Well not a question as such, but more of a brainstorming thing or better say an issue. Well today I came to my server and realised that i can't git pull due to the keys being denied which was okay because for sure there were no keys in .ssh directory. All deleted and a new file (pbcopyfy there). Not sure what this means though. The content of the file are shown below:
#!/bin/sh
# Copyright (C) 2009-2017 Three Nine Consulting
# Always good practice to update packages. However ask user if they would like to do so
# For explanation on how this works and why check out https://garywoodfine.com/use-pbcopy-on-ubuntu/
read -p "Do you want to update your package repositories before proceeding ? " -n 1 -r
echo #adding new line
if [[ $REPLY =~ ^[Yy]$ ]]
then
sudo apt update
sudo apt upgrade -y
sudo apt autoremove -y
fi
# Check to see if Xclip is installed if not install it
if [ $(dpkg-query -W -f='${Status}' xclip 2>/dev/null | grep -c "ok installed") -eq 0 ];
then
echo 'xclip not installed .... installing now!'
sudo apt install xclip -y;
fi
# Add the aliases to the .bashrc
echo 'updating bash profile'
echo "#pbcopy & pbpaste aliases" >> ~/.bashrc
echo "alias pbcopy='xclip -selection clipboard'" >> ~/.bashrc
echo "alias pbpaste='xclip -selection clipboard -o'" >> ~/.bashrc
source ~/.bashrc
echo 'Complete! happy PbCopy'
Is this something I should be worried about or should I just get new keys and go up and running with new keys?
Related
I'm trying to learn how to write Bash scripts. I have this script to update my servers through ssh. I'm trying to add a check and a conditional to determine if the OS uses Yum or Apt then it will run the appropriate update commands. The if else statement seems to be wrong but I'm not sure how to correct this.
Here is the script:
#!/bin/bash
USERNAME="root"
HOSTS="host1 host2 host3"
apt_run="apt update && apt -y upgrade"
yum_run="yum check-update && yum -y update"
for HOSTNAME in ${HOSTS} ; do
ssh -l ${USERNAME} ${HOSTNAME}
find_os=$( command -v yum || command -v apt-get ) || echo "Neither
yum nor apt-get found"
if [[ $find_os='yum' ]]
then
"${yum_run}"
else
"${apt_run}"
fi
done
Here is my script for my virtual machines.
#!/bin/bash
hosts=(
leap151 kali ubuntu omv
)
for hostname in "${hosts[#]}"; do
ssh -t root#"$hostname" << 'EOF'
if type -P zypper >/dev/null; then
command zypper ref && command zypper up
elif type -P apt-get >/dev/null; then
command apt-get update && command apt-get upgrade
else
echo 'Neither zypper nor apt found!' >&2
exit 127
fi
EOF
done
Use an array for the host. Since you're using bash the builtin type is fine just for searching the executable within your PATH. See help type for more info. Use the -t option in ssh also use a heredoc just what I have/did. The exit 127 is what the shell would exit if there are no executable see man 1p exit.
I've created a bash program using whiptail to give a graphical type interface to the user to setup their system. For some reason my script isn't running any of my bash commands though, instead it seems to be cycling through outputting to my log.txt file, but no packages are being installed.
STATUS=0
touch log.txt
while [ $STATUS -lt 100 ]; do
# update apt repos
apt-get update
wait
echo "apt-get update" >> log.txt
let STATUS=STATUS+15
echo $STATUS
# update apt package
apt-get upgrade
wait
echo "apt-get upgrade" >> log.txt
let STATUS=STATUS+15
echo $STATUS
# install required packages
apt-get -y git-all nmap hydra
wait
echo "apt-get -y git-all nmap hydra" >> log.txt
let STATUS=STATUS+10
echo $STATUS
# install rbenv
git clone https://github.com/rbenv/rbenv.git ~/.rbenv
wait
echo "cloning rbenv" >> log.txt
echo 'export PATH="$HOME/.rbenv/bin:$PATH"' >> ~/.bash_profile
echo 'exporting PATH' >> log.txt
~/.rbenv/bin/rbenv init
wait
echo 'initializing rbenv' >> log.txt
git clone https://github.com/rbenv/ruby-build.git ~/.rbenv/plugins/ruby-build
wait
echo "cloning ruby-build" >> log.txt
rbenv install 2.1.4
wait
echo "installing ruby 2.1.4" >> log.txt
let STATUS=STATUS+25
echo $STATUS
done | whiptail --gauge "Setting Up Neo (THIS WILL TAKE SOME TIME)..." 40 78 0
So, to confirm my while loop is actually running, I started echoing things to log.txt. Here is the output:
apt-get update
apt-get upgrade
apt-get -y git-all nmap hydra
cloning rbenv
exporting PATH
initializing rbenv
cloning ruby-build
installing ruby 2.1.4
What have I done wrong?
First, since you have no backgrounded processes, wait is not doing anything.
Second, since whiptail is reading stdin, you need to ensure that stdout from all apt-get, git, rbenv, etc commands are redirected to stderr, or better, to your log.
# update apt repos
echo "apt-get update" >> log.txt
apt-get update >>log.txt 2>&1
(( STATUS += 15 ))
echo $STATUS
# update apt package
echo "apt-get upgrade" >> log.txt
apt-get upgrade >> log.txt 2>&1
(( STATUS += 15 ))
echo $STATUS
and so on.
I'm working on a script that will shred a usb drive and install Kali linux with encrypted persistent data.
#! /bin/bash
cd ~/Documents/Other/ISOs/Kali
echo "/dev/sdx x=?"
read x
echo "how many passes to wipe? 1 will be sufficient."
read n
echo "sd$x will be wiped $n times."
read -p "do you want to continue? [y/N] " -n 1 -r
echo
if [[ ! $REPLY =~ ^[Yy]$ ]]
then
exit 1
fi
echo "Your role in the installation process is not over. You will be prompted to type YES and a passphrase."
sudo shred -vz --iterations=$n /dev/sd$x
echo "Wiped. Installing Kali"
sudo dd if=kali-linux-2.0-amd64.iso of=/dev/sd$x bs=512k
echo "Installed. Making persistence."
y=3
sudo parted /dev/sd$x mkpart primary 3.5GiB 100%
x=$x$y
sudo cryptsetup --verbose --verify-passphrase luksFormat /dev/sd$x
sudo cryptsetup luksOpen /dev/sd$x my_usb
sudo mkfs.ext3 -L persistence /dev/mapper/my_usb
sudo e2label /dev/mapper/my_usb persistence
sudo mkdir -p /mnt/my_usb
sudo mount /dev/mapper/my_usb /mnt/my_usb
sudo -i
echo "/ union" > /mnt/my_usb/persistence.conf
umount /dev/mapper/my_usb
cryptsetup luksClose /dev/mapper/my_usb
echo "Persistence complete. Installation complete."
It works nearly perfectly. These commands individually entered into the terminal will create the desired effect, but the problem comes in at line 37:
sudo echo "/ union" > /mnt/my_usb/persistence.conf
That command won't work unless I'm logged in as root user. To solve this I tried adding the sudo -i command before, but once I do that all of the following commands are skipped.
It's okay if the solution suggested requires me to type in the password. I don't want the password stored in the script, that's just wreckless.
Side note, I didn't make a generic form for this question because I want other people to be able use this if they like it.
The problem is that the echo runs with root privilege but the redirection happens in the original shell as the non-root user. Instead, try running an explicit sh under sudo and do the redirection in there
sudo /bin/sh -c 'echo "/ union" > /mnt/my_usb/persistence.conf'
The problem is that when you type in the following command:
sudo echo "/ union" > /mnt/my_usb/persistence.conf
Only the "echo" will be run as root through sudo, but the redirection to the file using > will still be executed as the "normal" user, because it is not a command but something performed directly by the shell.
My usual solution is to use teeso that it runs as a command and not as a shell built-in operation, like this:
echo "/ union" | sudo tee /mnt/my_usb/persistence.conf >/dev/null
Now the tee command will be run as root through sudo and will be allowed to write to the file. >/dev/null is just added to keep the output of the script clean. If you ever want to append instead of overwrite (e.g. you would be using >>normally), then use tee -a.
