Commands by paulera (14)

  • Monitor changed files into a log file, with day rotation, using fswatch (MacOS)

    This command monitors changes in the current folder structure (subfolders included) and files, and log it into a hidden file in the same folder, called `.file_changes_YYMMDD.log`. Modify the `--exclude` parameters to define what should be skipped. Show Sample Output


    2
    fswatch --exclude=.git/* --exclude=.settings --event-flags --event-flag-separator=\; -t -f '%Y-%m-%d %H:%M:%S' . >> ./.file_changes_$(date +"%Y-%m-%d" | sed s/-//g).log
    paulera · 2023-08-17 23:06:30 200
  • Process command output line by line in a while loop

    This snippet allows to process the output of any bash command line by line.


    1
    while read -r line; do echo $line; done < <(YOUR COMMAND HERE);
    paulera · 2018-08-13 10:03:11 323
  • Linux socket-to-socket tunnel (MySQL example)

    Won't work with password login. You must add your RSA key to the server's authorizedkeys file, or change the ssh command adding the -i option for a custom RSA key: socat "UNIX-LISTEN:/tmp/mysqld.temp.sock,reuseaddr,fork" EXEC:"ssh username@remoteserver.com -i /home/user/rsa-keys/id_rsa socat STDIO UNIX-CONNECT\:/var/run/mysqld/mysqld.sock" --- /tmp/mysqld.temp.sock will be created locally by socat, don't create it yourself. The folder it lives must be writable. Connect your MySQL client to this socket, with database and username set properly. --- In case you need to forward a remote socket to a LOCAL PORT instead, check http://www.commandlinefu.com/commands/view/9436/socat-tcp-listen5500-execssh-userremotehost-socat-stdio-unix-connectvarrunmysqldmysqld.sock


    0
    socat "UNIX-LISTEN:/tmp/mysqld.temp.sock,reuseaddr,fork" EXEC:"ssh username@remoteserver.com socat STDIO UNIX-CONNECT\:/var/run/mysqld/mysqld.sock"
    paulera · 2017-07-27 11:32:19 49
  • Watch PHP log, without knowing it's location (gets from php.ini)

    Runs "php -i", filter the error_log location, then watches it using "tail"


    0
    tail -v -f $(php -i | grep "^[ \t]*error_log" | awk -F"=>" '{ print $2; }' | sed 's/^[ ]*//g')
    paulera · 2016-08-31 12:13:31 25
  • random git-commit message

    Do a git commit using a random message. Show Sample Output


    17
    git commit -m "$(curl -s http://whatthecommit.com/index.txt)";
    paulera · 2016-05-04 09:51:18 33
  • Recover username and password for Technicolor TC7200 admin page (vulnerability)

    The router Technicolor TC7200 has an exploit where the file http://192.168.0.1/goform/system/GatewaySettings.bin is open for unauthenticated access. Even though it is binary, the 2 last strings are the username and password for the pages for router management. It can be read using the 'strings' command, 'hexdump -C' or a hexadecimal editor. (default user/password = admin/admin) Reveals more configuration, including SSID name and Key for the wifi network: wget -q -O - http://192.168.0.1/goform/system/GatewaySettings.bin Hexadecimal dump of the file: wget -q -O - http://192.168.0.1/goform/system/GatewaySettings.bin | hexdump -C Show Sample Output


    3
    wget -q -O - http://192.168.0.1/goform/system/GatewaySettings.bin | strings | tail -n 2
    paulera · 2016-05-03 23:03:55 13
  • List latest 5 modified files recursively

    The output format is given by the -printf parameter: %T@ = modify time in seconds since Jan. 1, 1970, 00:00 GMT, with fractional part. Mandatory, hidden in the end. %TY-%Tm-%Td %TH:%TM:%.2TS = modify time as YYYY-MM-DD HH:MM:SS. Optional. %p = file path Refer to http://linux.die.net/man/1/find for more about -printf formatting. ------------------------ sort -nr = sort numerically and reverse (higher values - most recent timestamp - first) head -n 5 = get only 5 first lines (change 5 to whatever you want) cut -f2- -d" " = trim first field (timestamp, used only for sorting) ------------------------ Very useful for building scripts for detecting malicious files upload and malware injections. Show Sample Output


    7
    find . -type f -printf '%T@ %TY-%Tm-%Td %TH:%TM:%.2TS %p\n' | sort -nr | head -n 5 | cut -f2- -d" "
    paulera · 2016-03-23 11:56:39 11
  • Safe Russian Roulette (only echo, don't delete files)

    Shows "Bang!" in a chance of 1 out of 6, like in the original game with the gun (spin every round). Otherwise, echoes "Click...". If feeling brave you can also do: [ $[ $RANDOM % 6 ] == 0 ] && echo 'Bang!' && a really killer command || echo 'Click...' Show Sample Output


    4
    [ $[ $RANDOM % 6 ] == 0 ] && echo 'Bang!' || echo 'Click...'
    paulera · 2016-03-23 11:09:56 29
  • Test remote SSH server status using telnet (no login required)

    This command telnet and and looks for a line starting with "SSH" - works for OpenSSH since the SSH banner is something like "SSH-2.0-OpenSSH_6.0p1 Debian-4+deb7u3". Then it triggers an action accordingly. It can be packed as a script file to echo 0/1 indicating the SSH service availability: if [[ "$(sleep 1 | telnet -c <host> <port> 2>&1 | grep '^SSH')" == SSH* ]]; then echo 1; else echo 0; fi; Alternative uses: Trigger an action when server is UP (using &&): [[ "$(sleep 1 | telnet -c <host> <port> 2>&1 | grep '^SSH')" == SSH* ]] && <command when up> Trigger an action when server is DOWN (using ||): [[ "$(sleep 1 | telnet -c <host> <port> 2>&1 | grep '^SSH')" == SSH* ]] || <command when down>


    0
    $if [[ "$(sleep 1 | telnet -c <host> <port> 2>&1 | grep '^SSH')" == SSH* ]]; then <command when up>; else <command when down>; fi;
    paulera · 2016-02-02 13:06:51 16
  • Run bash script from web

    Use this command to execute the contents of http://www.example.com/automation/remotescript.sh in the local environment. The parameters are optional. Alterrnatives to wget: CURL: curl -s http://www.example.com/automation/remotescript.sh | bash /dev/stdin param1 param2 W3M: w3m -dump http://www.example.com/automation/remotescript.sh | bash /dev/stdin [param1] [param2] LYNX: lynx -source http://www.example.com/automation/remotescript.sh | bash /dev/stdin [param1] [param2]


    0
    wget -q -O - http://www.example.com/automation/remotescript.sh | bash /dev/stdin parameter1 parameter2
    paulera · 2015-02-16 16:55:09 16
  • Show your local ipv4 IP

    To show ipv6 instead, use [[ -6 ]] instead of [[ -4 ]] ip -o -6 a s | awk -F'[ /]+' '$2!~/lo/{print $4}' To show only the IP of a specific interface, in case you get more than one result: ip -o -4 a s eth0 | awk -F'[ /]+' '$2!~/lo/{print $4}' ip -o -4 a s wlan0 | awk -F'[ /]+' '$2!~/lo/{print $4}' Show Sample Output


    2
    ip -o -4 a s | awk -F'[ /]+' '$2!~/lo/{print $4}'
    paulera · 2015-02-13 11:19:31 11
  • Get ElasticSearch configuration and version details

    Replace localhost:9200 with your server location and port. This is the ElasticSearch's default setup for local instances. Show Sample Output


    1
    curl -XGET 'localhost:9200'
    paulera · 2015-01-23 15:01:29 14
  • Maximize active window

    Bind it to a shortcut key, using something like xbindkeys-config (if you do not have xbindkeys: apt-get install xbindkeys xbindkeys-config)


    0
    wmctrl -r :ACTIVE: -b add,maximized_vert; wmctrl -r :ACTIVE: -b add,maximized_horz
    paulera · 2013-04-24 16:59:04 11
  • Minimize active window

    Bind it to some shortcut key, using something like xbindkeys-config (if you do not have xbindkeys: apt-get install xbindkeys xbindkeys-config)


    1
    xdotool windowminimize $(xdotool getactivewindow)
    paulera · 2013-04-24 16:56:08 7

What's this?

commandlinefu.com is the place to record those command-line gems that you return to again and again. That way others can gain from your CLI wisdom and you from theirs too. All commands can be commented on, discussed and voted up or down.

Share Your Commands

Check These Out

Redirect incoming traffic to SSH, from a port of your choosing
Stuck behind a restrictive firewall at work, but really jonesing to putty home to your linux box for some colossal cave? Goodness knows I was...but the firewall at work blocked all outbound connections except for ports 80 and 443. (Those were wide open for outbound connections.) So now I putty over port 443 and have my linux box redirect it to port 22 (the SSH port) before it routes it internally. So, my specific command would be: $iptables -t nat -A PREROUTING -p tcp --dport 443 -j REDIRECT --to-ports 22 Note that I use -A to append this command to the end of the chain. You could replace that with -I to insert it at the beginning (or at a specific rulenum). My linux box is running slackware, with a kernel from circa 2001. Hopefully the mechanics of iptables haven't changed since then. The command is untested under any other distros or less outdated kernels. Of course, the command should be easy enough to adapt to whatever service on your linux box you're trying to reach by changing the numbers (and possibly changing tcp to udp, or whatever). Between putty and psftp, however, I'm good to go for hours of time-killing.

Send pop-up notifications on Gnome
The title is optional. Options: -t: expire time in milliseconds. -u: urgency (low, normal, critical). -i: icon path. On Debian-based systems you may need to install the 'libnotify-bin' package. Useful to advise when a wget download or a simulation ends. Example: $ wget URL ; notify-send "Done"

Block an IP address from connecting to a server
This appends (-A) a new rule to the INPUT chain, which specifies to drop all packets from a source (-s) IP address.

notify brightness level [custom]
Brightness indicator to be used in scripts that adjust brightness [especially sys that doesn't support automatically]

get all Amazon cloud (amazonws etc) ipv6 subnets

Convert epoch date to human readable date format in a log file.

Wait for file to stop changing
This loop will finish if a file hasn't changed in the last 10 seconds. . It checks the file's modification timestamp against the clock. If 10 seconds have elapsed without any change to the file, then the loop ends. . This script will give a false positive if there's a 10 second delay between updates, e.g. due to network congestion . How does it work? 'date +%s' gives the current time in seconds 'stat -c %Y' gives the file's last modification time in seconds '$(( ))' is bash's way of doing maths '[ X -lt 10 ]' tests the result is Less Than 10 otherwise sleep for 1 second and repeat . Note: Clever as this script is, inotify is smarter.

Adhoc tar backup
Creates a quick backup with tar to a remote host over ssh.

Kill all processes that listen to ports begin with 50 (50, 50x, 50xxx,...)
Run netstat as root (via sudo) to get the ID of the process listening on the desired socket. Use awk to 1) match the entry that is the listening socket, 2) matching the exact port (bounded by leading colon and end of column), 3) remove the trailing slash and process name from the last column, and finally 4) use the system(…) command to call kill to terminate the process. Two direct commands, netstat & awk, and one forked call to kill. This does kill the specific port instead of any port that starts with 50. I consider this to be safer.

see the TIME_WAIT and ESTABLISHED nums of the network
see the TIME_WAIT and ESTABLISHED nums of the network

Stay in the loop…

Follow the Tweets.

Every new command is wrapped in a tweet and posted to Twitter. Following the stream is a great way of staying abreast of the latest commands. For the more discerning, there are Twitter accounts for commands that get a minimum of 3 and 10 votes - that way only the great commands get tweeted.

» http://twitter.com/commandlinefu
» http://twitter.com/commandlinefu3
» http://twitter.com/commandlinefu10

Subscribe to the feeds.

Use your favourite RSS aggregator to stay in touch with the latest commands. There are feeds mirroring the 3 Twitter streams as well as for virtually every other subset (users, tags, functions,…):

Subscribe to the feed for: