Professional Documents
Culture Documents
by Peter Martin
www.db8.nl / @pe7er
1
Linux Command
Line Magic
1.Introduction
6.Backup
2.Commands
7.Finding Files
3.Basics
8.Recover hack
4.Connecting
9.In a Box
5.Scripts
1. Introduction
Linux
Very stable
Multi user
Multi tasking
Popular
Origin
Distributions
Debian .deb
Debian
Fedora
Ubuntu
CentOS
Other
Slackware
Arch Linux
Gentoo
Unix
Commercial
Free
BSD/OS
FreeBSD
Solaris
NetBSD
Mac OS
OpenBSD
2. Commands
man
On-line reference manuals
man man
ls
List directory contents
ls -al
List devices
lsusb
lspci
lsmod
mkdir
Make directory
mkdir jab15
(rmdir = remove directory)
cd
Change directory
cd jab15
cd ..
cd ~
cd /var/www/
cat
nano
Edit file
nano configuration.php
cp
Copy file
cp somefile.txt newcopiedfile.txt
mv
Move file
mv newcopiedfile.txt new-copied-file.txt
rm
Remove file/directory (be careful !)
rm /var/www/joomla-cms/configuration.php
rm -R /var/www/joomla-cms/installation
chmod
Change permissions
sudo chmod +x somescript.sh
chown
Change ownership
sudo chown someone:group example_file.txt
3. Basics
Files
Linux
= everything = file
Files are us
Files / folders
Access Rights:
Permissions
Ownership on 3 levels:
Owner
Group
Public
read (4)
write (2)
execute (1)
File
owner
rwr(4)+w(2)
group
r-r(4)
= 644
public
r-r(4)
Users
Users
whoami
Change user:
su some_username
su root, or just su
Run command
Command + parameters
Sudo [command]
Basics
~ tilde
= default direcory (sort of my documents)
cd ~
Basics
| pipe
= to chain commands
ls | less
peter@example.com:/var/www/joomla-cms$
cat configuration.php | grep password
public $password = 'my-secret-db-password';
Symbolic links
Create symbolic link: ln
ln -s [TARGET DIR/FILE] [SHORTCUT]
peter@example.com:~$
ln -s /var/www/joomla-cms joomla-test
peter@example.com:~$ ls -al
drwxr-xr-x 2 peter pc 4096 Oct 26 20:34 .
drwxr-xr-x 56 peter pc 4096 Oct 26 19:29 ..
-rw-r--r-- 1 peter pc 0 Nov 7 15:50 example_file.txt
lrwxrwxrwx 1 peter pc Nov 7 15:50 joomla-test ->
/var/www/joomla-cms
4. Connecting
Terminal
Text Terminal
TTY TeleTYpewriter
Terminal
Windows
Mac OSX
Built in Terminal
Linux
SSH
Secure Shell
uses public-key cryptography
(Authenticate & Secure data communication)
SSH
peter@computer:~$ ssh pi@example.com
The authenticity of host 'example.com (93.184.216.119)' can't
be established.
RSA key fingerprint is 10:51:ab:f5:d7:[..]:17:16:1f:22:33.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'example.com,93.184.216.119'
(RSA) to the list of known hosts.
peter@example.com's password:
pi@example.com ~ $
Keyless login
Generate public/private rsa
authentication key pair:
$ ssh-keygen -t rsa
On computer:
private key: ~/.ssh/id_rsa
public key: ~/.ssh/id_rsa.pub
5. Scripts
Automation
Shell vs bash
Shell
Bash
Bourne-again shell,
free replacement for
Bourne shell (sh) with
more features and
better syntax
Dash?
On Ubuntu/Debian:
~$ ls -al /bin/sh
lrwxrwxrwx 1 root root 4 Mar 1 2012
/bin/sh -> dash
= Debian Almquist shell = default for /bin/sh
Bash is the default login shell
for interactive use
Example
Example.sh
#!/bin/bash
# declare STRING variable
STRING="Hello Joomla!"
#print variable on a screen
echo $STRING
6. Backup
Backup files
Remote synchronization
username
@ server
: folder
username
@ server
: folder
Backup database
MySQL Dump
$ mysqldump -u username -p dbname > somesql-outputname.txt
7. Finding Files
Search
find find files
locate find files quicker (stored in database)
whereis locates source/binary and manuals
which returns the pathnames of a file
Lost files
Find specific file
find /var/www/ -name configuration.php
Biggest files
Show 15 biggest files:
$ find . -type f -exec du -Sh {} + | sort -rh | head -n 15
Unused images
Scan for unused images:
1. create SQL dump &
2. compare files in /images/ with SQL dump
8. Recover Hack
Recover Hack
Analysis
Hacked files
Remove vulnerability
Clean Files
Find
Find
can be concealed...
NeoPi
Detection of hidden web shell code
Needs Python 2.6
Install
$ git clone https://github.com/Neohapsis/NeoPI.git
Run
$ /var/www/NeoPI/neopi.py -Aa /var/www/joomlacms
9. In a box
VirtualBox
Computer within Computer
Download https://www.virtualbox.org/
Start Virtualbox
Vagrant
Creating and configuring virtual development
environments
Download http://www.vagrantup.com/
Vagrant
Use Vagrant:
folder + configuration file Vagrantfile
Vagrant Cloud
Ready-built virtual environments
Configuration: Vagrantfile
config.vm.box = "chef/debian-7.8"
config.vm.network "forwarded_port", guest: 80, host: 8080
Vagrant Box
Apache
Manual installation
$ sudo apt-get install apache2
Start/stop/restart
$ sudo service apache2 start
$ sudo service apache2 stop
$ sudo service apache2 restart
Apache
Apache ownership
issues
Run Apache under user vagrant (not on live site!)
$ sudo nano /etc/apache2/envvars
export APACHE_RUN_USER=vagrant
export APACHE_RUN_GROUP=vagrant
Restart Apache error?
$ sudo rm -R /var/lock/apache2
Test:
$ sudo nano /var/www/test.php
<?php phpinfo(); ?>
Database GUI
phpMyAdmin
Installation
$ sudo apt-get install phpmyadmin
Browser
http://localhost:8080/phpmyadmin/
Joomla
Installation
$ sudo wget
https://github.com/joomla/joomlacms/releases/download/3.4.1/Joomla_3.4.1-StableFull_Package.zip
Unzip
$ sudo unzip Joomla_3.4.1-StableFull_Package.zip
Browser
http://localhost:8080/joomla/
Check out...
Linux Containers
https://linuxcontainers.org/
Conclusion
Conclusion
1.Introduction
6.Backup
2.Commands
7.Finding Files
3.Basics
8.Recover hack
4.Connecting
9.In a Box
5.Scripts
Questions?
Peter Martin
e-mail: info at db8.nl
website: www.db8.nl
twitter: @pe7er
Presentation: http://www.db8.nl
Used Photos
Title sheet:
1. General
http://upload.wikimedia.org/wikipedia/commons/2/20/IBM_Electronic_Data_Processing_Machine__GPN-2000-001881.jpg
2. Basics
Used Photos
3. Commands
US Navy 110913-N-DR144-348 Rig Captain Boatswain's Mate 2nd Class Christopher Cook gives orders as deck
department Sailors launch a rigid hull infl - James R. Evans, 2011
http://commons.wikimedia.org/wiki/File:US_Navy_110913-N-DR144-348_Rig_Captain_Boatswain
%27s_Mate_2nd_Class_Christopher_Cook_gives_orders_as_deck_department_Sailors_launch_a_rigid_hull_infl.jpg
Red Book Dec 1915 Contents Page - Red Book Corporation, 1915
http://commons.wikimedia.org/wiki/File:Red_Book_Dec_1915_Contents_Page_-_Unbaited_Trap.jpg
Used Photos
Prva samopostrena trgovina v Mariboru na Partizanski cesti 1960 - Joe Gal, 1960
http://commons.wikimedia.org/wiki/File:Prva_samopostre
%C5%BEna_trgovina_v_Mariboru_na_Partizanski_cesti_1960_(1).jpg
4. Connecting
Used Photos
6. Finding Files
Used Photos
8. In a box
http://en.wikipedia.org/wiki/File:Vagrant.png
9. Recover hack