1 / 20

Chapter Five (Continued)

Chapter Five (Continued). And some class exercises. But first…why wget did not work. A few months ago I added a module to my apache server called ModSecurity ModSecurity is an open source intrusion detection and prevention engine for web applications

cedric-alston
Download Presentation

Chapter Five (Continued)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Chapter Five (Continued) And some class exercises

  2. But first…why wget did not work • A few months ago I added a module to my apache server called ModSecurity • ModSecurity is an open source intrusion detection and prevention engine for web applications • Operating as an Apache Web server module or standalone, the purpose of ModSecurity is to increase web application security, protecting web applications from known and unknown attacks.

  3. The Threat - wget • Many web exploits take advantage of flaws in coding to use directory transversal as a means to execute programs such as wget • directory transversal is essentially http://rose.edu/../../bin/wget yada yada • Various combinations are tried until one succeeds (we will look at an actual attack later in the course) • But ModSecurity protects against wget attacks (well sort of…)

  4. wget and User-Agent • A user agent is the client application used with a particular network protocol • Web user agents range from web browsers to search engine crawlers ("spiders"), etc. • When Internet users visit a web site, a text string is generally sent to identify the user agent to the server.

  5. wget and User-Agent • This forms part of the HTTP request, prefixed with User-agent: or User-Agent: • wget has a command line option (-U) to modify or erase the User-Agent sent to server

  6. Exercise • Use the following command to download the gettysburg.txt file to your class workstation: wget –U “” http://wildbill.org/gettysburg.txt • Now use wc determine: • The number of lines in the file • The number of words in the file • The number of characters in the file

  7. Grep Exercise • Using grep try the following: grep four gettysburg.txt Ok now try: grep –i four gettysburg.txt Now look at the man page for grep…lot’s of options!

  8. Using the Manipulate and Format Commands • These commands are: tr and pr • Used to edit and transform the appearance of data before it is displayed or printed

  9. Translating CharactersUsing the tr command • tr copies data from the standard input to the standard output, substituting or deleting characters specified by options and patterns • The patterns are strings and the strings are sets of characters • A popular use of tr is converting lowercase characters to uppercase

  10. tr Exercise • Type the following: tr t 0 < gettysburg.txt tr a-z A-Z < gettysburg.txt

  11. Using the pr Command toFormat Your Output • pr prints specified files on the standard output in paginated form • By default, pr formats the specified files into single-column pages of 66 lines • Each page has a five-line header, its latest modification date, current page, and five-line trailer consisting of blank lines

  12. Pr Exercise • Type the following: pr gettysburg.txt pr –header=“GBA Ver 1.0” gettysburg.txt pr –t gettysburg.txt pr – t –d gettysburg.txt

  13. Using the mount Command • Data on different physical storage devices, like floppies, CD-ROMs, and hard disk drives • The storage devices will have a file system such as ext2, ext3 NTFS, Vfat, etc. • Using the mount command you can mount these file systems on your UNIX server

  14. Using the mount Command • To mount a File System type: $ mount /dev/fd0 /mnt/floppy • In this example, /dev/fd0 is your floppy drive, and /mnt/floppy is the mount point. Now when you cd to /mnt/floppy, you'll actually access the files on your floppy.

  15. Using the umount Command • To un-mount the floppy type: $ umount /mnt/floppyor $ umount /dev/fd0

  16. Using the mount Command • Sometime you will have to specify the type of file system. This is done by including the –t switch $ mount /dev/fd0 –t msdos /mnt/floppy

  17. Using the mount Command • An ISO image (.iso) is a file that is a an image of an ISO 9660 file system • ISO images can be mounted on UNIX systems using the loopback device mount -o loop -t iso9660 filename.iso /mnt/iso (see the handout for more details)

  18. Using a Shell Script toImplement the Application • Shell scripts should contain: • The commands to execute • Comments to identify and explain the script so that users or programmers other than the author can understand how it works • Use the pound (#) character to mark comments in a script file

  19. Running a Shell Script • The Bash shell accepts more variations in command structures that other UNIX shells thus it is more popular • You can run a shell script by typing sh followed by the name of the script, or make the script executable and type ./ prior to the script name sh filename.sh or ./filename.sh

  20. Shell Script Discussion… • First line… #!/bin/bash • Uses…….SRSS, Web, etc. • For easier reading use all UPPERCASE names for variables • # Use the comment character to add information to your scripts

More Related