shebangs play a much smaller role in how modern operating systems determine the type of a file, but they are still widely used in the scripting world, and are certainly still a part of the equation.

Some of the declared filetype associations through mimetypes for X can be found in the file $HOME/.local/share/applications/mimeapps.list (for example).

Источник

Читайте также:  Linux server vs windows servers
Оцените статью
Adblock
detector