jm + bash   15

Detecting the use of "curl | bash" server side
tl;dr:
The better solution is never to pipe untrusted data streams into bash. If you still want to run untrusted bash scripts a better approach is to pipe the contents of URL into a file, review the contents on disk and only then execute it.
bash  security  shell  unix  curl  tcp  buffers 
april 2016 by jm
ShellCheck
Static code analysis for shell scripts (via Tony Finch)
bash  cli  sh  linux  shell  coding  static-analysis  lint 
april 2015 by jm
Using Named Pipes and Process Substitution in Bioinformatics
Wow. I've been using bash for nigh on 14 years and I didn't know about process substitution. Nifty trick
bash  linux  pipes  shell  unix  via:igrigorik  cli  named-pipes  process-substitution 
march 2015 by jm
curl | sh
'People telling people to execute arbitrary code over the network. Run code from our servers as root. But HTTPS, so it’s no biggie.'

YES.
humor  sysadmin  ops  security  curl  bash  npm  rvm  chef 
november 2014 by jm
Shellshock
An _extremely_ detailed resource about the bash bug
bash  hacking  security  shell  exploits  reference  shellshock 
october 2014 by jm
oss-sec: Re: CVE-2014-6271: remote code execution through bash
this is truly heinous. Given that any CGI which invokes popen()/system() on a Linux system where /bin/sh is a link to bash is vulnerable, there will be a lot of vulnerable services out there (via Elliot)
via:elliottucker  cgi  security  bash  sh  exploits  linux  popen  unix 
september 2014 by jm
Russell91/sshrc
'bring your .bashrc, .vimrc, etc. with you when you ssh'. A really nice implementation of this idea (much nicer than my own version!)
hacks  productivity  ssh  remote  shell  sh  bash  via:johnke  home-directory  unix 
september 2014 by jm
Lucas Nussbaum’s Blog » Blog Archive » RVM: seriously?
+1. RVM is atrocious code -- some of the worst bash script I've seen. And it's not just installing as a command, it requires that it be sourced and hooks into your login shell. If you then use "set -e", it crashes; "set -u", it crashes; reset $HOME, crash. It's dire.
rvm  hate  fail  bash  scripting  ruby 
april 2013 by jm
moreutils
Some really cool-looking UNIX command line utils, packaged in Debian (and therefore in Ubuntu too). A few of these I've reimplemented separately, but it's always good to replace a hack with a more widely available "official" tool. Thanks, Joey Hess!
sponge: accept input, wait til EOF, then rewrite a file;
chronic: runs a command quietly unless it fails;
combine: combine the lines in two files using boolean operations;
ifdata: get network interface info without parsing ifconfig output;
ifne: run a program if the standard input is not empty;
isutf8: check if a file or standard input is utf-8;
lckdo: execute a program with a lock held;
mispipe: pipe two commands, returning the exit status of the first;
parallel: run multiple jobs at once;
pee: tee standard input to pipes;
sponge: soak up standard input and write to a file;
ts: timestamp standard input;
vidir: edit a directory in your text editor;
vipe: insert a text editor into a pipe;
zrun: automatically uncompress arguments to command
bash  shell  cli  unix  scripting  via:peakscale  joey-hess  debian  ubuntu  tools  command-line  commands 
march 2013 by jm
spark
sparklines in your terminal window. Simply give it a comma or space-separated list of data values, and it'll generate an ANSI-graphics sparkline chart. Brilliant! (via mjd)
via:mjdominus  sparklines  charts  graphs  bash  shell  terminal  cli  ansi 
december 2011 by jm
gist: 782263 - How to redirect a running process' output to a file and logout
a nifty gdb hack; essentially dup()s a couple of files in /tmp in place of fd 1 and 2, then uses the bashism "detach" to nohup the running process
gdb  hacks  linux  process  shell  unix  via:hn  nifty  dup  detach  bash  from delicious
january 2011 by jm
autojump
interesting idea; extend "cd" to track which directories you cd to most frequently, then add a command to "jump" to the most-frequently used one which matches a substring you specify
autojump  cli  bash  command-line  navigation  terminal  shell  directory  cd  from delicious
july 2010 by jm
Mac OS X command-line tricks
not quite up to par with modern Ubuntu, but still a few interesting ones here for when I'm stuck using the missus' laptop ;)
apple  bash  cli  osx  mac  sysadmin  shell  tricks  command-line  from delicious
july 2010 by jm
practical Linux commands quick-ref sheet
from Padraig Brady. lots of nice one-liners I wasn't familiar with
padraig-brady  bash  cli  linux  reference  sysadmin  tips  commands  from delicious
june 2010 by jm
Top Ten One-Liners from CommandLineFu Explained
worth it for #10: 'Capture video of a linux desktop': '$ ffmpeg -f x11grab -s wxga -r 25 -i :0.0 -sameq /tmp/out.mpg'
video  capture  x11  ffmpeg  cli  bash  linux  from delicious
march 2010 by jm

Copy this bookmark:



description:


tags: