using grep and awk to do a global replace how do I do this? NEED HELP ASAP 500 pts

I have had a exploit get loaded to all my web page documents.
Step57 has put a ifram on all my pages.
If I do this grep command:
 grep -rl "step57" *

It will return all the pages with this in it.

How can I do the grep using swk or something like it to remve the iframe line?

NEED HELP ASAP
LVL 3
jbrashear72Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

pjedmondCommented:
Nice:)

OK - this one is a job for  sed - e.g.s:

 # substitute (find and replace) "foo" with "bar" on each line
 sed 's/foo/bar/'             # replaces only 1st instance in a line
 sed 's/foo/bar/4'            # replaces only 4th instance in a line
 sed 's/foo/bar/g'            # replaces ALL instances in a line
 sed 's/\(.*\)foo\(.*foo\)/\1bar\2/' # replace the next-to-last case
 sed 's/\(.*\)foo/\1bar/'            # replace only the last case

 # substitute "foo" with "bar" ONLY for lines which contain "baz"
 sed '/baz/s/foo/bar/g'

 # substitute "foo" with "bar" EXCEPT for lines which contain "baz"
 sed '/baz/!s/foo/bar/g'

Look here for other examples:

http://www.student.northpark.edu/pemente/sed/sed1line.txt

......but we need to send all the html files through sed .....so

find /var/www/html | grep "\.html$" | gawk '{print "sed /baz/!s/foo/bar/g " $0 " > /newfolder" $0}'

should print out a list of the commands that we want to run....

Basically, it finds all the the files that end with .html, and then carries out whatever sed transalation you want on the files to remove the 'frame', and then copies the resulting output to another folder (the same folder directory, just preceded by /newfolder.

But...at the moment this does not run the commands. In order to do that, you | the commands to a shell (after testign the commands to see that they are exactly what you want):

find /var/www/html | grep "\.html$" | gawk '{print "sed /baz/!s/foo/bar/g " $0 " > /newfolder" $0}' | /bin/bash

...and there you go!

You will then need to build up a similar command to move all of the correctly modified files (after checking) and overwrite the corrupted files. Something similar to:

mv /newfolder /www

find /www | grep "\.html$" | gawk '{print "mv " $0 " > /var" $0}' | /bin/bash

should do the job:) Remember check results carefully for one line first before running against all your files, AND make a backup before you do anything that you are worried about!  You need to look at the examples, and the line structure in the infected html and find an appropriate sed construction to do what you want.

HTH:)



0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
jbrashear72Author Commented:
Is there a shorter answer?
0
pjedmondCommented:
If you read through it carefully, you'll see that the majority is explanation. All you need is:

find /var/www/html | grep "\.html$" | gawk '{print "sed /step57/d " $0 " > /newfolder" $0}' | /bin/bash

scan all .html files and delete the line containing step57, and copy the resulting file to /newfolder

find /newfolder | grep "\.html$" | gawk '{print "mv " $0 " > /var" $0}' | /bin/bash

Copy the corrected files over the old corrupted ones. (2 lines  :)   )

Obviously make a backup before trying this:)

HTH:)



0
pjedmondCommented:
Obviously correct the folders to put the new files where you want them, or set to over-write the originals. This may depend on your distribution. The above was for a RHEL server
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Linux

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.