Skip to main content
Unix & Linux

Return to Answer

#!/use/bin/perl -w -> #!/usr/bin/perl -w
Source Link
edit approved Sep 30, 2015 at 8:52
alcik
edit approved Sep 30, 2015 at 8:52
alcik
  • 299
  • 1
  • 7

Your problem is that sed is a single-line tool; it looks at files one line at a time. It is possible to tell it to retain context across lines and have it vary its actions based on that, but this is a rather obscure and difficult, and therefore rarely used, feature of sed. Instead, I would do this with Perl:

#!/useusr/bin/perl -w
use strict;
use warnings;

foreach my $file (@ARGV) {
    open INPUT, "<$file";
    open OUTPUT, ">$file.new";
    my $found = 0;
    while (my $line=<INPUT>) {
        if ($line =~ /<\?php/ && !$found) {
            $found=1;
        } else {
            print OUTPUT $line;
        }
    }
    close INPUT;
    close OUTPUT;
}

call with the list of files you want it to edit as command-line arguments. It will dump the filtered output into files with an additional .new extension.

Having said that though, best practice when your server is compromised is to wipe it and restore from backups. There's no telling what other bad things might have happened.

Your problem is that sed is a single-line tool; it looks at files one line at a time. It is possible to tell it to retain context across lines and have it vary its actions based on that, but this is a rather obscure and difficult, and therefore rarely used, feature of sed. Instead, I would do this with Perl:

#!/use/bin/perl -w
use strict;
use warnings;

foreach my $file (@ARGV) {
    open INPUT, "<$file";
    open OUTPUT, ">$file.new";
    my $found = 0;
    while (my $line=<INPUT>) {
        if ($line =~ /<\?php/ && !$found) {
            $found=1;
        } else {
            print OUTPUT $line;
        }
    }
    close INPUT;
    close OUTPUT;
}

call with the list of files you want it to edit as command-line arguments. It will dump the filtered output into files with an additional .new extension.

Having said that though, best practice when your server is compromised is to wipe it and restore from backups. There's no telling what other bad things might have happened.

Your problem is that sed is a single-line tool; it looks at files one line at a time. It is possible to tell it to retain context across lines and have it vary its actions based on that, but this is a rather obscure and difficult, and therefore rarely used, feature of sed. Instead, I would do this with Perl:

#!/usr/bin/perl -w
use strict;
use warnings;

foreach my $file (@ARGV) {
    open INPUT, "<$file";
    open OUTPUT, ">$file.new";
    my $found = 0;
    while (my $line=<INPUT>) {
        if ($line =~ /<\?php/ && !$found) {
            $found=1;
        } else {
            print OUTPUT $line;
        }
    }
    close INPUT;
    close OUTPUT;
}

call with the list of files you want it to edit as command-line arguments. It will dump the filtered output into files with an additional .new extension.

Having said that though, best practice when your server is compromised is to wipe it and restore from backups. There's no telling what other bad things might have happened.

Source Link
Wouter Verhelst
Wouter Verhelst
  • 9.7k
  • 24
  • 47

Your problem is that sed is a single-line tool; it looks at files one line at a time. It is possible to tell it to retain context across lines and have it vary its actions based on that, but this is a rather obscure and difficult, and therefore rarely used, feature of sed. Instead, I would do this with Perl:

#!/use/bin/perl -w
use strict;
use warnings;

foreach my $file (@ARGV) {
    open INPUT, "<$file";
    open OUTPUT, ">$file.new";
    my $found = 0;
    while (my $line=<INPUT>) {
        if ($line =~ /<\?php/ && !$found) {
            $found=1;
        } else {
            print OUTPUT $line;
        }
    }
    close INPUT;
    close OUTPUT;
}

call with the list of files you want it to edit as command-line arguments. It will dump the filtered output into files with an additional .new extension.

Having said that though, best practice when your server is compromised is to wipe it and restore from backups. There's no telling what other bad things might have happened.