Find and Delete log files on a linux system. Think before you act.
|
1 |
find / -name '*bash_history*' -name '*.bash_logout' -name '*log*' -name '*ksh_history*' -name '*bash_logout*' -name '*utmp*' -name '*wtmp*' -name '*adm*' |
Tag: security
Symlink scan on Linux web server
Scan symlinks on web server directory structure recursively to find if any symlinks exist. I used it to discover if a shared web hosting server was compromised/ rooted using the symlink attack. Read about the attack in the link below. Note: Don’t forget to change the path.
|
1 |
find /home*/*/public_html -type l -exec ls -l {} \; | grep "\-> /$" |
Anatomy of the attack
PHP Malware Scan on Linux Server
Note: that there will be a lot false positives when scanning WordPress file structures.
|
1 2 3 |
grep '((eval.*(base64_decode|gzinflate))|\$[0O]{4,}|(\\x[0-9a-fA-F]{2}){8,}|cgitelnet|webadmin|PHPShell|tryag|r57shell|c99shell|noexecshell|revengans|myshellexec|FilesMan|JGF1dGhfc|document\.write\("\\u00|sh(3(ll|11)))' . -roE --include=*.php* grep '((eval.*(base64_decode|gzinflate))|cgitelnet|webadmin|ircd|PHPShell|tryag|r57shell|c99shell|noexecshell|revengans|myshellexec|FilesMan|JGF1dGhfc)' . -roE --include=*.php* |
Find world writable files on a Linux system
Discover world writable files (aka with permission 777) will help you sometimes find out which files you missed to secure from your user’s eyes.
|
1 |
find / -perm -2 ! -type l -ls |
If you don’t understand Linux file permission bits you should read this
![[MediaWiki] Simple Private Wiki Permissions 5](https://totallynoob.com/wp-content/uploads/2014/06/Wikipedia-logo.png?x53357){kind=logo}
[MediaWiki] Simple Private Wiki Permissions
Another wiki tip I needed often back in time was, “how to create a simple private wiki for me and/or my work colleagues?”. Well, wikis are used by so many geeks to reduce productivity or as a stress relief tool for backing up their notes or their precious geek-work. When I needed a wiki for […]
JQuery Tutorials – Use JQuery to protect/rewrite emails from spam bots
This jquery snippet protects your published email addresses from being obtained from spam bots. Keep in mind that your (html)code must be in form Peter_[at]_example.com and the emails must be inside an ellement with mail class in order to let javascript replace the correct characters. Of course you can modify it as you wish ;) […]
