The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

bash script; delete all files from grep result

Discussion in 'Security' started by whm-expert, May 21, 2013.

  1. whm-expert

    whm-expert Active Member

    Joined:
    Nov 10, 2012
    Messages:
    40
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    DataCenter Provider
    hello
    i am using bash script to find all php shell scripts

    grep -RPnDskip "(base64_decode) *\(" /home/domain/public_html >> /home/1.txt

    and this is the output
    /home/domain/public_html/qaqa.php:12:$tkl=base64_decode($tkl);

    is there any way so i can delete all output file automatically?
    i mean when the shell script find the word "base64_decode" in "qaqa.php", it will delete the file from the server.
     
  2. whm-expert

    whm-expert Active Member

    Joined:
    Nov 10, 2012
    Messages:
    40
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    DataCenter Provider
    i solve the problem
     
  3. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,833
    Likes Received:
    672
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Would you mind sharing your resolution in-case others have a similar question?

    Thanks :)
     
  4. quizknows

    quizknows Well-Known Member

    Joined:
    Oct 20, 2009
    Messages:
    942
    Likes Received:
    57
    Trophy Points:
    28
    cPanel Access Level:
    DataCenter Provider
    I usually use xargs. Also, the "l" flag on grep is useful as it makes a list of matching files.

    Say for instance you know every file containing "badstring==' is malicious. You could do this:

    find /home/USERNAME/public_html/ -type f -exec grep -Rl 'badstring==' {} \; > results.txt

    Examine results.txt and MAKE SURE you want to remove the files. A good idea is to chmod 000 them first and make sure your site still functions:

    cat results.txt | xargs chmod 000

    Once you're SURE it's OK to remove the files, then you can

    cat results.txt | xargs rm -f

    If there are spaces in file names in the list, it could cause problems. I normally remove any files with spaces manually, remove those paths from results.txt, and then use the xargs command.

    As always, make sure you have a working backup before you go nuking a bunch of files.
     
    #4 quizknows, May 22, 2013
    Last edited: May 22, 2013
  5. whm-expert

    whm-expert Active Member

    Joined:
    Nov 10, 2012
    Messages:
    40
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    DataCenter Provider
    thank you for these information , i use xargs in my bash script, and its work successfully
     
Loading...

Share This Page