Develop Reference

How to hide telnet connection logs from getting printed in screen

I have a script which telnet to remote system & user can interact with remote system. But i want to hide telnet connection logs from getting printed for security reasons. I tried all the redirection techniques like (> , 1>, 2>), but my purpose is not served. "1>" is not allowing to interact with remote system.
How to redirect/hide only telnet connection logs (or first 3 connection lines) below & make telnet session interactive ?
script :
#!/bin/bash
telnet 1.2.3.4 7777
sample issue execution :
~/redirect.sh
Trying 1.2.3.4... // redirect
Connected to 1.2.3.4.
Escape character is '^]'.
login:
sample expected execution :
~/redirect.sh
login:

There is no easy fix for this, as those three lines are simply printf() in the code. It would be a great deal of effort to remove those lines and allow interactive connections.
However, it is a simple client side change to modify the telnet client source and recompiling:
Download inetutils-2.3 from here.
Extract with tar -xJvf inetutils-2.3.tar.xz.
cd inetutils-2.3.
./configure
Use the patch in this answer: patch telnet/commands.c < /path/to/telnet.patch
patching file telnet/commands.c
make
Then test:
2>/dev/null ./telnet/telnet 192.168.100.1 22
SSH-2.0-OpenSSH_8.6
Copy this version of telnet into your PATH somewhere. Possibly rename it stelnet.

Get/fetch a file with a bash script using /dev/tcp over https without using curl, wget, etc

I try to read/fetch this file:
https://blockchain-office.com/file.txt with a bash script over dev/tcp without using curl,wget, etc..
I found this example:
exec 3<>/dev/tcp/www.google.com/80
echo -e "GET / HTTP/1.1\r\nhost: http://www.google.com\r\nConnection: close\r\n\r\n" >&3
cat <&3
I change this to my needs like:
exec 3<>/dev/tcp/www.blockchain-office.com/80
echo -e "GET / HTTP/1.1\r\nhost: http://www.blockchain-office.com\r\nConnection: close\r\n\r\n" >&3
cat <&3
When i try to run i receive:
400 Bad Request
Your browser sent a request that this server could not understand
I think this is because strict ssl/only https connections is on.
So i change it to :
exec 3<>/dev/tcp/www.blockchain-office.com/443
echo -e "GET / HTTP/1.1\r\nhost: https://www.blockchain-office.com\r\nConnection: close\r\n\r\n" >&3
cat <&3
When i try to run i receive:
400 Bad Request
Your browser sent a request that this server could not understand.
Reason: You're speaking plain HTTP to an SSL-enabled server port.
Instead use the HTTPS scheme to access this URL, please.
So i even can't get a normal connection without get the file!
All this post's does not fit, looks like ssl/tls is the problem only http/80 works, if i don't use curl, wget, lynx, openssl, etc...:
how to download a file using just bash and nothing else (no curl, wget, perl, etc.)
Using /dev/tcp instead of wget
How to get a response from any URL?
Read file over HTTP in Shell
I need a solution to get/read/fetch a normal txt file from a domain over https only with /dev/tcp no other tools like curl, and output in my terminal or save in a variable without wget, etc.., is it possible and how, or is it there an other solution over the terminal with the standard terminal utilities?

You can use openssl s_client to perform the equivalent operation but delegate the SSL part:
#!/bin/sh
host='blockchain-office.com'
port=443
path='/file.txt'
crlf="$(printf '\r\n_')"
crlf="${crlf%?}"
{
printf '%s\r\n' \
"GET ${path} HTTP/1.1" \
"host: ${host}" \
'Connection: close' \
''
} |
openssl s_client -quiet -connect "${host}:${port}" 2 >/dev/null | {
# Skip headers by reading up until encountering a blank line
while IFS="${crlf}" read -r line && [ -n "$line" ]; do :; done
# Output the raw body content
cat
}
Instead of cat to output the raw body, you may want to check some headers like Content-Type, Content-Transfer-Encoding and even maybe navigate and handle recursive MIME chunks, then decode the raw content to something.

After all the comments and research, the answer is no, we can't get/fetch files using only the standard tools with the shell like /dev/tcp because we can't handle ssl/tls without handle the complete handshake.
It is only possbile with the http/80.
i dont think bash's /dev/tcp supports ssl/tls
If you use /dev/tcp for a http/https connection you have to manage the complete handshake including ssl/tls, http headers, chunks and more. Or you use curl/wget that manage it for you.
then shell is the wrong tool because it is not capable of performing any of the SSL handshake without using external resources/commands. Now relieve and use what you want and can from what I show you here as the cleanest and most portable POSIX-shell grammar implementation of a minimal HTTP session through SSL. And then maybe it is time to consider alternative options (not using HTTPS, using languages with built-in or standard library SSL support).
We will use curl, wget and openssl on seperate docker containers now.
I think there are still some requirements in the future to see if we keep only one of them or all of them.
We will use the script from #Léa Gris in a docker container too.

How to configure https_check URL in nagios

I have installed Nagios (Nagios® Core™ Version 4.2.2) in Linux Server.I have written a JIRA URL check using check_http for HTTPS url.
It should get a response 200, but It gives response HTTP CODE 302.
[demuc1dv48:/pkg/vdcrz/Nagios/libexec][orarz]# ./check_http -I xx.xx.xx -u https://xxx.xxx.xxx.com/secure/Dashboard.jspa -S CONNECT
SSL Version: TLSv1
HTTP OK: HTTP/1.1 302 Found - 296 bytes in 0.134 second response time |time=0.134254s;;;0.000000 size=296B;;;
So I configured the same in the nagios configuration file.
define command{
command_name check_https_jira_prod
command_line $USER1$/check_http -I xxx.xxx.xxx.com -u https://xxx.xxx.xxx.com/secure/Dashboard.jspa -S CONNECT -e 'HTTP/1.1 302'
}
Now my JIRA server is down, But it is not reflected in the nagios check.The nagios response still shows HTTP code 302 only.
How to fix this issue?

You did not specify, but I assume you defined your command in the Nagios central server commands.cfgconfiguration file, but you also need to define a service in services.cfg as services use commands to run scripts.
If you are running your check_httpcheck from a different server you also need to define it in the nrpe.cfg configuration file on that remote machine and then restart nrpe.
As a side note, from the output you've shared, I believe you're not using the flags that the check_http Nagios plugin supports correctly.
From your post:
check_http -I xxx.xxx.xxx.com -u https://xxx.xxx.xxx.com/secure/Dashboard.jspa -S CONNECT -e 'HTTP/1.1 302'
From ./check_http -h:
-I, --IP-address=ADDRESS
IP address or name (use numeric address if possible to bypass DNS lookup).
You are using a host name instead (xxx.xxx.xxx.com )
-S, --ssl=VERSION
Connect via SSL. Port defaults to 443. VERSION is optional, and prevents auto-negotiation (1 = TLSv1, 2 = SSLv2, 3 = SSLv3).
You specified CONNECT

You can't get code 200 unless you set follow parameter in chech_http script.
I suggest you to use something like this:
./check_http -I jira-ex.telefonica.de -u https://xxx.xxx.xxx.com/secure/Dashboard.jspa -S -f follow
The -f follow is mandatory for your use case.

Auto-download involving password and specific online clicking

I want to use cron to do a daily download of portfolio info with 2 added complications:
It needs a password
I want to get the format I can get, when on the site myself, by clicking on "Download to a Spreadsheet
If I use:
wget -U Chromium --user='e-address' --password='pass' \
https://www.google.com/finance/portfolio > "file_"`date +"%d-%m-%Y"`+.csv
I Get the response:
=========================================================================
--2013-10-20 12:16:13-- https://www.google.com/finance/portfolio
Resolving www.google.com (www.google.com)... 74.125.195.105, 74.125.195.103, 74.125.195.99, ...
Connecting to www.google.com (www.google.com)|74.125.195.105|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: unspecified [text/html]
Saving to: ‘portfolio’
[ <=> ] 16,718 --.-K/s in 0.04s
2013-10-20 12:16:13 (431 KB/s) - ‘portfolio’ saved [16718]
==========================================================================
It saves to a file called "portfolio" rather than where I asked it to ("file_"date +"%d-%m-%Y"+.csv).
When I look at "portfolio" in the browser it says I need to sign in to my account ie no notice is taken of the user and password information I've included.
If I add to the web address the string I get by hovering on the "Download to a Spreadsheet" link:-
wget -U Chromium --user='e-address' --password='pass' \
https://www.google.com/finance/portfolio?... > "file_"`date +"%d-%m-%Y"`+.csv
I get:
[1] 5175
[2] 5176
[3] 5177
[4] 5178
--2013-10-20 12:44:56-- https://www.google.com/finance/portfolio?pid=1
Resolving www.google.com (www.google.com)... [2] Done output=csv
[3]- Done action=view
[4]+ Done pview=pview
hg21#hg21-sda2:~$ 74.125.195.106, 74.125.195.103, 74.125.195.104, ...
Connecting to www.google.com (www.google.com)|74.125.195.106|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: unspecified [text/html]
Saving to: ‘portfolio?pid=1’
[ <=> ] 16,768 --.-K/s in 0.05s
2013-10-20 12:44:56 (357 KB/s) - ‘portfolio?pid=1.1’ saved [16768]
and at this point it hangs. The file it writes at this point (‘portfolio?pid=1’) is the same as the 'portfolio' file with the previously used wget.
If I then put in my password it continues:
pass: command not found
[1]+ Done wget -U Chromium --user="e-address" --password='pass' https://www.google.com/finance/portfolio?pid=1
[1]+ Done wget -U Chromium --user="e-address" --password='pass' https://www.google.com/finance/portfolio?pid=1
Any help much appreciated.

There are a couple of issues here:
1) wget is not saving to the correct filename
Use the -O option instead of > shell redirection.
Change > file_`date+"%d-%m-%Y"`.csv to -O file_`date+"%d-%m-%Y"`.csv
Tip: If you use date+"%Y-%m-%d", your files will naturally sort chronologically.
This is esssentially a duplicate of wget command to download a file and save as a different filename
See also man wget for options.
2) wget is spawning multiple processes and "hanging"
You have &s in your URL which are being interpreted by the shell instead of being included in the argument passed to wget. You need to wrap the URL in quotation marks.
https://finance.google.com/?...&...&...
becomes
"https://finance.google.com/?...&...&..."

Using /dev/tcp instead of wget

Why does this work:
exec 3<>/dev/tcp/www.google.com/80
echo -e "GET / HTTP/1.1\n\n">&3
cat <&3
And this fail:
echo -e "GET / HTTP/1.1\n\n" > /dev/tcp/www.google.com/80
cat </dev/tcp/www.google.com/80
Is there a way to do it in one-line w/o using wget, curl, or some other library?

The second snippet fails because it opens two separate TCP sockets. The echo connects to www.google.com and writes the HTTP request; and then the second line opens another connection and tries to read from that socket. The second socket simply blocks because Google is waiting for the HTTP request to be sent.

Not my area of expertise, but I think that the second sample will open a second connection, while the first sample keeps an open handle to the same connection. So any solution which involves opening only one connection should work.