I'm new to Ubuntu and bash scripts, but I just made runUpdates.sh and added this to my .profile to run it:
if [ -f "$HOME/bin/runUpdates.sh" ]; then
. "$HOME/bin/runUpdates.sh"
fi
The problem I'm having is, I want the script to run as if root is running it (because I don't want to type my sudo password)
I found a few places that I should be able to do sudo chown root.root <my script> and sudo chmod 4755 <my script> and when I run it, it should run as root. But it's not...
The script looks good to me. What am I missing? -rwxr-xr-x 1 root root 851 Mar 23 21:14 runUpdates.sh*
Can you please help me run the commands in this script as root? I don't really want to change the sudors file, I really just want to run the commands in this script at root (if possible).
#!/bin/sh
echo "user is ${USER}"
#check for updates
update=`cat /var/lib/update-notifier/updates-available | head -c 2 | tail -c 1`;
if [ "$update" = "0" ]; then
echo -e "No updates found.\n";
else
read -p "Do you wish to install updates? [yN] " yn
if [ "$yn" != "y" ] && [ "$yn" != "Y" ]; then
echo -e 'No\n';
else
echo "Please wait...";
echo `sudo apt-get update`;
echo `sudo apt-get upgrade`;
echo `sudo apt-get dist-upgrade`;
echo -e "Done!\n";
fi
fi
#check for restart
restartFile=`/usr/lib/update-notifier/update-motd-reboot-required`;
if [ ! -z "$restartFile" ]; then
echo "$restartFile";
read -p "Do you wish to REBOOT? [yN] " yn
if [ "$yn" != "y" ] && [ "$yn" != "Y" ]; then
echo -e 'No\n';
else
echo `sudo shutdown -r now`;
fi
fi
I added the user is to debug, it always outputs my user not root, and prompts for the sudo password (since I'm calling the commands with sudo) or tells me are you root? (if I remove sudo)
Also, is there a way to output the update commands stdout in real time, not just one block when they finish?
(I also tried with the shebang as #!/bin/bash)
setuid does not work on shell scripts for security reasons. If you want to run a script as root without a password, you can edit /etc/sudoers to allow it to be run with sudo without a password.
To "update in real time", you would run the command directly instead of using echo.
Its not safe to do, you should probably use sudoers but if you really need/want to, you can do it with something like this:
echo <root password> | sudo -S echo -n 2>/dev/random 1>/dev/random
sudo <command>
This works because sudo doesn't require a password for a brief window after successfully being used.
SUID root scripts were phased out many years ago if you really want to run scripts as root you need to wrap them in an executable, you can see an example on how to do this on my blog:
http://scriptsandoneliners.blogspot.com/2015/01/sanitizing-dangerous-yet-useful-commands.html
The example is how to change executable permissions and place a filter around other executables using a shell script but the concept of wrapping a shell script works for SUID as well, the resulting executable file from the shell script can be made SUID.
https://help.ubuntu.com/community/Sudoers
I just developed an opengl game in linux (ubuntu).. Now I would like to write a setup script for the same which installs the game directly into the apt using the command..
sudo apt-get install ...
so that it runs from anywhere throughout linux without going into the specified folder for the game. Anyone knows how to do that ?
http://blog.boxedice.com/2010/02/05/how-to-create-a-debian-deb-package/
http://ptspts.blogspot.com/2010/02/how-to-create-debianubuntu-package-deb.html
http://wiki.debian.org/HowToPackageForDebian
etc
#!/bin/bash
set -eu -o pipefail # fail on error , debug all lines
sudo -n true
test $? -eq 0 || exit 1 "you should have sudo priveledge to run this script"
echo installing the must-have pre-requisites
while read -r p ; do sudo apt-get install -y $p ; done < <(cat << "EOF"
perl
zip unzip
exuberant-ctags
mutt
libxml-atom-perl
postgresql-9.6
libdbd-pgsql
curl
wget
libwww-curl-perl
EOF
)
echo installing the nice-to-have pre-requisites
echo you have 5 seconds to proceed ...
echo or
echo hit Ctrl+C to quit
echo -e "\n"
sleep 6
sudo apt-get install -y tig