Category Archives: RedHat and Friends

Auto Added by WPeMatico

Search entire server for Q4 2015 obfuscated PHP malware of unknown origin.

This is just a snippet I have used before to identify some malicious code on web servers.  This will not work on everything; but it will give you a way to find suspect files.  It is easy to cron in a script with others to make a nice daily report if you have those concerns.

#!/bin/bash
# Malware Search Script
# 11/1/15 – Matthew D. Curry
# Matt@MattCurry.com

echo “Search entire server for Q4 2015 obfuscated PHP malware of unknown origin.”

find / -name *.php -exec grep -Hn .1.=…….0.=…….3.=…….2.=…….5.= {} ;

 

Hope this helps, enjoy.

Want to use DNF? What to expect…

DNF actually DOES stand for something… Not sure where that started.

DNF stands for Dandified yum

DNF started showing up in Fedora 18, and Fedora 20 was the first Linux distro that welcomed users to utilize  DNF in place of YUM.

The technical challenges of DNF are that there is little or no support for features:

  • Debug
  • Verbose output
  • Enable Repository
  • Exclude packages during install
  • No effect of –skip-broken switch
  • The command resolvedep unavailable
  • The option skip_if_unavailable is ON by default
  • Dependency resolving process is not visible in Command Line
  • Parallel downloads in future release
  • Undo History
  • Delta RPM
  • Bash completion
  • Auto-remove
  • many others…

 

In short, if you drink the cool-aid then you should run this in a lab only.  I know people that try to run this stuff in production.  You are just asking for a serious problem. Other than that, I hope it gets there, DNF is just too new.