>LinuxCommandLineMagic

by Peter Martin
www.db8.nl / @pe7er
1

Linux Command
Line Magic
1.Introduction

6.Backup

2.Commands

7.Finding Files

3.Basics

8.Recover hack

4.Connecting

9.In a Box

5.Scripts

1. Introduction

Linux

Cross-platform operating system

Open Source & Free

Very stable

Multi user

Multi tasking

Popular

Majority of Internet servers

Origin

Minix (Unix-like operating system)

Distributions

Debian .deb

Red Hat .rpm

Debian

Fedora

Ubuntu

CentOS

Other

Slackware

Arch Linux

Gentoo

Unix

Commercial

Free

BSD/OS

FreeBSD

Solaris

NetBSD

Mac OS

OpenBSD

2. Commands

man
On-line reference manuals
man man

ls
List directory contents
ls -al

List devices
lsusb
lspci
lsmod

mkdir
Make directory
mkdir jab15
(rmdir = remove directory)

cd

Change directory
cd jab15
cd ..
cd ~
cd /var/www/

cat

Display (= concatenate files & print) file

cat configuration.php

nano
Edit file
nano configuration.php

cp

Copy file
cp somefile.txt newcopiedfile.txt

mv
Move file
mv newcopiedfile.txt new-copied-file.txt

rm
Remove file/directory (be careful !)
rm /var/www/joomla-cms/configuration.php
rm -R /var/www/joomla-cms/installation

chmod
Change permissions
sudo chmod +x somescript.sh

chown
Change ownership
sudo chown someone:group example_file.txt

3. Basics

Files

Linux
= everything = file
Files are us

Files / folders
Access Rights:

Permissions

read (4), write (2), and execute (1)

Ownership on 3 levels:

Owner

Group

Username / name of process

(e.g. Apache = www-data)
Users assigned to same group have same permissions

Public

read (4)
write (2)
execute (1)

File

-rw-r--r-- 1 peter pc 1174 Nov 7 15:50 example_file.txt

owner
rwr(4)+w(2)

group
r-r(4)
= 644

public
r-r(4)

Users
Users

Regular users: username@computer:~$

Root user: root@computer:~#

whoami

Change user:

su some_username

su root, or just su

Run command
Command + parameters

Run sh script: somescript.sh

permissions executable OR ./somescript.sh
Run under user as root

Sudo [command]

Basics
~ tilde
= default direcory (sort of my documents)
cd ~

> greater-than sign

= write output to new file
ls -al > file-with-list-of-directory.txt

>> double greater-than

= add output to existing file
ls -al ~ >> file-with-list-of-directory.txt

Basics
| pipe
= to chain commands
ls | less
peter@example.com:/var/www/joomla-cms$
cat configuration.php | grep password
public $password = 'my-secret-db-password';

Symbolic links
Create symbolic link: ln
ln -s [TARGET DIR/FILE] [SHORTCUT]
peter@example.com:~$
ln -s /var/www/joomla-cms joomla-test
peter@example.com:~$ ls -al
drwxr-xr-x 2 peter pc 4096 Oct 26 20:34 .
drwxr-xr-x 56 peter pc 4096 Oct 26 19:29 ..
-rw-r--r-- 1 peter pc 0 Nov 7 15:50 example_file.txt
lrwxrwxrwx 1 peter pc Nov 7 15:50 joomla-test ->
/var/www/joomla-cms

4. Connecting

Terminal

Text Terminal
TTY TeleTYpewriter

Terminal
Windows

Client program for SSH: PuTTY

Mac OSX

Built in Terminal

Linux

Built in Terminal Emulator

SSH
Secure Shell
uses public-key cryptography
(Authenticate & Secure data communication)

peter@computer:~$ ssh pi@192.168.0.10

SSH
peter@computer:~$ ssh pi@example.com
The authenticity of host 'example.com (93.184.216.119)' can't
be established.
RSA key fingerprint is 10:51:ab:f5:d7:[..]:17:16:1f:22:33.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'example.com,93.184.216.119'
(RSA) to the list of known hosts.
peter@example.com's password:
pi@example.com ~ $

Keyless login
Generate public/private rsa
authentication key pair:
$ ssh-keygen -t rsa

On computer:
private key: ~/.ssh/id_rsa
public key: ~/.ssh/id_rsa.pub

Install public key on the server:

ssh-copy-id username@remote-server.org

5. Scripts

Automation

Automate repetitive tasks

Automate a bunch of commands

Use variables & input / output

Automatic automation based on time?

