Excluding files or directories while deleting in Linux

When you use a graphical UI, removing a selected group of files or directories is easy! You just click a few, then delete.

On the command line (in Linux, for example), this isn't so easy.

Today I needed to clear out all Wordpress themes in a blog, except for the one currently in use.

How did I do it?


cd /var/www/mywordpresssite/wp-content/themes/
rm -rf `ls | grep -v themetokeep/ | grep -vF \.`


The above command removes all files and directories EXCEPT themetokeep, and those with dots in them. The latter is VERY important. If you include '..' in the rm-rf command, it will attempt to delete everything up one directory as well. In this case, that would have been the wp-content/ directory - yep, not a good idea!

Let's break that command down a bit:

ls

- the simplest way to list files. It just lists the names (no file size, dates, etc) of all files and directories in the current directory. Some systems are configured to hide the . and .. directories when ls is used with no parameters. However, some are not - which is why we need to be careful by adding that last grep.

|

- the pipe directs the output from one command to the input of another. In this case, we are sending the output of the ls command to the grep command, instead of printing the ls command's output to the shell.

grep -v themetokeep/

- grep - a great program that applies regular expressions to any input you give it, and outputs the result. It is essentially a filter.
- We are using the -v parameter to invert the match. This means we want to output all files and directories that do NOT have the name themetokeep/
If we didn't include -v and simply types grep themetokeep/ then we'd get an output list which only includes that directory.

grep -vF \.

- So now we have the output of the ls command, filtered to exclude the directory themetokeep/, and now we are filtering it one more time to remove the . and .. directories.

This is really important because we don't want to delete the current directory (wp-content/themes/) and we DEFINITELY don't want to delete the parent directory (..) - as this would remove all our plugins, cache, uploads, etc.. Please don't make that mistake as I once did! :)

- The -F parameter - to be honest, I am not exactly sure why we need this, except that if we don't use it, we won't be able to match the directories with dots in them. So use it.

- We put the slash before the . so that it is treated as a literal dot, and not the regular expression match character, which means 'any character'

rm -rf `...`

- rm - the delete command. We need -r to allow us to delete directories (and all their subdirectories). We need -f to suppress the 'Are you sure?' prompts. In other words, we're telling rm to delete everything we tell it - no questions asked.
- We put the filtered file list within the backticks ``, so that the file list becomes the instruction to rm.


Hope that helps you  - any questions - leave them in the comments!

Encrypting ASP.Net Configuration Files

Required Tools

%WinDir%\Microsoft.NET\Framework\<versionNumber>\aspnet_regiis.exe
IIS 7 (Instructions vary slightly for Windows 2000 and 2003) – see link in last section.

(Please excuse the formatting - haven't had time to make it pretty)

Overview

The purpose of this document is to explain how to encrypt sections of ASP.Net configuration files. This is necessary to add security around things like database and email account passwords.

While the config files are protected from public web users, in the event that a server was hacked, the config file contents could be accessed. Encrypted sensitive data in config files means that this data will remain safer than if it was stored in plain text.

We want to be able to:
  • Easily work with config files locally
  • Easily encrypt them on Production servers
  • Be able to do the encryption as part of the deployment
There are two approaches to encrypting configuration files:

  1. Using the supplied tools to encrypt the files on each server, using the server's own private key.
  2. Using a common private key on all servers, and encrypting the config files locally before deploying.
We will go with approach 2) because it reduces the server management overhead, and speeds up deployment.

Step 1: Generating the Private Keys

This only needs to be done once.

1. On any Windows machine (preferably a Server version), open a Command Prompt window with Admin privileges (in the Start menu, hold down Ctrl and Shift, and click on Accessories->Command Prompt)

Ideally, we need to use a Server operating system because this tool does not work 100% on Workstation OS’s such as Vista. You can still try this on XP or Vista though, as long as you have IIS - it will probably still work.

2. First, we create an RSA key container.

In the command prompt, type:
%SYSTEMROOT%\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe -pc RandomtechKeyContainer –exp

The name “RandomtechKeyContainer” may be substituted for anything however, this name will be used in the configuration later – so make it something that makes sense.

The –exp parameter means that the keys will be exportable.

Output:
Creating RSA Key container...
Succeeded! 

3. Second, we create the private and public key and save them to a file.

Type:
%SYSTEMROOT%\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis -px RandomtechKeyContainer thekeys.xml –pri 

The –pri switch means the public AND private keys are exported.

Output:

Exporting RSA Keys to file...
Succeeded!


4. Now we have the private and public keys saved in a file. Download this file to your PC and save it somewhere. The contents of the file should look something like:


(Keys mangled for my safety!)

Step 2: Setting up Your Development PC for Use with Keys

Now we have created the keys, we need to import them into our PC’s key container store so we can easily use them to encrypt configuration files.

1. Open a command prompt (the easiest one to use is the Visual Studio 2008 Command Prompt, found in the Start Menu) and type:

%SYSTEMROOT%\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis -pi RandomtechKeyContainer YOUR_PCs_PATH_TO\thekeys.xml

 
(change YOUR_PCs_PATH_TO to where you saved the keys)

Output:

Importing RSA Keys from file..
Succeeded!

Step 3: Encrypting the Config Files

Now we can use the above key to encrypt our files.

1. Add the following section to your application’s web.config file:


<configProtectedData>
<providers>
<add name="RandomtechCustomEncryptionProvider"
type="System.Configuration.RsaProtectedConfigurationProvider, System.Configuration, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
keyContainerName="RandomtechKeyContainer"
useMachineContainer="true" />
</providers>
</configProtectedData>

This can be added anywhere in the configuration file, directly within the configuration element (so not within system.web, etc.)

Make sure the keyContainerName is exactly the same as the key container name you used above, while generating keys.

Setting useMachineContainer to true means that the application will search for the decryption keys in the machine key store. This is important for use on the web server, otherwise it will search for the key in a specific user’s Application Data directory. Using this approach, means the key will be retrieved from the “All Users” directory.

2. Now we are ready to actually encrypt some configuration file sections. We’ll do the ConnectionStrings first, but it’s also recommended to encrypt your AppSettings, and any other section with sensitive data.
In a command prompt with Admin privileges, type:

%SYSTEMROOT%\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis -pef “connectionStrings” "FILE_PATH_TO_YOUR_WEB_APP" –prov “RandomtechCustomEncryptionProvider” 



The string after –prov must match the provider name we used above in the config section declaration.

The above command will look for all configuration files in the location FILE_PATH_TO_YOUR_WEB_APP. This location is a physical directory location on your PC. For example, c:\dev\project2

Note: the path MUST NOT END WITH A SLASH, otherwise the command will fail.


3. If you would like to specify a path to a web application on your local IIS server, then you need to drop the “f” from –pef, and supply a virtual path with the –app parameter. The command will look like this:

aspnet_regiis -pe “connectionStrings” –app “IIS_VIRTUAL_PATH” –prov “RandomtechCustomEncryptionProvider”
 
e.g.

aspnet_regiis -pe “connectionStrings” –app “/MyWebApp” –prov “RandomtechCustomEncryptionProvider” 



Note: if you are using the Visual Studio Web Server, use the –pef version of the command above.

4. Your connectionStrings will have been transformed into the encrypted version. It looks like this: 


<connectionStrings configProtectionProvider="RandomtechCustomEncryptionProvider">
<EncryptedData Type="http://www.w3.org/2001/04/xmlenc#Element"
xmlns="http://www.w3.org/2001/04/xmlenc#">
<EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" />
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<EncryptedKey xmlns="http://www.w3.org/2001/04/xmlenc#">
<EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5" />
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<KeyName>Rsa Key</KeyName>
</KeyInfo>
<CipherData>
<CipherValue>kjytgleldK+…</CipherValue>
</CipherData>
</EncryptedKey>
</KeyInfo>
<CipherData>
<CipherValue>cdznrkA11o1uatlHtmxFwQ2HXWEE/…</CipherValue>
</CipherData>
</EncryptedData>
</connectionStrings>
(Encrypted data removed of course! But you get the idea…)

5. Now test that decryption works:

e.g.
aspnet_regiis -pdf “connectionStrings” “c:\dev\project2”
OR
aspnet_regiis -pd “connectionStrings” –app “/MyWebApp”

Step 4: Incorporating Encrypted Configuration Into Deployment

We’ve done everything we need to do to encrypt/decrypt keys on our local machines. Now we need to automate it so we don’t even have to think about it. The following example uses NAnt for automation.
You can include the following NAnt snippet in your build files. Note we use NAnt argument elements for each of the exec/program parameter so we can use double quotes in the command line.


<property name="dotnet" value="c:/windows/Microsoft.NET/Framework/v2.0.50727" overwrite="true" />

<property name="build.target" value="..\..\DeployOutput\webapp.deploy" overwrite="false" />

<exec basedir="."
program="${dotnet}/aspnet_compiler.exe"
commandline="-nologo -u -d -c -v ${build.webappname} ${build.target} "
workingdir="."
failonerror="true" />

<!-- Encrypt the connection strings before deploying -->
<exec program="${dotnet}/aspnet_regiis.exe"
basedir="${build.target}"
verbose="true"
failonerror="true">
<arg value="-pef" />
<arg value='"connectionStrings"' />
<arg value="${path::get-full-path(build.target)}" />
<arg value='-prov "RandomtechCustomEncryptionProvider"' />
</exec>

If you need help with NAnt, get in touch via the comments.

Step 5: Distributing Keys to Web Servers

In order for our web servers to be able to decrypt the encrypted configuration, they need the private key.
To install it on each web server, the same method is followed as above for the local PC.

1. Upload the key to the server

2. Create the container and import the keys, type:

aspnet_regiis -pi RandomtechKeyContainer mykeys.xml

Output:


Importing RSA Keys from file..
Succeeded!


3. The last step is to grant access to the key container to the user your web application runs as. In IIS 7, it is the Application Pool identity, type:

%SYSTEMROOT%\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis -pa "RandomtechKeyContainer" "IIS APPPOOL\AppName"

Output:

Adding ACL for access to the RSA Key container...
Succeeded!

AppName is your application pool’s name.


4. Bonus Tip!

To find out the user your application pool runs as, add an ASPX file to your web root, with the following contents:

<%@ Page Language="VB" %>
<%
Response.Write(System.Security.Principal.WindowsIdentity.GetCurrent().Name)
%>

Open the file and copy this name into the command line above.
You will need to do this for each application pool that needs access to the key container.

5. Now delete the key file from the server. It is no longer needed, and for security reasons, it should not be left on the server.

6. The server is now ready to decrypt your configuration. Deploy your application and test an operation where the encrypted configuration section is needed. The application should function as normal!

Useful Points and References

  1. Sometimes the aspnet_regiis command will fail and just print out the usage instructions. If this happens, try surrounding every parameter with double quotes “”. It seems to require them sometimes, even when the parameter has no spaces in it.
  2. http://msdn.microsoft.com/en-us/library/ms998283.aspx
  3. For info on Windows 2000/2003: http://jtoee.com/2008/02/encrypting-webconfig/
  4. In Windows, RSA keys are stored here: \Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys

Tags

windows (10) microsoft (9) .net (6) google chrome (5) windows 7 (5) asp.net (4) google (4) google browser (4) development (3) javascript (3) mssql (3) rss (3) sql server (3) wordpress (3) automation (2) blogging (2) css (2) database (2) firefox (2) get all wordpress images (2) gmail (2) google docs (2) intel (2) internet explorer (2) linux (2) linux commands (2) microsoft word (2) mysql (2) netsh (2) network issue (2) proxy (2) seo tips (2) shell (2) sun (2) tfs (2) videos (2) wget (2) windows networking (2) windows vista (2) winhttp (2) .net 3.5 (1) .net 4.5 (1) .net async ctp3 (1) .net framework 4.0 (1) 404 (1) JungleDisk (1) access (1) active directory (1) addons (1) adobe acrobat (1) adobe dlm (1) adobe reader (1) adp (1) adsense (1) adtoll (1) adwords (1) amazon (1) antivirus (1) asp.net 4.0 (1) authentication (1) back links (1) backlinks (1) bacula (1) bash (1) batch files (1) blogger (1) box (1) browser exploits (1) category rss (1) cell phone (1) cell phone comparison (1) charting (1) cheap cell phones (1) cheap laptop upgrades (1) checkout (1) chrome (1) chrome.manifest (1) cloud (1) cloud hosting (1) cloud vps (1) code (1) color chart (1) colour chart (1) conditional formatting (1) config (1) configuration (1) context menu (1) copy (1) corrupt (1) credentials (1) cross-reference (1) database scripts (1) dba scripts (1) debian (1) decrypt (1) delete file windows vista (1) delete files (1) dell (1) dell laptop (1) dell studio (1) dell studio 1537 (1) dhcp (1) directory size (1) div (1) dns (1) document properties (1) dotnet (1) download (1) dreamhost (1) dreamhost coupon (1) dreamhost promo (1) dreamhost promo code (1) drive letter (1) drivers (1) duplicate content (1) editpad pro (1) encrypt (1) encryption (1) error (1) error code (1) excel (1) exception (1) external hard drive (1) facebook (1) faviconize (1) feeds (1) firefox 3 rc1 (1) firefox 3.1 (1) firefox addons (1) firefox tabs (1) firewall (1) firewall script (1) fix (1) fix .net framework (1) foreign keys (1) gmail 2.0 (1) gmail error (1) google chrome 2.0 (1) google chrome dev (1) google chrome exploit (1) google reader (1) google reader tags (1) gtdinbox (1) hard drive (1) hex color (1) hex colour (1) htaccess (1) html (1) html 5 (1) iis6 (1) installation (1) ipod touch (1) ipod touch 2g (1) ipod touch freeze (1) ipod touch magnet case (1) ipod touch magnet case problem (1) ipod touch problem (1) iterator pattern (1) itunes (1) java (1) joomla (1) jquery (1) laptop (1) laptop upgrade (1) laptops (1) latex (1) leeching (1) like button (1) link checker (1) linkbacks (1) linq (1) linqdatasource (1) lost password (1) making money online (1) map drive (1) mega cheap phones (1) microsoft excel (1) microsoft signature (1) microsoft store (1) microsoft web deploy (1) microsoft windows (1) microsoft word 2007 (1) minimize firefox tabs (1) mozy (1) ms word (1) msdeploy (1) msdtc (1) nant (1) netstumbler (1) network path not found (1) network path was not found (1) network problem (1) networking (1) new movies (1) nintendo (1) nirsoft (1) nocheckbrowser (1) number (1) odf (1) odt (1) online backups (1) open source browser (1) openoffice (1) oracle (1) oracle client (1) photoshop (1) phpmyadmin (1) podcast (1) powershell (1) pr checker (1) productivity (1) proxy server (1) proxycfg (1) putty (1) recover (1) registry (1) reinstall windows 7 (1) remote desktop (1) remove (1) repair (1) reset joomla admin password (1) rewrite (1) rsa (1) sandy bridge laptop (1) seagate momentus xt (1) seo tools (1) sequence (1) server monitoring (1) sftp (1) social networks (1) softlayer (1) soulseek (1) spreadsheet (1) spreadsheet formula (1) sql (1) sql scripts (1) sql server management studio (1) sqlclient (1) ssh (1) ssis (1) ssl (1) ssms (1) subst (1) tabmixplus (1) telstra (1) text editor (1) trust (1) unlock cell phone (1) unlock mobile phone (1) upgrade laptop hard drive (1) user management (1) vb.net (1) video download (1) virtual server (1) visual studio (1) vodafone (1) vodafone australia (1) vps (1) vps.net (1) wd external drive (1) web deploy (1) web dev (1) web development (1) web hosting (1) web security (1) webdev (1) webmail (1) webmaster tips (1) western digital (1) wifi networks (1) wii (1) win7 (1) windows 7 backup (1) windows 7 gadgets (1) windows 8 (1) windows 8 antivirus (1) windows error (1) windows live (1) windows live essentials (1) windows live toolbar (1) windows tips (1) windows web development (1) windows xp (1) winxp (1) wireless networks (1) word tips (1) wordpress 2.7 (1) wordpress plugin (1) wp super cache (1) yield (1) youtube download (1) youtube playlist download (1)