using grep and awk to do a global replace how do I do this? NEED HELP ASAP 500 pts

Posted on 2006-04-21
Last Modified: 2013-12-16
I have had a exploit get loaded to all my web page documents.
Step57 has put a ifram on all my pages.
If I do this grep command:
 grep -rl "step57" *

It will return all the pages with this in it.

How can I do the grep using swk or something like it to remve the iframe line?

Question by:jbrashear72
    LVL 22

    Accepted Solution


    OK - this one is a job for  sed - e.g.s:

     # substitute (find and replace) "foo" with "bar" on each line
     sed 's/foo/bar/'             # replaces only 1st instance in a line
     sed 's/foo/bar/4'            # replaces only 4th instance in a line
     sed 's/foo/bar/g'            # replaces ALL instances in a line
     sed 's/\(.*\)foo\(.*foo\)/\1bar\2/' # replace the next-to-last case
     sed 's/\(.*\)foo/\1bar/'            # replace only the last case

     # substitute "foo" with "bar" ONLY for lines which contain "baz"
     sed '/baz/s/foo/bar/g'

     # substitute "foo" with "bar" EXCEPT for lines which contain "baz"
     sed '/baz/!s/foo/bar/g'

    Look here for other examples:

    ......but we need to send all the html files through sed

    find /var/www/html | grep "\.html$" | gawk '{print "sed /baz/!s/foo/bar/g " $0 " > /newfolder" $0}'

    should print out a list of the commands that we want to run....

    Basically, it finds all the the files that end with .html, and then carries out whatever sed transalation you want on the files to remove the 'frame', and then copies the resulting output to another folder (the same folder directory, just preceded by /newfolder. the moment this does not run the commands. In order to do that, you | the commands to a shell (after testign the commands to see that they are exactly what you want):

    find /var/www/html | grep "\.html$" | gawk '{print "sed /baz/!s/foo/bar/g " $0 " > /newfolder" $0}' | /bin/bash

    ...and there you go!

    You will then need to build up a similar command to move all of the correctly modified files (after checking) and overwrite the corrupted files. Something similar to:

    mv /newfolder /www

    find /www | grep "\.html$" | gawk '{print "mv " $0 " > /var" $0}' | /bin/bash

    should do the job:) Remember check results carefully for one line first before running against all your files, AND make a backup before you do anything that you are worried about!  You need to look at the examples, and the line structure in the infected html and find an appropriate sed construction to do what you want.


    LVL 3

    Author Comment

    Is there a shorter answer?
    LVL 22

    Expert Comment

    If you read through it carefully, you'll see that the majority is explanation. All you need is:

    find /var/www/html | grep "\.html$" | gawk '{print "sed /step57/d " $0 " > /newfolder" $0}' | /bin/bash

    scan all .html files and delete the line containing step57, and copy the resulting file to /newfolder

    find /newfolder | grep "\.html$" | gawk '{print "mv " $0 " > /var" $0}' | /bin/bash

    Copy the corrected files over the old corrupted ones. (2 lines  :)   )

    Obviously make a backup before trying this:)


    LVL 22

    Expert Comment

    Obviously correct the folders to put the new files where you want them, or set to over-write the originals. This may depend on your distribution. The above was for a RHEL server

    Featured Post

    How to run any project with ease

    Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
    - Combine task lists, docs, spreadsheets, and chat in one
    - View and edit from mobile/offline
    - Cut down on emails

    Join & Write a Comment

    In this tutorial I will explain how to make squid prevent malwares in five easy steps: Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. It reduces bandwidth and improves response times by caching and reusing frequently-…
    I. Introduction There's an interesting discussion going on now in an Experts Exchange Group — Attachments with no extension ( This reminded me of questions tha…
    Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
    This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

    745 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    19 Experts available now in Live!

    Get 1:1 Help Now