Commands tagged secure (8)

  • While I love gpg and truecrypt there's some times when you just want to edit a file and not worry about keys or having to deal needing extra software on hand. Thus, you can use vim's encrypted file format. For more info on vim's encrypted files visit: http://www.vim.org/htmldoc/editing.html#encryption Show Sample Output


    88
    vim -x <FILENAME>
    denzuko · 2009-05-05 23:24:17 32
  • (Please see sample output for usage) Use any script name (the read command gets it) and it will be encrypted with the extension .crypt, i.e.: myscript --> myscript.crypt You can execute myscript.crypt only if you know the password. If you die, your script dies with you. If you modify the startup line, be careful with the offset calculation of the crypted block (the XX string). Not difficult to make script editable (an offset-dd piped to a gpg -d piped to a vim - piped to a gpg -c directed to script.new ), but not enough space to do it on a one liner. Sorry for the chmod on parentheses, I dont like "-" at the end. Thanks flatcap for the subshell abbreviation to /dev/null Show Sample Output


    6
    read -p 'Script: ' S && C=$S.crypt H='eval "$((dd if=$0 bs=1 skip=//|gpg -d)2>/dev/null)"; exit;' && gpg -c<$S|cat >$C <(echo $H|sed s://:$(echo "$H"|wc -c):) - <(chmod +x $C)
    rodolfoap · 2013-03-10 08:59:45 14
  • If you have lots of remote hosts sitting "behind" an ssh proxy host, then there is a special-case use of "rsynch" that allows one to easily copy directories and files across the ssh proxy host, without having to do two explicit copies: the '-e' option allows for a replacement "rsh" command. We use this option to specify an "ssh" tunnel command, with the '-A' option that causes authentication agent requests to be forwarded back to the local host. If you have ssh set up correctly, the above command can be done without any passwords being entered.


    5
    rsync -avz -e 'ssh -A sshproxy ssh' srcdir remhost:dest/path/
    totoro · 2009-03-25 21:29:07 11
  • (Please see sample output for usage) script.bash is your script, which will be crypted to script.secure script.bash --> script.secure You can execute script.secure only if you know the password. If you die, your script dies with you. If you modify the startup line, be careful with the offset calculation of the crypted block (the XX string). Not difficult to make script editable (an offset-dd piped to a gpg -d piped to a vim - piped to a gpg -c directed to script.new ), but not enough space to do it on a one liner. Show Sample Output


    5
    echo "eval \"\$(dd if=\$0 bs=1 skip=XX 2>/dev/null|gpg -d 2>/dev/null)\"; exit" > script.secure; sed -i s:XX:$(stat -c%s script.secure): script.secure; gpg -c < script.bash >> script.secure; chmod +x script.secure
    rodolfoap · 2013-03-09 11:16:48 21
  • Copy a URL (or Thai text, or whatever) and hit the keyboard shortcut for this fu to display it as a QR code. It's an "air gapped" way to send stuff to your phone [unlike google chart API etc.] as long as you watch out for cameras ;). dependencies [sudo apt-get install]: qrencode xclip xloadimage


    1
    xclip -o -sel clipboard | qrencode -o - | xview stdin
    thedod · 2013-11-13 03:34:08 14
  • From time to time one forgets either thier gpg key or other passphrases. This can be very problematic in most cases. But luckily there's this script. Its based off of pwsafe which is a unix commandline program that manages encrypted password databases. For more info on pwsafe visit, http://nsd.dyndns.org/pwsafe/. What this script does is it will help you store all your passphrases for later on and allow you to copy it to your clipboard so you can just paste it in, all with one password. Pretty neat no? You can find future releases of this and many more scripts at The Teachings of Master Denzuko - denzuko.wordpress.com. Show Sample Output


