How to show hidden files in Linux

Understanding hidden files in Linux

In Linux, hidden files are files that are not displayed by default when you list the contents of a directory. These files are typically used for configuration purposes and often contain settings and preferences for various applications and system components that should not be modified frequently.

Hidden files and directories start with a dot(.) in their names. For example,

• .bashrc contains user specific aliases and functions for the Bash shell
• .ssh stores SSH keys and configuration files and
• .profile contains environment variables and startup scripts for the shell.

This article elaborates how you can create and view hidden files and directories in Linux.

How to create hidden files in Linux

Creating a hidden file in Linux is straightforward. Simply prefix the file or directory name with a dot (.). You can do this via the command line interface or through the GUI.

Method 1: Creating hidden files using command-line

• If you want to create an empty hidden file, use the touch command and prefix the file name with a dot:

  $ touch newfile.txt

• If you want to hide an existing file, move the existing file under a new file name with a dot at the beginning:

  $mv <existing-file-name> .<hidden_file_name></hidden_file_name>

After creating a new hidden file or hiding an existing file, you can verify if it's hidden using ls command.

Method 2: Creating hidden files using GUI

• Right-click the directory or file which you want to hide.
• Select Rename
• Insert a dot(.) at the beginning of the filename to make it hidden.

How to show hidden files in Linux

To view the list of hidden files in Linux, you can either use the command line interface or the graphical user interface.

Method 1: Using the command line interface for viewing hidden files in Linux

ls command: The ls command in Linux doesn't display hidden files and directories by default. However, by using the -a option, you can reveal all files, including hidden ones. You can also tailor how hidden files are listed:

• Basic listing with -a: The -a option displays all files, including hidden ones.

  

• Detailed listing with -la: To view additional information like permissions, ownership, and modification time, combine the -l option with -a.

  

• Sorting and filtering: Combine the -a option with others to sort and filter the results. For instance, use ls -at to sort files by modification time.

  

find command: For more advanced users, the find command is a powerful tool that can be used to list hidden files across an entire directory tree in Linux. This is particularly useful when you need to search for hidden files in nested directories or when you're looking for specific files based on patterns.

• Finding all hidden files: To find all hidden files within a directory and its subdirectories, use the following command:

  find <Path> -type f -name '.*'
<

  

• Finding hidden files based on specific criteria: You can also refine your search based on criteria like file size, modification time, or file type. For example, to find hidden files larger than 1MB, use:

  Command: find -type f -name '.*' -size +1M

  

The find command is highly customizable, making it an indispensable tool when you need to list hidden files in Linux, especially in complex directory structures.

grep command: Sometimes, you may need to search within hidden files for specific content, such as a configuration setting or a particular string of text. The grep command can be used in combination with ls or find to accomplish this.

To search for a specific string within all hidden files in a directory, you can combine grep with the find command as follows.

Command: find -type f -name '.*' -exec grep -l '' {} +

This method is especially useful when troubleshooting or when you need to locate specific configurations hidden deep within your system files.

Method 2: Using file manager (GUI Method) to show hidden files in Linux

For users who prefer a graphical interface, most Linux desktop environments come with a built-in file manager that allows you to show hidden files with just a few clicks:

• a) GNOME files (Nautilus): In GNOME, the default file manager is Nautilus. To show hidden files, open Nautilus, navigate to the directory you want to explore, and press Ctrl + H. This will toggle the visibility of hidden files. Alternatively, you can use the menu option: View > Show Hidden Files.
• b) Dolphin (KDE): In KDE, the Dolphin file manager allows you to show hidden files by pressing Alt + . or by selecting View > Show Hidden Files from the menu.
• c) Thunar (Xfce): If you're using Xfce, Thunar is the default file manager. Like GNOME and KDE, you can show hidden files by pressing Ctrl + H or using the View menu.

Method 3: Using Midnight Commander (TUI Method) to view hidden files in Linux

Midnight Commander (mc) is a text-based file manager for Unix-like systems. It provides a two-pane view that allows you to navigate through your file system and easily toggle the visibility of hidden files:

Installation: If it's not already installed, you can install Midnight Commander using your package manager:

Viewing hidden files: Once in Midnight Commander, use the Atr+Period(.) or Esc+Period(.)

keyboard shortcut to toggle hidden file visibility.

Midnight Commander is particularly useful for users who prefer working within the terminal but want a more interactive experience than the standard ls command provides.

How ManageEngine EventLog Analyzer monitors hidden files

ManageEngine EventLog Analyzer, a comprehensive log management and compliance solution, helps sysadmins monitor the integrity of files and folders, track user activities, and generate reports for security auditing. The solution also comes with Linux monitoring and auditing capabilities that help you secure a Linux environment.

• Real-time file monitoring: Continuously audits file systems for any changes, including hidden files. Provides detailed information on who made the change, what was the change, when it happened, and from where. This ensures that no unauthorized changes go unnoticed, enabling quick responses to potential threats.
• Audit trails: Maintains a detailed audit trail of all file activities including creation, modification, deletion, renaming, and access. Provides essential information such as who accessed the files, what changes were made, and when. These reports can be scheduled, and they help trace the origin of suspicious hidden files and assess potential threats to your environment.
• Real-time alerts on suspicious activity: Real-time alerts based on predefined rules notify you immediately if a hidden file is created or modified in a sensitive directory. This feature is crucial for detecting hidden malicious files that adversaries may use to compromise your system, allowing for swift investigation and response.

Why are files hidden in Linux?

Before we delve into the methods of viewing hidden files, it's important to understand why certain files are hidden by default:

• System configuration: Many configuration files for system services and applications stored in the user's home directory are hidden to prevent unintentional edits by users.
• Cleaner file browsing: Hiding specific files helps declutter the user’s workspace, allowing them to focus on files they are more likely to interact with.
• Security: Some sensitive files may be hidden to provide an additional layer of protection, making it less likely for users to mistakenly modify or delete them.

While hidden files are a useful feature for managing system settings and personal configurations, adversaries might also use this feature to hide malicious files they install on your system. These hidden files can evade detection and remain active, posing a security risk. This makes it crucial to regularly monitor hidden files and directories, especially in sensitive environments.

Next steps: