Linux file system package

Discover to which package a file belongs to

Related Packages and Files

Sometimes you want to know the related package of a file, before installation, or when it is already there. This is of great help during system hardening or general system cleanups. In this article we have a look at several ways to determine the relationships between files and the package they belong to. We have gathered this information for multiple Linux distributions.

CentOS, Fedora, RHEL

Show files for RPM packages

Show files for packages on the repository

If you use dnf, then you can query files from the packages that are in your repositories. The package itself does not have to be installed.

Use the -q option with dnf to show only the relevant output.

Show files per installed package

To show what files are in a package, use the rpm command.

If you have the file name, you can turn this around and find the related package.

The output will provide the package and its version.

To just see the package name, use the –queryformat option.

With yum you can do a similar request to see the related package.

And with DNF there is the provides argument.

This will give you possibly multiple hits, as a file can be part of packages from different repositories.

This data is less easy to parse due to the different types of lines.

Debian and Ubuntu

Discover related package

If you want to find the related package of a binary (or file), we first have to know the full path. If you know the binary, then use the which command to discover where it is stored. Using the find command is another option, but may be less efficient. With the dpkg package management tool we can find the related package.

Without the awk command, the output will look like this.

Show files installed by package

If you already know the package name, you can quickly look up the files that are installed by a Debian package.

Let’s do the same for the at package and see what it exactly installs (and where).

Gentoo

The first option is using equery, which is part of the package app-portage/gentoolkit.

The package itself should be installed.

Next alternative is qlist, which is part of app-portage/portage-utils

OpenSUSE

Systems running the distributions from SuSE can use the zypper tool to find the link between a file and a package.

Show related package

Got more useful commands to share? Let it know in the comments and we add them to the article.

Keep learning

So you are interested in Linux security? Join the Linux Security Expert training program, a practical and lab-based training ground. For those who want to become (or stay) a Linux security expert.

Run automated security scans and increase your defenses. Lynis is an open source security tool to perform in-depth audits. It helps with system hardening, vulnerability discovery, and compliance.

Continue reading

Troubleshooting a full /boot partition on Ubuntu

Show vulnerable packages on Arch Linux with arch-audit

Linux security guide: the extended version

How to solve an expired key (KEYEXPIRED) with apt

4 comments

Example for Arch Linux:

$ pacman -Qo /usr/bin/ls
/usr/bin/ls is owned by coreutils 8.26-1

Thanks for sharing Frank

Hey, place a like button somewhere in your blog pages!.

Those like buttons can leak information to Facebook and Twitter, so that is why there are none 🙂

Leave a Reply Cancel reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

About Linux Audit

This blog is part of our mission: help individuals and companies, to scan and secure their systems. We simply love Linux security, system hardening, and questions regarding compliance.

Besides the blog, we have our security auditing tool Lynis. Open source, GPL, and free to use.

For those with enterprise needs, or want to audit multiple systems, there is an Enterprise version.

«One security solution to audit, harden, and secure your Linux/UNIX systems.»

Benefits:

• Perform audits within a few minutes
• Central management
• Powerful reporting
• Compliance checks (e.g. PCI DSS)
• Additional plugins and more tests

Enjoy the articles!

Linux and UNIX security automation

Lynis is a free and open source security scanner. It helps with testing the defenses of your Linux, macOS, and Unix systems. Typical use-cases for this software include system hardening, vulnerability scanning, and checking compliance with security standards (PCI-DSS, ISO27001, etc).

Recent Posts

Contact

This blog is part of our mission to share valuable tips about Linux security. We are reachable via @linuxaudit

Company details

CISOfy
De Klok 28,
5251 DN, Vlijmen, The Netherlands
+31-20-2260055

Источник

File systems

In computing, a file system or filesystem controls how data is stored and retrieved. Without a file system, information placed in a storage medium would be one large body of data with no way to tell where one piece of information stops and the next begins. By separating the data into pieces and giving each piece a name, the information is easily isolated and identified. Taking its name from the way paper-based information systems are named, each group of data is called a «file». The structure and logic rules used to manage the groups of information and their names is called a «file system».

Individual drive partitions can be setup using one of the many different available filesystems. Each has its own advantages, disadvantages, and unique idiosyncrasies. A brief overview of supported filesystems follows; the links are to Wikipedia pages that provide much more information.

Contents

Types of file systems

The factual accuracy of this article or section is disputed.

See filesystems(5) for a general overview and Wikipedia:Comparison of file systems for a detailed feature comparison. File systems supported by the kernel are listed in /proc/filesystems .

In-tree and FUSE file systems

File system	Creation command	Userspace utilities	Archiso [1]	Kernel documentation [2]	Notes
Btrfs	mkfs.btrfs(8)	btrfs-progs	Yes	btrfs.html	Stability status
VFAT	mkfs.fat(8)	dosfstools	Yes	vfat.html	Windows 9x file system
exFAT	mkfs.exfat(8)	exfatprogs	Yes	Native file system in Linux 5.4. [3]
	mkexfatfs(8)	exfat-utils	No	N/A (FUSE-based)
F2FS	mkfs.f2fs(8)	f2fs-tools	Yes	f2fs.html	Flash-based devices
ext3	mkfs.ext3(8)	e2fsprogs	Yes	ext3.html
ext4	mkfs.ext4(8)	e2fsprogs	Yes	ext4.html
HFS	mkfs.hfsplus(8)	hfsprogs AUR	No	hfs.html	Classic Mac OS file system
HFS+	mkfs.hfsplus(8)	hfsprogs AUR	No	hfsplus.html	macOS (8–10.12) file system
JFS	mkfs.jfs(8)	jfsutils	Yes	jfs.html
NILFS2	mkfs.nilfs2(8)	nilfs-utils	Yes	nilfs2.html	Raw flash devices, e.g. SD card
NTFS	No	ntfs.html	Windows NT file system. Kernel’s in-built driver has very limited write support. officially supported kernels are built without CONFIG_NTFS_FS so this driver is not available.
	mkfs.ntfs(8)	ntfs-3g	Yes	N/A (FUSE-based)	FUSE driver with extended capabilities.
ReiserFS	mkfs.reiserfs(8)	reiserfsprogs	Yes
UDF	mkfs.udf(8)	udftools	Yes	udf.html
XFS	mkfs.xfs(8)	xfsprogs	Yes

Out-of-tree file systems

File system	Creation command	Kernel patchset	Userspace utilities	Notes
APFS	mkapfs(8)	linux-apfs-rw-dkms-git AUR	apfsprogs-git AUR	macOS (10.13 and newer) file system. Read only, experimental.
Bcachefs	bcachefs(8)	linux-bcachefs-git AUR	bcachefs-tools-git AUR
NTFS3	ntfs3-dkms AUR	Paragon NTFS3 driver FAQ
Reiser4	mkfs.reiser4(8)	reiser4progs AUR
ZFS	zfs-linux AUR , zfs-dkms AUR	zfs-utils AUR	OpenZFS port

Journaling

All the above filesystems with the exception of exFAT, ext2, FAT16/32, Reiser4 (optional), Btrfs and ZFS, use journaling. Journaling provides fault-resilience by logging changes before they are committed to the filesystem. In the event of a system crash or power failure, such file systems are faster to bring back online and less likely to become corrupted. The logging takes place in a dedicated area of the filesystem.

Not all journaling techniques are the same. Ext3 and ext4 offer data-mode journaling, which logs both data and meta-data, as well as possibility to journal only meta-data changes. Data-mode journaling comes with a speed penalty and is not enabled by default. In the same vein, Reiser4 offers so-called «transaction models» which not only change the features it provides, but in its journaling mode. It uses a different journaling techniques: a special model called wandering logs which eliminates the need to write to the disk twice, write-anywhere—a pure copy-on-write approach (mostly equivalent to btrfs’ default but with a fundamentally different «tree» design) and a combined approach called hybrid which heuristically alternates between the two former.

The other filesystems provide ordered-mode journaling, which only logs meta-data. While all journaling will return a filesystem to a valid state after a crash, data-mode journaling offers the greatest protection against corruption and data loss. There is a compromise in system performance, however, because data-mode journaling does two write operations: first to the journal and then to the disk (which Reiser4 avoids with its «wandering logs» feature). The trade-off between system speed and data safety should be considered when choosing the filesystem type. Reiser4 is the only filesystem that by design operates on full atomicity and also provides checksums for both meta-data and inline data (operations entirely occur, or they entirely do not and does not corrupt or destroy data due to operations half-occurring) and by design is therefore much less prone to data loss than other file systems like Btrfs.

Filesystems based on copy-on-write (also known as write-anywhere), such as Reiser4, Btrfs and ZFS, have no need to use traditional journal to protect metadata, because they are never updated in-place. Although Btrfs still has a journal-like log tree, it is only used to speed-up fdatasync/fsync.

FUSE-based file systems

Stackable file systems

• aufs — Advanced Multi-layered Unification Filesystem, a FUSE based union filesystem, a complete rewrite of Unionfs, was rejected from Linux mainline and instead OverlayFS was merged into the Linux Kernel.

http://aufs.sourceforge.net || linux-aufsAUR

• eCryptfs — The Enterprise Cryptographic Filesystem is a package of disk encryption software for Linux. It is implemented as a POSIX-compliant filesystem-level encryption layer, aiming to offer functionality similar to that of GnuPG at the operating system level.

https://ecryptfs.org || ecryptfs-utils

• mergerfs — a FUSE based union filesystem.

https://github.com/trapexit/mergerfs || mergerfsAUR

• mhddfs — Multi-HDD FUSE filesystem, a FUSE based union filesystem.

http://mhddfs.uvw.ru || mhddfsAUR

• overlayfs — OverlayFS is a filesystem service for Linux which implements a union mount for other file systems.

https://www.kernel.org/doc/html/latest/filesystems/overlayfs.html || linux

• Unionfs — Unionfs is a filesystem service for Linux, FreeBSD and NetBSD which implements a union mount for other file systems.

https://unionfs.filesystems.org/ || not packaged? search in AUR

• unionfs-fuse — A user space Unionfs implementation.

https://github.com/rpodgorny/unionfs-fuse || unionfs-fuse

Read-only file systems

• EROFS — Enhanced Read-Only File System is a lightweight read-only file system, it aims to improve performance and compress storage capacity.

https://www.kernel.org/doc/html/latest/filesystems/erofs.html || erofs-utils

• SquashFS — SquashFS is a compressed read only filesystem. SquashFS compresses files, inodes and directories, and supports block sizes up to 1 MB for greater compression.

https://github.com/plougher/squashfs-tools || squashfs-tools

Clustered file systems

• Ceph — Unified, distributed storage system designed for excellent performance, reliability and scalability.

https://ceph.com/ || ceph

• Glusterfs — Cluster file system capable of scaling to several peta-bytes.

https://www.gluster.org/ || glusterfs

• IPFS — A peer-to-peer hypermedia protocol to make the web faster, safer, and more open. IPFS aims replace HTTP and build a better web for all of us. Uses blocks to store parts of a file, each network node stores only content it is interested, provides deduplication, distribution, scalable system limited only by users. (currently in alpha)

https://ipfs.io/ || go-ipfs

• MooseFS — MooseFS is a fault tolerant, highly available and high performance scale-out network distributed file system.

https://moosefs.com || moosefs

• OpenAFS — Open source implementation of the AFS distributed file system

https://www.openafs.org || openafsAUR

• OrangeFS — OrangeFS is a scale-out network file system designed for transparently accessing multi-server-based disk storage, in parallel. Has optimized MPI-IO support for parallel and distributed applications. Simplifies the use of parallel storage not only for Linux clients, but also for Windows, Hadoop, and WebDAV. POSIX-compatible. Part of Linux kernel since version 4.6.

https://www.orangefs.org/ || not packaged? search in AUR

• Sheepdog — Distributed object storage system for volume and container services and manages the disks and nodes intelligently.

https://sheepdog.github.io/sheepdog/ || sheepdogAUR

• Tahoe-LAFS — Tahoe Least-Authority Filesystem is a free and open, secure, decentralized, fault-tolerant, peer-to-peer distributed data store and distributed file system.

https://tahoe-lafs.org/ || tahoe-lafsAUR

Shared-disk file system

• GFS2 — GFS2 allows all members of a cluster to have direct concurrent access to the same shared block storage

https://pagure.io/gfs2-utils || gfs2-utilsAUR

• OCFS2 — The Oracle Cluster File System (version 2) is a shared disk file system developed by Oracle Corporation and released under the GNU General Public License

https://oss.oracle.com/projects/ocfs2/ || ocfs2-toolsAUR

• VMware VMFS — VMware’s VMFS (Virtual Machine File System) is used by the company’s flagship server virtualization suite, vSphere.

https://www.vmware.com/products/vi/esx/vmfs.html || vmfs-toolsAUR

Identify existing file systems

To identify existing file systems, you can use lsblk:

An existing file system, if present, will be shown in the FSTYPE column. If mounted, it will appear in the MOUNTPOINT column.

Create a file system

File systems are usually created on a partition, inside logical containers such as LVM, RAID and dm-crypt, or on a regular file (see Wikipedia:Loop device). This section describes the partition case.

Before continuing, identify the device where the file system will be created and whether or not it is mounted. For example:

Mounted file systems must be unmounted before proceeding. In the above example an existing filesystem is on /dev/sda2 and is mounted at /mnt . It would be unmounted with:

To find just mounted file systems, see #List mounted file systems.

To create a new file system, use mkfs(8) . See #Types of file systems for the exact type, as well as userspace utilities you may wish to install for a particular file system.

For example, to create a new file system of type ext4 (common for Linux data partitions) on /dev/sda1 , run:

The new file system can now be mounted to a directory of choice.

Mount a file system

To manually mount filesystem located on a device (e.g., a partition) to a directory, use mount(8) . This example mounts /dev/sda1 to /mnt .

This attaches the filesystem on /dev/sda1 at the directory /mnt , making the contents of the filesystem visible. Any data that existed at /mnt before this action is made invisible until the device is unmounted.

fstab contains information on how devices should be automatically mounted if present. See the fstab article for more information on how to modify this behavior.

If a device is specified in /etc/fstab and only the device or mount point is given on the command line, that information will be used in mounting. For example, if /etc/fstab contains a line indicating that /dev/sda1 should be mounted to /mnt , then the following will automatically mount the device to that location:

mount contains several options, many of which depend on the file system specified. The options can be changed, either by:

• using flags on the command line with mount
• editing fstab
• creating udev rules
• compiling the kernel yourself
• or using filesystem-specific mount scripts (located at /usr/bin/mount.* ).

See these related articles and the article of the filesystem of interest for more information.

List mounted file systems

To list all mounted file systems, use findmnt(8) :

findmnt takes a variety of arguments which can filter the output and show additional information. For example, it can take a device or mount point as an argument to show only information on what is specified:

findmnt gathers information from /etc/fstab , /etc/mtab , and /proc/self/mounts .

Источник