LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Software (https://www.linuxquestions.org/questions/linux-software-2/)
-   -   bash or perl replace .. maybe sed (https://www.linuxquestions.org/questions/linux-software-2/bash-or-perl-replace-maybe-sed-590916/)

hostpc 10-10-2007 07:26 PM
bash or perl replace .. maybe sed
 
Here's a situation I need some help with. Hopefully the brainy people here can shed some light.

I have a web server with several dozen clients. Each client has web space defined as:

/home/USERNAME/domains/ANYDOMAIN.COM/public_html

under each username, they can have multiple domains - so USERNAME can have DOMAIN1.com DOMAIN2.com DOMAIN3.com - etc.

in each of those public_html folders, there's index pages, website contents, etc.

I need to search ALL html and php pages for specific content - in this case, it's an iframe exploit (thank you very much Joomla) that potentially affected multiple USERNAMES

I started with

Code:
sed 's/<html><iframe width=0 height=0 frameborder=0 src=http:\/\/www[.]o00o[.]info\/portal\/index[.]php?aff=xiz marginwidth=0 marginheight=0 vspace=0 hspace=0 allowtransparency=true scrolling=no><\/iframe><\/html>/\&nbsp;/g' index.html > TMPFILE && mv TMPFILE index.html;
The iframe code is consistent through any page.

which sorta works fine, for one user at a time, however - it leaves the resulting index.html file as owned by root (script owned/run by root).

What I need to accomplish is to remove that iframe content from any page (index.html or index.php) page on the server - in any USERNAME - and leave the resulting file owned by the original user.

The part I need help with is the "for i" scripting around it - and understanding that the USERNAME needs to be changed for each directory it's in.

It needs to search the entire /home structure. I realize it'll take time - I'm ok with that... but if you have a better way, I'm all ears.


Thanks for any help you can offer!


Joe

jschiwal 10-10-2007 08:59 PM
You could use sudo and the sed option "-i" to edit the file inplace. The problem is that the redirection is interpreted as a redirection for the "sudo" command and not the command being executed. Look at the sudo manpage:
Quote:
To make a usage listing of the directories in the /home partition.
Note that this runs the commands in a sub-shell to make the cd and file
redirection work.

$ sudo sh -c "cd /home ; du -s * │ sort -rn > USAGE"
Code:
hpamd64:/home/jschiwal # sudo -u jschiwal sh -c "sed 's/<iframe>.*<\/iframe>//g' test >result"
hpamd64:/home/jschiwal # ls -l result

hostpc 10-10-2007 09:37 PM
Quote:
Originally Posted by jschiwal (Post 2920326)
You could use sudo and the sed option "-i" to edit the file inplace. The problem is that the redirection is interpreted as a redirection for the "sudo" command and not the command being executed. Look at the sudo manpage:


Code:
hpamd64:/home/jschiwal # sudo -u jschiwal sh -c "sed 's/<iframe>.*<\/iframe>//g' test >result"
hpamd64:/home/jschiwal # ls -l result

I went through all that work escaping the /'s ... and your trick would have done it? Dang! :)

Any feedback on how the user can be dynamically changed based on the directory it's in?

osor 10-11-2007 12:05 PM
Quote:
Originally Posted by hostpc (Post 2920355)
I went through all that work escaping the /'s ... and your trick would have done it? Dang! :)
Just an FYI, if you have a lot of “/” characters, you don’t have to use “/” as a delimiter in a sed substitution. For example, your original match might have been more readable with something like the pipe character (“|”) as the delimiter:
Code:
sed -e 's|<html><iframe width=0 height=0 frameborder=0 src=http://www[.]o00o[.]info/portal/index[.]php?aff=xiz marginwidth=0 marginheight=0 vspace=0 hspace=0 allowtransparency=true scrolling=no></iframe></html>|\&nbsp;|g' index.html > TMPFILE && mv TMPFILE index.html;
Quote:
Originally Posted by hostpc (Post 2920355)
Any feedback on how the user can be dynamically changed based on the directory it's in?
Something like
Code:
sudo -u $(basename $PWD) …

matthewg42 10-11-2007 04:21 PM
Sed can modify files "in-place" by using the -i option (the existing file is modified rather than having to create a new file using re-direction and then moving it). This doesn't affect the owner of the file, so it might serve you better than using re-direction and mv.

This is clearly a risky operation - you must be sure that you have the correct command else you could cause a lot of trouble. You can add something after the -i and in this case a backup file will be created with this suffix, e.g.
Code:
$ ls data*
data
$ sed -i.backup 's/old/new/g' data
$ ls data*
data    data.backup
But again, be a little careful as existing files with the filename and the backup suffix will be overwritten.

Using find to locate files and piping that into "xargs sed -i.backup ..." should do the trick.


All times are GMT -5. The time now is 03:09 PM.