    0
    pwsafe -qa "gpg keys"."$(finger `whoami` | grep Name | awk '{ print $4" "$5 }')"
    denzuko · 2009-05-07 14:49:56 4
  • Explination: https://stackoverflow.com/questions/2257441/random-string-generation-with-upper-case-letters-and-digits/23728630#23728630 Why 16 Characters: https://www.wired.com/story/7-steps-to-password-perfection/ Show Sample Output


    -1
    python -c "import string; import random;print(''.join(random.SystemRandom().choice(string.ascii_uppercase + string.digits + string.ascii_lowercase) for _ in range(16)))"
    rootduck · 2019-06-14 17:35:12 41
  • Change :alnum: to :graph: for all printable characters Show Sample Output


    -2
    cat /dev/urandom |tr -c -d '[:alnum:]'|head -c 16;echo
    AndrewM · 2019-06-17 17:51:04 38

What's this?

commandlinefu.com is the place to record those command-line gems that you return to again and again. That way others can gain from your CLI wisdom and you from theirs too. All commands can be commented on, discussed and voted up or down.

Share Your Commands


Check These Out

which program is this port belongs to ?
Sometimes you need to use a port that is already opened by some program , and you don't know who to "kill" for it to release - so, now you do !

generate a telephone keypad
Draw a telephone keyboard, using just a shell built-in command.

See system users

dd if=/dev/null of=/dev/sda
removes all files/filesystems of a harddisk. It removes EVERYTHING of your hard disk. Be carefull when to select a device. It does not prompt for and second check.

see who's using DOM storage a/k/a Web Storage, super cookies
Someone over at Mozilla dot Org probably said, "I know, let's create a super-duper universal replacement for browser cookies that are persistent and even more creepy and then NOT give our browser users the tools they need to monitor, read, block or selectively remove them!" . This will let you see all the DOM object users in all your firefox profiles. Feel free to toss a `| sort -u` on the end to remove dupes. . I highly recommend you treat these as "session cookies" by scripting something that deletes this sqlite database during each firefox start-up. . note: does not do anything for so-called "flash cookies"

Display error pages in report format
This command will return a full list of Error 404 pages in the given access log. The following variables have been given to awk Hostname ($2), ERROR Code ($9), Missing Item ($7), Referrer ($11) You can then send this into a file (>> /path/to/file), which you can open with OpenOffice as a CSV

Create a Multi-Part Archive Without Proprietary Junkware
Leave it to a proprietary software vendor to turn a cheap and easy parlor trick into a selling point. "Hey guys, why don't we turn our _collection of multiple files_ into a *collection of multiple files*!!" Extract the ^above with this: $ cat pics.tar.gz.??? | tar xzv ^extract on any Unix - no need to install junkware! (If you must make proprietary software, at least make it do something *new*) if [ -e windows ]; then use 7-Zip

Hits per hour apache log

Show drive names next to their full serial number (and disk info)
As of this writing, this requires a fairly recent version of util-linux, but is much simpler than the previous alternatives. Basically, lsblk gives a nice, human readable interface to all the blkid stuff. (Of course, I wouldn't recommend this if you're going to be parsing the output.) This command takes all the fun out of the previous nifty pipelines, but I felt I ought to at least mention it as an alternative since it is the most practical.

Trick find -exec option to execute alias
An alias cannot be executed as command in a find -exec line. This form will trick the command line and let you do the job.


Stay in the loop…

Follow the Tweets.

Every new command is wrapped in a tweet and posted to Twitter. Following the stream is a great way of staying abreast of the latest commands. For the more discerning, there are Twitter accounts for commands that get a minimum of 3 and 10 votes - that way only the great commands get tweeted.

» http://twitter.com/commandlinefu
» http://twitter.com/commandlinefu3
» http://twitter.com/commandlinefu10

Subscribe to the feeds.

Use your favourite RSS aggregator to stay in touch with the latest commands. There are feeds mirroring the 3 Twitter streams as well as for virtually every other subset (users, tags, functions,…):

Subscribe to the feed for: