Date post: | 27-Jun-2015 |
Category: |
Presentations & Public Speaking |
Upload: | peter-martin |
View: | 793 times |
Download: | 0 times |
Joomla World Conference 2014 - Cancun, Mexico Joomla World Conference 2014 - Cancun, Mexico
> Linux Command Line Magic
by Peter Martin www.db8.nl / @pe7er
1
Joomla World Conference 2014 - Cancun, Mexico Joomla World Conference 2014 - Cancun, Mexico
1.Introduction
2.Commands
3.Basics
4.Connecting
5.Scripts
Linux Command Line Magic
6.Backup
7.Finding Files
8.Recover hack
9.In a Box
1. Introduction
Joomla World Conference 2014 - Cancun, Mexico Joomla World Conference 2014 - Cancun, Mexico
Linux
● Cross-platform operating system● Open Source & Free● Very stable
– Multi user
– Multi tasking
● Popular– Majority of Internet servers
● Origin– Minix (Unix-like operating system)
Joomla World Conference 2014 - Cancun, Mexico Joomla World Conference 2014 - Cancun, Mexico
● Debian .deb– Debian
– Ubuntu
Distributions
● Red Hat .rpm– Fedora
– CentOS
● Other– Slackware
– Arch Linux
– Gentoo
Joomla World Conference 2014 - Cancun, Mexico Joomla World Conference 2014 - Cancun, Mexico
● Commercial– BSD/OS
– Solaris
– Mac OS
Unix
● Free– FreeBSD
– NetBSD
– OpenBSD
2. Commands
Joomla World Conference 2014 - Cancun, Mexico Joomla World Conference 2014 - Cancun, Mexico
man
On-line reference manuals
man man
Joomla World Conference 2014 - Cancun, Mexico Joomla World Conference 2014 - Cancun, Mexico
ls
List directory contents
ls -al
List devices
lsusb
lspci
lsmod
Joomla World Conference 2014 - Cancun, Mexico Joomla World Conference 2014 - Cancun, Mexico
mkdir
Make directory
mkdir jwc14
(rmdir = remove directory)
Joomla World Conference 2014 - Cancun, Mexico Joomla World Conference 2014 - Cancun, Mexico
cd
Change directory
cd jwc14
cd ..
cd ~
cd /var/www/
Joomla World Conference 2014 - Cancun, Mexico Joomla World Conference 2014 - Cancun, Mexico
touch
Create file
touch somefile.txt
Alternative:
echo “some text” > somefile.txt
Joomla World Conference 2014 - Cancun, Mexico Joomla World Conference 2014 - Cancun, Mexico
cat
Display (= concatenate files & print) file
cat configuration.php
Joomla World Conference 2014 - Cancun, Mexico Joomla World Conference 2014 - Cancun, Mexico
nano
Edit file
nano configuration.php
Joomla World Conference 2014 - Cancun, Mexico Joomla World Conference 2014 - Cancun, Mexico
cp
Copy file
cp somefile.txt newcopiedfile.txt
Joomla World Conference 2014 - Cancun, Mexico Joomla World Conference 2014 - Cancun, Mexico
mv
Move file
mv newcopiedfile.txt new-copied-file.txt
Joomla World Conference 2014 - Cancun, Mexico Joomla World Conference 2014 - Cancun, Mexico
rm
Remove file/directory (be careful !)
rm /var/www/joomla-cms/configuration.phprm -R /var/www/joomla-cms/installation
Joomla World Conference 2014 - Cancun, Mexico Joomla World Conference 2014 - Cancun, Mexico
chmod
Change permissions
sudo chmod +x somescript.sh
Joomla World Conference 2014 - Cancun, Mexico Joomla World Conference 2014 - Cancun, Mexico
chown
Change ownership
sudo chown someone:group example_file.txt
3. Basics
Joomla World Conference 2014 - Cancun, Mexico Joomla World Conference 2014 - Cancun, Mexico
Files
Linux = “Files are us”
everything = file
Joomla World Conference 2014 - Cancun, Mexico Joomla World Conference 2014 - Cancun, Mexico
Files
● Ownership– Username
– Name of “process” (e.g. Apache = www-data)
● Group– Users assigned to same group have same
permissions
● Permissions– read (4), write (2), and execute (1)
Joomla World Conference 2014 - Cancun, Mexico Joomla World Conference 2014 - Cancun, Mexico
File
-rw-r--r-- 1 peter pc 1174 Nov 7 15:50 example_file.txt
read (4)write (2)execute (1)
ownerrw-
r(4)+w(2)
groupr--
r(4)
publicr--
r(4)
= 644
Joomla World Conference 2014 - Cancun, Mexico Joomla World Conference 2014 - Cancun, Mexico
Users
Users– Regular users: username@computer:~$
– Root user: root@computer:~#
– “whoami”
Change user:– su some_username
– su root, or just su
Joomla World Conference 2014 - Cancun, Mexico Joomla World Conference 2014 - Cancun, Mexico
Run command
Command + parameters
● Run sh script: somescript.shpermissions executable OR ./somescript.sh
● Run under user as root– Sudo [command]
Joomla World Conference 2014 - Cancun, Mexico Joomla World Conference 2014 - Cancun, Mexico
Basics
~ “tilde” = default direcory (sort of “my documents”)
cd ~
> “greater-than sign” = write output to new file
ls -al > file-with-list-of-directory.txt
>> “double greater-than” = add output to existing file
ls -al ~ >> file-with-list-of-directory.txt
Joomla World Conference 2014 - Cancun, Mexico Joomla World Conference 2014 - Cancun, Mexico
Basics
| “pipe” = to chain commands
ls | less
[email protected]:/var/www/joomla-cms$ cat configuration.php | grep password
public $password = 'my-secret-db-password';
Joomla World Conference 2014 - Cancun, Mexico Joomla World Conference 2014 - Cancun, Mexico
Symbolic links
Create symbolic link: ln ln -s [TARGET DIR/FILE] [SHORTCUT]
[email protected]:~$ ln -s /var/www/joomla-cms joomla-test
[email protected]:~$ ls -aldrwxr-xr-x 2 peter pc 4096 Oct 26 20:34 .drwxr-xr-x 56 peter pc 4096 Oct 26 19:29 ..-rw-r--r-- 1 peter pc 0 Nov 7 15:50 example_file.txtlrwxrwxrwx 1 peter pc Nov 7 15:50 joomla-test -> /var/www/joomla-cms
4. Connecting
Joomla World Conference 2014 - Cancun, Mexico Joomla World Conference 2014 - Cancun, Mexico
Terminal
Text Terminal
“TTY” TeleTYpewriter
Joomla World Conference 2014 - Cancun, Mexico Joomla World Conference 2014 - Cancun, Mexico
Terminal
Windows– Client program for SSH: PuTTY
Mac OSX– Built in “Terminal”
Linux– Built in Terminal Emulator
Joomla World Conference 2014 - Cancun, Mexico Joomla World Conference 2014 - Cancun, Mexico
SSH
Secure Shell
uses public-key cryptography (Authenticate & Secure data communication)
peter@computer:~$ ssh [email protected]
Joomla World Conference 2014 - Cancun, Mexico Joomla World Conference 2014 - Cancun, Mexico
SSH
peter@computer:~$ ssh [email protected]
The authenticity of host 'example.com (93.184.216.119)' can't be established.RSA key fingerprint is 10:51:ab:f5:d7:[..]:17:16:1f:22:33.Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'example.com,93.184.216.119' (RSA) to the list of known [email protected]'s password:
Joomla World Conference 2014 - Cancun, Mexico Joomla World Conference 2014 - Cancun, Mexico
Keyless login
Generate public/private rsa authentication key pair:
$ ssh-keygen -t rsa
On computer:
private key: ~/.ssh/id_rsa
public key: ~/.ssh/id_rsa.pub
Install public key on the server:
ssh-copy-id [email protected]
5. Scripts
Joomla World Conference 2014 - Cancun, Mexico Joomla World Conference 2014 - Cancun, Mexico
Automation
● Automate repetitive tasks– Automate a bunch of commands
– Use variables & input / output
● Automatic automation based on time?
Crontab (aka cronjob)
Joomla World Conference 2014 - Cancun, Mexico Joomla World Conference 2014 - Cancun, Mexico
Shell vs bash
Shell
The Bourne shell (sh) command-line interpreter
Scripts start with: #!/bin/sh
Often symbolic link to bash
Bash
“Bourne-again shell”, free replacement for Bourne shell (sh) with more features and better syntax
Scripts start with: #!/bin/bash
Joomla World Conference 2014 - Cancun, Mexico Joomla World Conference 2014 - Cancun, Mexico
Dash?
On Ubuntu/Debian:
~$ ls -al /bin/sh
lrwxrwxrwx 1 root root 4 Mar 1 2012 /bin/sh -> dash
= Debian Almquist shell = default for /bin/sh
Bash is the default login shell for interactive use
Joomla World Conference 2014 - Cancun, Mexico Joomla World Conference 2014 - Cancun, Mexico
Example
Example.sh
#!/bin/bash
# declare STRING variableSTRING="Hello Joomla World Conference!"
#print variable on a screenecho $STRING
6. Backup
Joomla World Conference 2014 - Cancun, Mexico Joomla World Conference 2014 - Cancun, Mexico
Backup files
Remote synchronization– rsync from “source” to “destination”
$ rsync -arv [email protected]:~/joomla-cms/ /var/www/joomla-cms-backup/
username @ server : folder
username @ server : folder
Joomla World Conference 2014 - Cancun, Mexico Joomla World Conference 2014 - Cancun, Mexico
Backup database
MySQL Dump
$ mysqldump -u username -p dbname > some-sql-outputname.txt
7. Finding Files
Joomla World Conference 2014 - Cancun, Mexico Joomla World Conference 2014 - Cancun, Mexico
Search
find → find files
locate → find files quicker (stored in database)
whereis → locates source/binary and manuals
which → returns the pathnames of a file
Joomla World Conference 2014 - Cancun, Mexico Joomla World Conference 2014 - Cancun, Mexico
Lost files
Find specific file
find /var/www/ -name “configuration.php”
Joomla World Conference 2014 - Cancun, Mexico Joomla World Conference 2014 - Cancun, Mexico
Biggest files
Show 15 biggest files:
$ find . -type f -exec du -Sh {} + | sort -rh | head -n 15
Joomla World Conference 2014 - Cancun, Mexico Joomla World Conference 2014 - Cancun, Mexico
Recent new files
Created in last 7 days:
find . -type f -ctime -7
Joomla World Conference 2014 - Cancun, Mexico Joomla World Conference 2014 - Cancun, Mexico
Recent edited files
Changed in last 7 to 3 days:
find . -type f -mtime -7 ! -mtime -3
Joomla World Conference 2014 - Cancun, Mexico Joomla World Conference 2014 - Cancun, Mexico
Unused images
Scan for unused images: 1. create SQL dump & 2. compare files in /images/ with SQL dump
Script "jfindfiles" from Rene Kreijveldhttps://gist.github.com/renekreijveld/
8. Recover Hack
Joomla World Conference 2014 - Cancun, Mexico Joomla World Conference 2014 - Cancun, Mexico
Recover Hack
● Backup current situation (See 6. Backup)● Analysis
– Hacked files
– Log files server
● Remove vulnerability● Clean Files
Joomla World Conference 2014 - Cancun, Mexico Joomla World Conference 2014 - Cancun, Mexico
Find
● New files (last 10 days)
find images/ -name "*.php" -mtime -10
● New files during hacker activity
find . -type f -newermt 2014-03-09 ! -newermt 2014-03-11
→ file date & time can be modified....
Joomla World Conference 2014 - Cancun, Mexico Joomla World Conference 2014 - Cancun, Mexico
Find
● Search for hacker scripts
grep -r "eval" /var/www/joomla-cms | grep "base64_decode"
Joomla World Conference 2014 - Cancun, Mexico Joomla World Conference 2014 - Cancun, Mexico
NeoPi
Detection of hidden web shell codeNeeds Python 2.6
Install
$ git clone https://github.com/Neohapsis/NeoPI.git
Run
$ /var/www/NeoPI/neopi.py -Aa /var/www/joomla-cms
9. In a box
Joomla World Conference 2014 - Cancun, Mexico Joomla World Conference 2014 - Cancun, Mexico
VirtualBox
“Computer within Computer”
● Download https://www.virtualbox.org/
● Start Virtualbox
● Install Operating system– e.g. using .iso image
– Installing takes a lot of time
Joomla World Conference 2014 - Cancun, Mexico Joomla World Conference 2014 - Cancun, Mexico
Vagrant
Creating and configuring virtual development environments– “wrapper” around virtualization software
● Download http://www.vagrantup.com/ – Install on Debian Linux:
$ sudo dpkg –i vagrant_1.5.2_x86_64.deb
Joomla World Conference 2014 - Cancun, Mexico Joomla World Conference 2014 - Cancun, Mexico
Vagrant
Use Vagrant:
folder + configuration file “Vagrantfile”
Joomla World Conference 2014 - Cancun, Mexico Joomla World Conference 2014 - Cancun, Mexico
Vagrant Cloud
Ready-built virtual environments
● Find ready made environment https://vagrantcloud.com/
e.g. Debian 7 64 bit
https://vagrantcloud.com/chef/debian-7.4
● Install Vagrant Box
$ vagrant box add chef/debian-7.4
Joomla World Conference 2014 - Cancun, Mexico Joomla World Conference 2014 - Cancun, Mexico
Install Vagrant Box
● Folder for each projecte.g. ~/Vagrant/jwc14
● Initialize Vagrant Box
$ vagrant init chef/debian-7.4
● Configuration: “Vagrantfile”config.vm.box = "chef/debian-7.4"
config.vm.network "forwarded_port", guest: 80, host: 8080
Joomla World Conference 2014 - Cancun, Mexico Joomla World Conference 2014 - Cancun, Mexico
Vagrant Box
● Start Vagrant Box
$ vagrant up
● Log in on Vagrant Box
$ vagrant ssh
Joomla World Conference 2014 - Cancun, Mexico Joomla World Conference 2014 - Cancun, Mexico
Apache
Manual installation
$ sudo apt-get install apache2
Start/stop/restart
$ sudo service apache2 start $ sudo service apache2 stop $ sudo service apache2 restart
Installation mod rewrite
$ sudo a2enmod rewrite
Joomla World Conference 2014 - Cancun, Mexico Joomla World Conference 2014 - Cancun, Mexico
Apache
● Mod Rewrite not working?
$ sudo nano /etc/apache2/sites-enabled/000-default
AllowOverride None → AllowOverride All
● “Could not reliably determine the server's fully qualified domain name, using 127.0.1.1 for ServerName”
$ echo "ServerName localhost" | sudo tee /etc/apache2/conf.d/fqdn
Joomla World Conference 2014 - Cancun, Mexico Joomla World Conference 2014 - Cancun, Mexico
Apache ownership issues
Run Apache under user “vagrant” (not on live site!)
$ sudo nano /etc/apache2/envvars
export APACHE_RUN_USER=vagrantexport APACHE_RUN_GROUP=vagrant
Restart Apache error?
$ sudo rm -R /var/lock/apache2
Assign webroot & files to user “vagrant”:
$ sudo chown -R vagrant:vagrant /var/www/
Joomla World Conference 2014 - Cancun, Mexico Joomla World Conference 2014 - Cancun, Mexico
Server Script – PHP
Installation PHP + MySQL part
$ sudo apt-get install php5 php5-mysql
Test:
$ sudo nano /var/www/test.php
<?php phpinfo(); ?>
Joomla World Conference 2014 - Cancun, Mexico Joomla World Conference 2014 - Cancun, Mexico
Database GUI – phpMyAdmin
Installation
$ sudo apt-get install phpmyadmin
Browser
http://localhost:8080/phpmyadmin/
Joomla World Conference 2014 - Cancun, Mexico Joomla World Conference 2014 - Cancun, Mexico
Joomla
Installation
$ sudo wgethttps://github.com/joomla/joomla-cms/releases/download/3.3.6/Joomla_3.3.6-Stable-Full_Package.zip
Unzip
$ sudo unzip Joomla_3.3.6-Stable-Full_Package.zip
Browser
http://localhost:8080/joomla/
Joomla World Conference 2014 - Cancun, Mexico Joomla World Conference 2014 - Cancun, Mexico
Check out...
Linux Containers
https://linuxcontainers.org/
→ one “box” per application & connect boxes
Docker
https://www.docker.com/
Conclusion
Joomla World Conference 2014 - Cancun, Mexico Joomla World Conference 2014 - Cancun, Mexico
1.Introduction
2.Commands
3.Basics
4.Connecting
5.Scripts
Conclusion
6.Backup
7.Finding Files
8.Recover hack
9.In a Box
Joomla World Conference 2014 - Cancun, Mexico Joomla World Conference 2014 - Cancun, Mexico
Questions?
Peter Martin
e-mail: info at db8.nl
website: www.db8.nl
twitter: @pe7er
Presentation: http://www.db8.nl
Joomla World Conference 2014 - Cancun, Mexico Joomla World Conference 2014 - Cancun, Mexico
Used PhotosTitle sheet:
● Magic Wand - Open Clip Art Library, 2011
http://commons.wikimedia.org/wiki/File:Magic_Wand.svg● GNU Linux - "Wipes Windows in seconds!"
http://www.schnews.org.uk/images/560-linux-large.jpg● Raspberry Pi – Switched On Tech Design
http://www.sotechdesign.com.au/raspberry-pi-has-arrived/● Wikimedia Servers-0051 16, Helpameout, 2012
http://commons.wikimedia.org/wiki/File:Wikimedia_Servers-0051_16.jpg
1. Computer● 1. General● IBM Electronic Data Processing Machine - GPN-2000-001881, NASA, 1957● http://upload.wikimedia.org/wikipedia/commons/2/20/IBM_Electronic_Data_Processing_Machine_-_GP
N-2000-001881.jpg
2. Basics● Lego Color Bricks, Alan Chia, 2007
http://commons.wikimedia.org/wiki/File:Lego_Color_Bricks.jpg
Joomla World Conference 2014 - Cancun, Mexico Joomla World Conference 2014 - Cancun, Mexico
Used Photos3. Commands
● US Navy 110913-N-DR144-348 Rig Captain Boatswain's Mate 2nd Class Christopher Cook gives orders as deck department Sailors launch a rigid hull infl - James R. Evans, 2011
http://commons.wikimedia.org/wiki/File:US_Navy_110913-N-DR144-348_Rig_Captain_Boatswain%27s_Mate_2nd_Class_Christopher_Cook_gives_orders_as_deck_department_Sailors_launch_a_rigid_hull_infl.jpg
● CPM-Manual - Hubert Berberich, 2011
http://commons.wikimedia.org/wiki/File:CPM-Manual.jpg● Red Book Dec 1915 Contents Page - Red Book Corporation, 1915
http://commons.wikimedia.org/wiki/File:Red_Book_Dec_1915_Contents_Page_-_Unbaited_Trap.jpg● Archive boxes 2 - Effeietsanders, 2009
http://commons.wikimedia.org/wiki/File:Archive_boxes_2.JPG● Touch to exit - Tom Rolfe, 2007
http://commons.wikimedia.org/wiki/File:Touch_to_exit.jpg● Neon sign, "CHANGE" - Felix Burton, 2005
http://commons.wikimedia.org/wiki/File:Neon_sign,_%22CHANGE%22.jpg● Cat November 2010-1a - Alvesgaspar, 2010
http://commons.wikimedia.org/wiki/File:Cat_November_2010-1a.jpg● CSIRO ScienceImage 1342 Nanotechnology - division, CSIRO, 2003
http://commons.wikimedia.org/wiki/File:CSIRO_ScienceImage_1342_Nanotechnology.jpg● Xerox Phaser 4600 - JackPotte, 2012
http://commons.wikimedia.org/wiki/File:Xerox_Phaser_4600.png
Joomla World Conference 2014 - Cancun, Mexico Joomla World Conference 2014 - Cancun, Mexico
Used Photos● Long Distance Movers - RoadWay Van Lines, 2014
http://commons.wikimedia.org/wiki/File:Long_Distance_Movers.jpg● Vuilnisbak-Lebbeke - Volkov Vitaly, 2005
http://commons.wikimedia.org/wiki/File:Vuilnisbak-Lebbeke.JPG● TRTC Taipei Main Station No-bicycle-access notice - Solomon203, 2013
http://commons.wikimedia.org/wiki/File:TRTC_Taipei_Main_Station_No-bicycle-access_notice_20130324.jpg● Prva samopostrežna trgovina v Mariboru na Partizanski cesti 1960 - Jože Gal, 1960
http://commons.wikimedia.org/wiki/File:Prva_samopostre%C5%BEna_trgovina_v_Mariboru_na_Partizanski_cesti_1960_(1).jpg
4. Connecting● Switchboard Manual - Peel Conner, Geez-oz, 2012
http://commons.wikimedia.org/wiki/File:Switchboard_Manual_-_Peel_Conner.JPG● Bundesarchiv Bild 183-2008-0516-500, Fernschreibmaschine mit Telefonanschluss - Illger, Willi, 1930
http://commons.wikimedia.org/wiki/File:Bundesarchiv_Bild_183-2008-0516-500,_Fernschreibmaschine_mit_Telefonanschluss.jpg
5. Scripts● Binary Code, Cncplayer, 2013
http://commons.wikimedia.org/wiki/File:Binary_Code.jpg
Joomla World Conference 2014 - Cancun, Mexico Joomla World Conference 2014 - Cancun, Mexico
Used Photos6. Finding Files
● Postcards and magnifying glass, Anna, 2007
http://commons.wikimedia.org/wiki/File:Postcards_and_magnifying_glass.jpg● Bundesarchiv Bild 183-M0125-421, Fundbüro in Berlin - Klaus Franke, 1973
http://commons.wikimedia.org/wiki/File:Bundesarchiv_Bild_183-M0125-421,_Fundb%C3%BCro_in_Berlin.jpg
● DARPA Big Data - DARPA, 2013
http://commons.wikimedia.org/wiki/File:DARPA_Big_Data.jpg● Magnifying glass - Faberge - shakko, 2011
http://commons.wikimedia.org/wiki/File:Magnifying_glass_-_Faberge.jpg● Magnifying glass on antique table - Stéphane Magnenat, 2008
http://commons.wikimedia.org/wiki/File:Magnifying_glass_on_antique_table.jpg● Unused Phonebooks - David Shankbone, 2013
http://commons.wikimedia.org/wiki/File:Unused_Phonebooks.JPG
7. Backup● IBM 7330 on white background, Crisco 1492, 2013
http://commons.wikimedia.org/wiki/File:IBM_7330_on_white_background.jpg
Joomla World Conference 2014 - Cancun, Mexico Joomla World Conference 2014 - Cancun, Mexico
Used Photos8. In a box
● Carton empty box - humusak2
http://www.freeimages.com/photo/1440365 ● Virtualbox logo, Oracle Corporation, 2010
http://en.wikipedia.org/wiki/File:Virtualbox_logo.png● Vagrant - Fco.plj, 2013● http://en.wikipedia.org/wiki/File:Vagrant.png
9. Recover hack● Youve-been-hacked, Hanonen, 2014
http://commons.wikimedia.org/wiki/File:Youve-been-hacked.jpg
Conclusion● EquinoxeJuniorHighPac-Man - Equinoxe, 2012
http://www.c64-wiki.com/index.php/File:EquinoxeJuniorHighPac-Man.png