Crontab (aka cronjob)

Shell vs bash
Shell

Bash

The Bourne shell (sh)

command-line
interpreter

Bourne-again shell,
free replacement for
Bourne shell (sh) with
more features and
better syntax

Scripts start with:

#!/bin/sh
Often symbolic link to
bash

Scripts start with:

#!/bin/bash

Dash?
On Ubuntu/Debian:
~$ ls -al /bin/sh
lrwxrwxrwx 1 root root 4 Mar 1 2012
/bin/sh -> dash
= Debian Almquist shell = default for /bin/sh
Bash is the default login shell
for interactive use

Example
Example.sh
#!/bin/bash
# declare STRING variable
STRING="Hello Joomla!"
#print variable on a screen
echo $STRING

6. Backup

Backup files
Remote synchronization

rsync from source to destination

username
@ server
: folder

username
@ server
: folder

$ rsync -arv peter@example.com:~/joomla-cms/

/var/www/joomla-cms-backup/

Backup database
MySQL Dump
$ mysqldump -u username -p dbname > somesql-outputname.txt

7. Finding Files

Search
find find files
locate find files quicker (stored in database)
whereis locates source/binary and manuals
which returns the pathnames of a file

Lost files
Find specific file
find /var/www/ -name configuration.php

Biggest files
Show 15 biggest files:
$ find . -type f -exec du -Sh {} + | sort -rh | head -n 15

Recent new files

Created in last 7 days:
find . -type f -ctime -7

Recent edited files

Changed in last 7 to 3 days:
find . -type f -mtime -7 ! -mtime -3

Unused images
Scan for unused images:
1. create SQL dump &
2. compare files in /images/ with SQL dump

Script "jfindfiles" from Rene Kreijveld

https://gist.github.com/renekreijveld/

8. Recover Hack

Recover Hack

Backup current situation (See 6. Backup)

Analysis

Hacked files

Log files server

Remove vulnerability

Clean Files

Find

New files (last 10 days)

find images/ -name "*.php" -mtime -10

New files during hacker activity

find . -type f -newermt 2014-03-09 ! -newermt 201403-11

file date & time can be modified....

Find

Search for hacker scripts

grep -r "eval" /var/www/joomla-cms | grep
"base64_decode"

can be concealed...

NeoPi
Detection of hidden web shell code
Needs Python 2.6
Install
$ git clone https://github.com/Neohapsis/NeoPI.git
Run
$ /var/www/NeoPI/neopi.py -Aa /var/www/joomlacms

9. In a box

VirtualBox
Computer within Computer

Download https://www.virtualbox.org/

Start Virtualbox

Install Operating system

e.g. using .iso image

Installing takes a lot of time

Vagrant
Creating and configuring virtual development
environments

wrapper around virtualization software

Download http://www.vagrantup.com/

Install on Debian Linux:

$ sudo dpkg i vagrant_1.5.2_x86_64.deb

Vagrant
Use Vagrant:
folder + configuration file Vagrantfile

Vagrant Cloud
Ready-built virtual environments

Find ready made environment

https://vagrantcloud.com/
e.g. Debian 7 64 bit
https://vagrantcloud.com/chef/boxes/debian-7.8

Install Vagrant Box

$ vagrant box add chef/debian-7.8

Install Vagrant Box

Folder for each project

e.g. ~/Vagrant/jab15
Initialize Vagrant Box
$ vagrant init chef/debian-7.8

Configuration: Vagrantfile
config.vm.box = "chef/debian-7.8"
config.vm.network "forwarded_port", guest: 80, host: 8080

Vagrant Box

Start Vagrant Box

$ vagrant up

Log in on Vagrant Box

$ vagrant ssh

Apache
Manual installation
$ sudo apt-get install apache2

Start/stop/restart
$ sudo service apache2 start
$ sudo service apache2 stop
$ sudo service apache2 restart

Installation mod rewrite

$ sudo a2enmod rewrite

Apache

Mod Rewrite not working?

$ sudo nano /etc/apache2/sites-enabled/000-default
AllowOverride None
AllowOverride All

Could not reliably determine the server's fully

qualified domain name, using 127.0.1.1 for
ServerName
$ echo "ServerName localhost" | sudo tee
/etc/apache2/conf.d/fqdn

Apache ownership
issues
Run Apache under user vagrant (not on live site!)
$ sudo nano /etc/apache2/envvars

export APACHE_RUN_USER=vagrant
export APACHE_RUN_GROUP=vagrant
Restart Apache error?
$ sudo rm -R /var/lock/apache2

Assign webroot & files to user vagrant:

$ sudo chown -R vagrant:vagrant /var/www/

Server Script PHP

Installation PHP + MySQL part
$ sudo apt-get install php5 php5-mysql mysql

Test:
$ sudo nano /var/www/test.php
<?php phpinfo(); ?>

Database GUI
phpMyAdmin
Installation
$ sudo apt-get install phpmyadmin

Browser
http://localhost:8080/phpmyadmin/

Joomla
Installation
$ sudo wget
https://github.com/joomla/joomlacms/releases/download/3.4.1/Joomla_3.4.1-StableFull_Package.zip

Unzip
$ sudo unzip Joomla_3.4.1-StableFull_Package.zip
Browser
http://localhost:8080/joomla/

Check out...
Linux Containers
https://linuxcontainers.org/

one box per application & connect boxes

Docker
https://www.docker.com/

Conclusion

Conclusion
1.Introduction

6.Backup

2.Commands

7.Finding Files

3.Basics

8.Recover hack

4.Connecting

9.In a Box

5.Scripts

Questions?
Peter Martin
e-mail: info at db8.nl
website: www.db8.nl
twitter: @pe7er
Presentation: http://www.db8.nl

Used Photos
Title sheet:

Magic Wand - Open Clip Art Library, 2011

http://commons.wikimedia.org/wiki/File:Magic_Wand.svg

GNU Linux - "Wipes Windows in seconds!"

http://www.schnews.org.uk/images/560-linux-large.jpg

Raspberry Pi Switched On Tech Design

http://www.sotechdesign.com.au/raspberry-pi-has-arrived/

Wikimedia Servers-0051 16, Helpameout, 2012

http://commons.wikimedia.org/wiki/File:Wikimedia_Servers-0051_16.jpg
1. Computer

1. General

IBM Electronic Data Processing Machine - GPN-2000-001881, NASA, 1957

http://upload.wikimedia.org/wikipedia/commons/2/20/IBM_Electronic_Data_Processing_Machine__GPN-2000-001881.jpg
2. Basics

Lego Color Bricks, Alan Chia, 2007

http://commons.wikimedia.org/wiki/File:Lego_Color_Bricks.jpg

Used Photos
3. Commands

US Navy 110913-N-DR144-348 Rig Captain Boatswain's Mate 2nd Class Christopher Cook gives orders as deck
department Sailors launch a rigid hull infl - James R. Evans, 2011
http://commons.wikimedia.org/wiki/File:US_Navy_110913-N-DR144-348_Rig_Captain_Boatswain
%27s_Mate_2nd_Class_Christopher_Cook_gives_orders_as_deck_department_Sailors_launch_a_rigid_hull_infl.jpg

CPM-Manual - Hubert Berberich, 2011

http://commons.wikimedia.org/wiki/File:CPM-Manual.jpg

Red Book Dec 1915 Contents Page - Red Book Corporation, 1915
http://commons.wikimedia.org/wiki/File:Red_Book_Dec_1915_Contents_Page_-_Unbaited_Trap.jpg

