Introduction to Prohibited Files
Author(s): Matthias Lee (ml2322)
Last Updated: 07-02-2025
Recommended Prerequisites (click to expand)
What are prohibited files?
Prohibited files are any files that are not supposed to be on a machine. This generally includes any sort of media, documents, games, malware, programs, installers, and anything else not default and not explicitly permitted. Do note that malware, installers, and programs may be under the category of Malware or Prohibited Software, however the strategies to find prohibited files still may apply.
File extensions
Files with the following extensions may be prohibited files:
mp3(audio)mp4(video)mov(video)ogg(audio)deb(program installer)zip(archive)gz(archive)tar(archive)py(script)sh(script)
Strategies to find prohibited files
Look manually
The most basic way to find prohibited files is to manually look through every user's folder for these. This can be done several ways, the most basic being ls to manually search their folders.
user@system:/home/user$ sudo ls /home/otheruser
Desktop
Documents
user@system:/home/user$ sudo ls /home/otheruser/Documents
1984_chapter_1_audiobook.mp3
Using tree
A slightly faster way to do this is to use the tree program. Tree will print a tree view of everything inside a directory, which makes it easy to filter for prohibited files.
Tree isn't always installed by default so you may need to use sudo apt install tree to install it. Once installed, you can do sudo tree /home. This will print every file inside
/home, and you can skim the results for unauthorized files.
user@system:/home/user$ sudo tree /home
/home
├── user
...
├── bob
│ ├── Desktop
│ ├── Documents
│ └── dQw4w9WgXcQ.mp3
...
Remediating prohibited files
Finding prohibited files is only one part of dealing with them, we need to get rid of them too. To do this, simply use the rm command
and specify the file you want to delete. Since other users may own these files, you might need to use sudo. For example:
user@system:/home/user$ sudo rm /home/bob/dQw4w9WgXcQ.mp3