Upload
peter-martin
View
57
Download
0
Embed Size (px)
DESCRIPTION
The Linux command line is a powerful tool. The majority of webservers run on Linux/Unix. Some hosting companies offer SSH access to their hosting environment. Via SSH you can login and use the Linux command line.In this presentation Peter will show you some time saving command line commands that you can use for tasks regarding your Joomla websites:* some basic SSH command line commands* Analyzing & recovering a hacked website* Backup a website* Finding unused files* Setting up a test environment (Using Vagrant & Docker)
Citation preview
>LinuxCommandLineMagic
by Peter Martin www.db8.nl / @pe7er
1
1.Introduction
2.Commands
3.Basics
4.Connecting
5.Scripts
Linux Command Line Magic
6.Backup
7.Finding Files
8.Recover hack
9.In a Box
1. Introduction
Linux Cross-platform operating system Open Source & Free Very stable
Multi user Multi tasking
Popular Majority of Internet servers
Origin Minix (Unix-like operating system)
Debian .deb Debian Ubuntu
Distributions Red Hat .rpm
Fedora CentOS
Other Slackware Arch Linux Gentoo
Commercial BSD/OS Solaris Mac OS
Unix Free
FreeBSD NetBSD OpenBSD
2. Commands
man
On-line reference manualsman man
ls
List directory contentsls -al
List deviceslsusb
lspci
lsmod
mkdir
Make directorymkdir jab15
(rmdir = remove directory)
cd
Change directorycd jab15
cd ..
cd ~
cd /var/www/
cat
Display (= concatenate files & print) filecat configuration.php
nano
Edit filenano configuration.php
cp
Copy filecp somefile.txt newcopiedfile.txt
mv
Move filemv newcopiedfile.txt new-copied-file.txt
rm
Remove file/directory (be careful !)rm /var/www/joomla-cms/configuration.phprm -R /var/www/joomla-cms/installation
chmod
Change permissionssudo chmod +x somescript.sh
chown
Change ownershipsudo chown someone:group example_file.txt
3. Basics
Files
Linux = everything = file
Files are us
Files / folders
Access Rights: Permissions
read (4), write (2), and execute (1) Ownership on 3 levels:
Owner Username / name of process
(e.g. Apache = www-data) Group
Users assigned to same group have same permissions Public
File
-rw-r--r-- 1 peter pc 1174 Nov 7 15:50 example_file.txt
read (4)write (2)execute (1)
ownerrw-
r(4)+w(2)
groupr--
r(4)
publicr--
r(4)
= 644
Users
Users Regular users: username@computer:~$ Root user: root@computer:~# whoami
Change user: su some_username su root, or just su
Run command
Command + parameters
Run sh script: somescript.shpermissions executable OR ./somescript.sh
Run under user as root Sudo [command]
Basics
~ tilde = default direcory (sort of my documents)
cd ~
> greater-than sign = write output to new file
ls -al > file-with-list-of-directory.txt
>> double greater-than = add output to existing file
ls -al ~ >> file-with-list-of-directory.txt
Basics
| pipe = to chain commands
ls | less
[email protected]:/var/www/joomla-cms$ cat configuration.php | grep password
public $password = 'my-secret-db-password';
Symbolic links
Create symbolic link: ln ln -s [TARGET DIR/FILE] [SHORTCUT]
[email protected]:~$ ln -s /var/www/joomla-cms joomla-test
[email protected]:~$ ls -aldrwxr-xr-x 2 peter pc 4096 Oct 26 20:34 .drwxr-xr-x 56 peter pc 4096 Oct 26 19:29 ..-rw-r--r-- 1 peter pc 0 Nov 7 15:50 example_file.txtlrwxrwxrwx 1 peter pc Nov 7 15:50 joomla-test -> /var/www/joomla-cms
4. Connecting
Terminal
Text TerminalTTY TeleTYpewriter
Terminal
Windows Client program for SSH: PuTTY
Mac OSX Built in Terminal
Linux Built in Terminal Emulator
SSH
Secure Shelluses public-key cryptography (Authenticate & Secure data communication)
peter@computer:~$ ssh [email protected]
SSH
peter@computer:~$ ssh [email protected]
The authenticity of host 'example.com (93.184.216.119)' can't be established.RSA key fingerprint is 10:51:ab:f5:d7:[..]:17:16:1f:22:33.Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'example.com,93.184.216.119' (RSA) to the list of known [email protected]'s password:
Keyless login
Generate public/private rsa authentication key pair:
$ ssh-keygen -t rsa
On computer: private key: ~/.ssh/id_rsa
public key: ~/.ssh/id_rsa.pub
Install public key on the server:ssh-copy-id [email protected]
5. Scripts
Automation Automate repetitive tasks
Automate a bunch of commands Use variables & input / output
Automatic automation based on time?Crontab (aka cronjob)
Shell vs bash
ShellThe Bourne shell (sh) command-line interpreter
Scripts start with: #!/bin/sh
Often symbolic link to bash
BashBourne-again shell, free replacement for Bourne shell (sh) with more features and better syntax
Scripts start with: #!/bin/bash
Dash?
On Ubuntu/Debian:
~$ ls -al /bin/sh
lrwxrwxrwx 1 root root 4 Mar 1 2012 /bin/sh -> dash
= Debian Almquist shell = default for /bin/sh
Bash is the default login shell for interactive use
Example
Example.sh
#!/bin/bash
# declare STRING variableSTRING="Hello Joomla!"
#print variable on a screenecho $STRING
6. Backup
Backup files
Remote synchronization rsync from source to destination
$ rsync -arv [email protected]:~/joomla-cms/ /var/www/joomla-cms-backup/
username @ server : folder
username @ server : folder
Backup database
MySQL Dump
$ mysqldump -u username -p dbname > some-sql-outputname.txt
7. Finding Files
Search
find find files
locate find files quicker (stored in database)
whereis locates source/binary and manuals
which returns the pathnames of a file
Lost files
Find specific filefind /var/www/ -name configuration.php
Biggest files
Show 15 biggest files:$ find . -type f -exec du -Sh {} + | sort -rh | head -n 15
Recent new files
Created in last 7 days:find . -type f -ctime -7
Recent edited files
Changed in last 7 to 3 days:find . -type f -mtime -7 ! -mtime -3
Unused images
Scan for unused images: 1. create SQL dump & 2. compare files in /images/ with SQL dump
Script "jfindfiles" from Rene Kreijveldhttps://gist.github.com/renekreijveld/
8. Recover Hack
Recover Hack Backup current situation (See 6. Backup) Analysis
Hacked files Log files server
Remove vulnerability Clean Files
Find New files (last 10 days)
find images/ -name "*.php" -mtime -10
New files during hacker activityfind . -type f -newermt 2014-03-09 ! -newermt 2014-03-11
file date & time can be modified....
Find Search for hacker scripts
grep -r "eval" /var/www/joomla-cms | grep "base64_decode"
can be concealed...
NeoPi
Detection of hidden web shell codeNeeds Python 2.6
Install
$ git clone https://github.com/Neohapsis/NeoPI.git
Run
$ /var/www/NeoPI/neopi.py -Aa /var/www/joomla-cms
9. In a box
VirtualBox
Computer within Computer
Download https://www.virtualbox.org/
Start Virtualbox
Install Operating system e.g. using .iso image Installing takes a lot of time
Vagrant
Creating and configuring virtual development environments wrapper around virtualization software
Download http://www.vagrantup.com/ Install on Debian Linux:
$ sudo dpkg i vagrant_1.5.2_x86_64.deb
Vagrant
Use Vagrant:
folder + configuration file Vagrantfile
Vagrant Cloud
Ready-built virtual environments
Find ready made environment https://vagrantcloud.com/
e.g. Debian 7 64 bithttps://vagrantcloud.com/chef/boxes/debian-7.8
Install Vagrant Box
$ vagrant box add chef/debian-7.8
Install Vagrant Box
Folder for each projecte.g. ~/Vagrant/jab15
Initialize Vagrant Box
$ vagrant init chef/debian-7.8
Configuration: Vagrantfileconfig.vm.box = "chef/debian-7.8"
config.vm.network "forwarded_port", guest: 80, host: 8080
Vagrant Box
Start Vagrant Box
$ vagrant up
Log in on Vagrant Box
$ vagrant ssh
Apache
Manual installation$ sudo apt-get install apache2
Start/stop/restart$ sudo service apache2 start $ sudo service apache2 stop $ sudo service apache2 restart
Installation mod rewrite$ sudo a2enmod rewrite
Apache
Mod Rewrite not working?$ sudo nano /etc/apache2/sites-enabled/000-default
AllowOverride None AllowOverride All
Could not reliably determine the server's fully qualified domain name, using 127.0.1.1 for ServerName
$ echo "ServerName localhost" | sudo tee /etc/apache2/conf.d/fqdn
Apache ownership issues
Run Apache under user vagrant (not on live site!)
$ sudo nano /etc/apache2/envvars
export APACHE_RUN_USER=vagrantexport APACHE_RUN_GROUP=vagrant
Restart Apache error?$ sudo rm -R /var/lock/apache2
Assign webroot & files to user vagrant:$ sudo chown -R vagrant:vagrant /var/www/
Server Script PHP
Installation PHP + MySQL part$ sudo apt-get install php5 php5-mysql mysql
Test:$ sudo nano /var/www/test.php
Database GUI phpMyAdmin
Installation$ sudo apt-get install phpmyadmin
Browserhttp://localhost:8080/phpmyadmin/
Joomla
Installation$ sudo wgethttps://github.com/joomla/joomla-cms/releases/download/3.4.1/Joomla_3.4.1-Stable-Full_Package.zip
Unzip$ sudo unzip Joomla_3.4.1-Stable-Full_Package.zip
Browserhttp://localhost:8080/joomla/
Check out...
Linux Containershttps://linuxcontainers.org/
one box per application & connect boxes
Dockerhttps://www.docker.com/
Conclusion
1.Introduction
2.Commands
3.Basics
4.Connecting
5.Scripts
Conclusion
6.Backup
7.Finding Files
8.Recover hack
9.In a Box
Questions?
Peter Martin
e-mail: info at db8.nl
website: www.db8.nl
twitter: @pe7er
Presentation: http://www.db8.nl
Used PhotosTitle sheet:
Magic Wand - Open Clip Art Library, 2011
http://commons.wikimedia.org/wiki/File:Magic_Wand.svg GNU Linux - "Wipes Windows in seconds!"
http://www.schnews.org.uk/images/560-linux-large.jpg Raspberry Pi Switched On Tech Design
http://www.sotechdesign.com.au/raspberry-pi-has-arrived/ Wikimedia Servers-0051 16, Helpameout, 2012
http://commons.wikimedia.org/wiki/File:Wikimedia_Servers-0051_16.jpg
1. Computer 1. General IBM Electronic Data Processing Machine - GPN-2000-001881, NASA, 1957 http://upload.wikimedia.org/wikipedia/commons/2/20/IBM_Electronic_Data_Processing_Machine_-
_GPN-2000-001881.jpg
2. Basics Lego Color Bricks, Alan Chia, 2007
http://commons.wikimedia.org/wiki/File:Lego_Color_Bricks.jpg
Used Photos3. Commands
US Navy 110913-N-DR144-348 Rig Captain Boatswain's Mate 2nd Class Christopher Cook gives orders as deck department Sailors launch a rigid hull infl - James R. Evans, 2011
http://commons.wikimedia.org/wiki/File:US_Navy_110913-N-DR144-348_Rig_Captain_Boatswain%27s_Mate_2nd_Class_Christopher_Cook_gives_orders_as_deck_department_Sailors_launch_a_rigid_hull_infl.jpg
CPM-Manual - Hubert Berberich, 2011
http://commons.wikimedia.org/wiki/File:CPM-Manual.jpg Red Book Dec 1915 Contents Page - Red Book Corporation, 1915
http://commons.wikimedia.org/wiki/File:Red_Book_Dec_1915_Contents_Page_-_Unbaited_Trap.jpg Archive boxes 2 - Effeietsanders, 2009
http://commons.wikimedia.org/wiki/File:Archive_boxes_2.JPG Touch to exit - Tom Rolfe, 2007
http://commons.wikimedia.org/wiki/File:Touch_to_exit.jpg Neon sign, "CHANGE" - Felix Burton, 2005
http://commons.wikimedia.org/wiki/File:Neon_sign,_%22CHANGE%22.jpg Cat November 2010-1a - Alvesgaspar, 2010
http://commons.wikimedia.org/wiki/File:Cat_November_2010-1a.jpg CSIRO ScienceImage 1342 Nanotechnology - division, CSIRO, 2003
http://commons.wikimedia.org/wiki/File:CSIRO_ScienceImage_1342_Nanotechnology.jpg Xerox Phaser 4600 - JackPotte, 2012
http://commons.wikimedia.org/wiki/File:Xerox_Phaser_4600.png
