Login or Register to Ask a Question and Join Our Community


Shell Programming and Scripting

Backup of index.* files

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Top Forums Shell Programming and Scripting Backup of index.* files
# 1  
Old 06-20-2013
Backup of index.* files
Sir,

My server is hacked. Server administrator is saying that hacker used 0day CentOS kernal exploit to hack it. Now administrator updated the kernal and rebooted the server. But he is unable to cath the hacker, or how he initiated the process.

So therefore i need your help in following matters,
1) Hacker upload index.html or index.php files to deface websites. To restore these pages we should keep backup of these index pages. So i want to use some bash script to make only index files backup on server somewhere on weekly basis (like backup).

2) How to catch hacker? how he got access? which account he used to exploit?

I will be very thankful to you.

regards,
FHS
# 2  
Old 06-20-2013
1. simple. modify funky sample below to your actual environment. run in cron.
Code:
#! /bin/ksh

log=/var/backup/log
webhome=/home/web
backupdir=/var/backup

echo "Web index.html backups started $(date)" > $log
for file in $(find $webhome -name "index.html")
do
    ifile=$(basename $file)
    domaindir=$(dirname $file)
    domain=$(basename $domaindir)
    cp -p $file $backupdir/$domain.$ifile
    ls -l $backupdir/$domain.$ifile 
done >> $log
echo "Web index.html backups ended $(date)" >> $log

exit 0

2. if hacker was an expert, you will only catch him with a whole lot of work and a much,much,much more lot of luck. you would be better off hardening your system and keeping up to date on all patches and upgrades as that would be much easier unless your company just happens to have its own intrusion detection team or you yourself have expert hacker skills.

account used to run exploit does not matter -- all that matters is that the hacker got root access to your server and did some damage. as for how he got access, google the exploit your admin told you and you should get your answer.
# 3  
Old 06-20-2013
Quote:
Originally Posted by Just Ice
1. simple. modify funky sample below to your actual environment. run in cron.
Code:
#! /bin/ksh

log=/var/backup/log
webhome=/home/web
backupdir=/var/backup

echo "Web index.html backups started $(date)" > $log
for file in $(find $webhome -name "index.html")
do
    ifile=$(basename $file)
    domaindir=$(dirname $file)
    domain=$(basename $domaindir)
    cp -p $file $backupdir/$domain.$ifile
    ls -l $backupdir/$domain.$ifile 
done >> $log
echo "Web index.html backups ended $(date)" >> $log

exit 0

2. if hacker was an expert, you will only catch him with a whole lot of work and a much,much,much more lot of luck. you would be better off hardening your system and keeping up to date on all patches and upgrades as that would be much easier unless your company just happens to have its own intrusion detection team or you yourself have expert hacker skills.

account used to run exploit does not matter -- all that matters is that the hacker got root access to your server and did some damage. as for how he got access, google the exploit your admin told you and you should get your answer.
I have one question.
Let me give some example according to your script.
There is one file "index.html" in the directory "/home/web/aaa/bbb"
What the script does is :
1. assign "index.html" to the variable "ifile". So $ifile=="index.html"
2. assign "/home/web/aaa/bbb" to the variable "domaindir". So $domaindir=="/home/web/aaa/bbb"
3. assign "/home/web/aaa" to the variable "domain". So $domain=="/home/web/aaa"
4. cp the file "/home/web/aaa/bbb/index.html" to the backup dir and change its name like this "/var/backup/home/web/aaa.index.html"

So my question is why the name of backup file "aaa.index.html" is kind of wired? What do you mean by it?
Thanks
# 4  
Old 06-20-2013
you can setup the backup file name to whatever form you want ... the sample code works but you need to customize it to your environment ...

example:
Code:
${domain}-${ifile} would give you aaa-index.html 
${domain}.index would give you aaa.index

# 5  
Old 06-20-2013
Quote:
Originally Posted by Just Ice
you can setup the backup file name to whatever form you want ... the sample code works but you need to customize it to your environment ...