Archive boxes 2 - Effeietsanders, 2009

http://commons.wikimedia.org/wiki/File:Archive_boxes_2.JPG

Touch to exit - Tom Rolfe, 2007

http://commons.wikimedia.org/wiki/File:Touch_to_exit.jpg

Neon sign, "CHANGE" - Felix Burton, 2005

http://commons.wikimedia.org/wiki/File:Neon_sign,_%22CHANGE%22.jpg

Cat November 2010-1a - Alvesgaspar, 2010

http://commons.wikimedia.org/wiki/File:Cat_November_2010-1a.jpg

CSIRO ScienceImage 1342 Nanotechnology - division, CSIRO, 2003

http://commons.wikimedia.org/wiki/File:CSIRO_ScienceImage_1342_Nanotechnology.jpg

Xerox Phaser 4600 - JackPotte, 2012

http://commons.wikimedia.org/wiki/File:Xerox_Phaser_4600.png

Used Photos

Long Distance Movers - RoadWay Van Lines, 2014

http://commons.wikimedia.org/wiki/File:Long_Distance_Movers.jpg

Vuilnisbak-Lebbeke - Volkov Vitaly, 2005

http://commons.wikimedia.org/wiki/File:Vuilnisbak-Lebbeke.JPG

TRTC Taipei Main Station No-bicycle-access notice - Solomon203, 2013

http://commons.wikimedia.org/wiki/File:TRTC_Taipei_Main_Station_No-bicycle-access_notice_20130324.jpg

Prva samopostrena trgovina v Mariboru na Partizanski cesti 1960 - Joe Gal, 1960
http://commons.wikimedia.org/wiki/File:Prva_samopostre
%C5%BEna_trgovina_v_Mariboru_na_Partizanski_cesti_1960_(1).jpg
4. Connecting

Switchboard Manual - Peel Conner, Geez-oz, 2012

http://commons.wikimedia.org/wiki/File:Switchboard_Manual_-_Peel_Conner.JPG

Bundesarchiv Bild 183-2008-0516-500, Fernschreibmaschine mit Telefonanschluss - Illger, Willi, 1930

http://commons.wikimedia.org/wiki/File:Bundesarchiv_Bild_183-2008-0516500,_Fernschreibmaschine_mit_Telefonanschluss.jpg
5. Scripts

Binary Code, Cncplayer, 2013

http://commons.wikimedia.org/wiki/File:Binary_Code.jpg

Used Photos
6. Finding Files

Postcards and magnifying glass, Anna, 2007

http://commons.wikimedia.org/wiki/File:Postcards_and_magnifying_glass.jpg

Bundesarchiv Bild 183-M0125-421, Fundbro in Berlin - Klaus Franke, 1973

http://commons.wikimedia.org/wiki/File:Bundesarchiv_Bild_183-M0125-421,_Fundb
%C3%BCro_in_Berlin.jpg

DARPA Big Data - DARPA, 2013

http://commons.wikimedia.org/wiki/File:DARPA_Big_Data.jpg

Magnifying glass - Faberge - shakko, 2011

http://commons.wikimedia.org/wiki/File:Magnifying_glass_-_Faberge.jpg

Magnifying glass on antique table - Stphane Magnenat, 2008

http://commons.wikimedia.org/wiki/File:Magnifying_glass_on_antique_table.jpg

Unused Phonebooks - David Shankbone, 2013

http://commons.wikimedia.org/wiki/File:Unused_Phonebooks.JPG
7. Backup

IBM 7330 on white background, Crisco 1492, 2013

http://commons.wikimedia.org/wiki/File:IBM_7330_on_white_background.jpg

Used Photos
8. In a box

Carton empty box - humusak2

http://www.freeimages.com/photo/1440365

Virtualbox logo, Oracle Corporation, 2010

http://en.wikipedia.org/wiki/File:Virtualbox_logo.png

Vagrant - Fco.plj, 2013

http://en.wikipedia.org/wiki/File:Vagrant.png
9. Recover hack

Youve-been-hacked, Hanonen, 2014

http://commons.wikimedia.org/wiki/File:Youve-been-hacked.jpg
Conclusion

EquinoxeJuniorHighPac-Man - Equinoxe, 2012

http://www.c64-wiki.com/index.php/File:EquinoxeJuniorHighPac-Man.png