How-to background this bash command?
env is rhel 5.8
how to run this one-liner from cli in the background ? Code:
for i in `find / -exec file {} \; | grep "ELF" | cut -d ":" -f 1`; do md5sum $i >> all-ELF-md5.log; done; grep -P 'b3eb1ec8094fa10169dba7a8bd1a97f1|ab106d75a3b87641937d5a8891abc8ce|9794562db2792954b8c5c1ce84aae0f5' all-ELF-md5.log; echo $? |
Code:
# ( all_that_stuff ) & |
thanks a bunch.
|
well, error on my centOS 6, w/ or w/o sudo
Code:
sudo ( for i in `find / -exec file {} \; | grep "ELF" | cut -d ":" -f 1`; do md5sum $i >> all-ELF-md5.log; done; grep -P 'b3eb1ec8094fa10169dba7a8bd1a97f1|ab106d75a3b87641937d5a8891abc8ce|9794562db2792954b8c5c1ce84aae0f5' all-ELF-md5.log; echo $? ) & -bash: syntax error near unexpected token 'for' the user running this is not root, but it needs to run as root so sudo will be used. then, after it runs the bg PID has to be reniced to +19 |
where did sudo come from? yeah that totally breaks it!
If you don't need to enter a password then just include the sudo as well, otherwise if gets tricky if you need to enter the password. |
well, i can deal with the sudo password issue, but the uid using sudo has NOPASSWD in sudoers
but even w/o sudo there i still get error. and weird, its bash 4.1.2-9.el6_2 and i get a stdin prompt when running w/o sudo and w/o ()& is the syntax wrong here? |
Why don't you make it easier on yourself, save
Code:
find / -type f -exec file {} \; 2>/dev/null| awk -F':' '/ELF/ {print $1}" | while read ITEM; do I often use 'at': Code:
sudo at -f ~/tmp/script.sh now |
well, the command needs to run on many customer servers, and the sysadmin folks have to do the work, and, rather not have the sysadmins creating executable script on the customer systems. hosted environment, etc.
i was wanting to just have sysadmin copy/paste command into ssh window and then give me the output of $? for the system. the command has to be reniced to +19 (customer request) so basically its this: 1. md5 all ELF files on the system (hence sudo) 2. grep for matching MD5 3. get exit status of grep $? (if it finds a match exit will = 0) 4. this whole thing has to be reniced to +19 5, a command that is copy/paste for sysadmin is best, w/o the use of creating a script file on the system is this correct awk -F':' '/ELF/ {print $1}" |
Quote:
Quote:
Code:
awk -F':' '/ELF/ {print $1}' The real problem however isn't even in who, where or how your commands will be executed (not that you've motivated why responsible personnel can run commands but aren't allowed to save a script to say /dev/shm and run it anyway) but what and how you are searching for (and I think I've got a pretty good idea): - if the binaries have been changed involuntarily (prelinking?), - if I change the ELF comment section (objcopy) or recompile it, - if I obfuscate the ELF header (see Samhain source for an example), use a packer or encryption, - if I piggyback the ELF onto another binary, - if the binaries reside inside a compressed archive or - if I place versions for a different arch or upload the source tarball (no use but still considered a hostile act) your check will return a clean result and then you won't have catched anything. And with only three hashes chances are you miss other foreign objects. Please rethink if what you intend to do is done in the most efficient way. |
i am looking specifically for the presence of three MD5 hashes of infection files found on another system. that is what i was tasked to do. the semantics behind the what-if's and pitfalls are not in scope. i am not conducting a forensic investigation on other systems looking in hidden areas to find these files.
i was trying to keep the sysadmin task as simple as possible to avoid human error as they manage lots of systems for lots of customers (thousands of systems for hundreds of customers), etc. as for my OP, it does the task i need on rhel (not sure why it failed on centOS6 yet), i was just wanting to know how to background that, and thus far i have a "write script" for it. i can go the script route, but whats the best way to renice it, just "renice 19 $$" at the top of the script, or perhaps just "sudo nice 19 ~/tmp/script.sh &", how would you do it? thanks. |
ok, this is what i have now
Code:
#!/bin/bash and for some odd reason, my CentOS6 doesnt have the 'file' command and thanks for the help |
Quote:
Quote:
Quote:
Code:
grep -qam1 ELF "${ITEM}" Code:
#!/bin/sh |
my lab system is centOS-6, thats where i was testing. the real systems are rhel 5.8
the script i have works ok and has been sent to the sysadmin folks to run on a bunch of systems. thanks. |
All times are GMT -5. The time now is 03:40 PM. |