example:
Code:
${domain}-${ifile} would give you aaa-index.html 
${domain}.index would give you aaa.index

I thought it seemed kind of customarySmilie
# 6  
Old 06-20-2013
@frank -- i am missing your point somehow.
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

script to merge two files on an index

I have a need to merge two files on the value of an index column. input file 1 id filePath MDL_NUMBER 1 MFCD00008104.mol MFCD00008104 2 MFCD00012849.mol MFCD00012849 3 MFCD00037597.mol MFCD00037597 4 MFCD00064558.mol MFCD00064558 5 MFCD00064559.mol MFCD00064559 input file 2 ... (9 Replies)
Discussion started by: LMHmedchem
9 Replies

2. UNIX for Dummies Questions & Answers

create table file from different files with index

Hi, I've several files with two collumns, where first collumn can be used as index. filename1 and filename2 how to create a file I should start with cat all files and extract first collumn to create an index? (4 Replies)
Discussion started by: sargotrons
4 Replies

3. UNIX for Dummies Questions & Answers

join files with numbered index

Hi all I´m a newbie so maybe this question will make someone mad. I am trying this command; join -a1 -11 file1 file2 > file3 file1 looks like: 1 2 3 4 5 6 7 8 9 10 11 file2: (4 Replies)
Discussion started by: awe1
4 Replies

4. Shell Programming and Scripting

rm -i and deleting files from an index table

Hi, I am trying to make a command to delete my files out the trash can, but one at a time. I am currently using rm - i to do this, but the original file locations for restoring my files are heard on a .txt file which I am using as an index table. How would I manage to make it so that if I... (21 Replies)
Discussion started by: E-WAN
21 Replies

5. Shell Programming and Scripting

recursively remove javascript from all folder index files

Hi All, A site I manage had some javascript inserted into each folders index file. Can anyone priovide me with some ideas on how to use awk, sed or some other bash script to parse through each of the site folders and remove this code? If I have to do it by hand I'm going to go insane. :eek: ... (2 Replies)
Discussion started by: lsalsich
2 Replies

6. Shell Programming and Scripting

Sort from start index and end index in line

Hi All, I have a file (FileNames.txt) which contains the following data in it. $ cat FileNames.txt MYFILE17XXX208Sep191307.csv MYFILE19XXX208Sep192124.csv MYFILE20XXX208Sep192418.csv MYFILE22XXX208Sep193234.csv MYFILE21XXX208Sep193018.csv MYFILE24XXX208Sep194053.csv... (5 Replies)
Discussion started by: krish_indus
5 Replies

7. UNIX for Dummies Questions & Answers

wh inode index starts from 1 unlike array index (0)

brothers why inode index starts from 1 unlike array inex which starts from 0 its a question from the design of unix operating system of maurice j.bach i need to know the answer urgently...someone help please (1 Reply)
Discussion started by: sairamdevotee
1 Replies

8. Filesystems, Disks and Memory

why the inode index of file system starts from 1 unlike array index(0)

why do inode indices starts from 1 unlike array indexes which starts from 0 its a question from "the design of unix operating system" of maurice j bach id be glad if i get to know the answer quickly :) (0 Replies)
Discussion started by: sairamdevotee
0 Replies

9. Filesystems, Disks and Memory

Backup Index

Hi all, I am using Legato networker for my backups, I need to restore some data from 2001. When doing an inventory on the tape is picks up the label but under pool it says "not in media index". When doing: nsrck -t 01Jan2002 -L7 i get the following: nsrck: checking index for '$client'... (2 Replies)
Discussion started by: macgre_r
2 Replies

10. Shell Programming and Scripting

Help please!Split files according to index

Suppose I have a csv file like this: 27, california , A3 27, vermont, B6 27, ontario, B7 34, kansas, C9 34, washington, A2 How do I split this file into two files according to field1. file1: 27, california , A3 27, vermont, B6 27, ontario, B7 file2: 34, kansas, C9 34, washington, A2... (9 Replies)
Discussion started by: onthetopo
9 Replies
Login or Register to Ask a Question