Used Photos Long Distance Movers - RoadWay Van Lines, 2014
http://commons.wikimedia.org/wiki/File:Long_Distance_Movers.jpg Vuilnisbak-Lebbeke - Volkov Vitaly, 2005
http://commons.wikimedia.org/wiki/File:Vuilnisbak-Lebbeke.JPG TRTC Taipei Main Station No-bicycle-access notice - Solomon203, 2013
http://commons.wikimedia.org/wiki/File:TRTC_Taipei_Main_Station_No-bicycle-access_notice_20130324.jpg Prva samopostrena trgovina v Mariboru na Partizanski cesti 1960 - Joe Gal, 1960
http://commons.wikimedia.org/wiki/File:Prva_samopostre%C5%BEna_trgovina_v_Mariboru_na_Partizanski_cesti_1960_(1).jpg
4. Connecting Switchboard Manual - Peel Conner, Geez-oz, 2012
http://commons.wikimedia.org/wiki/File:Switchboard_Manual_-_Peel_Conner.JPG Bundesarchiv Bild 183-2008-0516-500, Fernschreibmaschine mit Telefonanschluss - Illger, Willi, 1930
http://commons.wikimedia.org/wiki/File:Bundesarchiv_Bild_183-2008-0516-500,_Fernschreibmaschine_mit_Telefonanschluss.jpg
5. Scripts Binary Code, Cncplayer, 2013
http://commons.wikimedia.org/wiki/File:Binary_Code.jpg
Used Photos6. Finding Files
Postcards and magnifying glass, Anna, 2007
http://commons.wikimedia.org/wiki/File:Postcards_and_magnifying_glass.jpg Bundesarchiv Bild 183-M0125-421, Fundbro in Berlin - Klaus Franke, 1973
http://commons.wikimedia.org/wiki/File:Bundesarchiv_Bild_183-M0125-421,_Fundb%C3%BCro_in_Berlin.jpg
DARPA Big Data - DARPA, 2013
http://commons.wikimedia.org/wiki/File:DARPA_Big_Data.jpg Magnifying glass - Faberge - shakko, 2011
http://commons.wikimedia.org/wiki/File:Magnifying_glass_-_Faberge.jpg Magnifying glass on antique table - Stphane Magnenat, 2008
http://commons.wikimedia.org/wiki/File:Magnifying_glass_on_antique_table.jpg Unused Phonebooks - David Shankbone, 2013
http://commons.wikimedia.org/wiki/File:Unused_Phonebooks.JPG
7. Backup IBM 7330 on white background, Crisco 1492, 2013
http://commons.wikimedia.org/wiki/File:IBM_7330_on_white_background.jpg
Used Photos8. In a box
Carton empty box - humusak2
http://www.freeimages.com/photo/1440365 Virtualbox logo, Oracle Corporation, 2010
http://en.wikipedia.org/wiki/File:Virtualbox_logo.png Vagrant - Fco.plj, 2013 http://en.wikipedia.org/wiki/File:Vagrant.png
9. Recover hack Youve-been-hacked, Hanonen, 2014
http://commons.wikimedia.org/wiki/File:Youve-been-hacked.jpg
Conclusion EquinoxeJuniorHighPac-Man - Equinoxe, 2012
http://www.c64-wiki.com/index.php/File:EquinoxeJuniorHighPac-Man.png
Slide 1Slide 2Slide 3Slide 4Slide 5Slide 6Slide 7Slide 8Slide 9Slide 10Slide 11Slide 12Slide 13Slide 14Slide 15Slide 16Slide 17Slide 18Slide 19Slide 20Slide 21Slide 22Slide 23Slide 24Slide 25Slide 26Slide 27Slide 28Slide 29Slide 30Slide 31Slide 32Slide 33Slide 34Slide 35Slide 36Slide 37Slide 38Slide 39Slide 40Slide 41Slide 42Slide 43Slide 44Slide 45Slide 46Slide 47Slide 48Slide 49Slide 50Slide 51Slide 52Slide 53Slide 54Slide 55Slide 56Slide 57Slide 58Slide 59Slide 60Slide 61Slide 62Slide 63Slide 64Slide 65Slide 66Slide 67Slide 68Slide 69Slide 70Slide 71Slide 72Slide 73Slide 74Slide 75Slide 76Slide 77Slide 78Slide 79