Contact our honeypot department if you are desperate to get blacklisted.

Tuesday, March 22, 2011

Handy BASH one-liners

Please excuse the mess:

  • remove blanks and comments: egrep -v "#|^$" filename
  • for f in *.dist; do cp $f `basename $f .dist`; done
  • tcpdump -c 20 -i br0.52 'tcp port 3389 and host 216.177.x.x'
  • tcpdump -n host 192.168.5.9 and port 53 -c 10
  • ls /backup/*`date -d '-3 day' + '%G-%m-%d'
  • find -type f -print0 | xargs -0 grep -liwZ "search_string" | xargs -0 rm -f
  • arp -n |tail +2 | awk '{printf "arp -d %s\n",$1}'|sh
  • recursive FTP mget: wget -r -nH ftp://ftp.remotehost.example.com
  • iptables -t nat -I POSTROUTING 8 -s 192.168.112.0/255.255.255.0 -o eth0 -j SNAT --to-source 10.10.224.6
  • iptables -L -n -t nat --line-numbers
  • feed XARGS variables for more complex statements : grep -o -e '[0-9]*\.[0-9]*\.[0-9]*\.[0-9]*' /var/log/maillog| sort | uniq | sort -nr | xargs -I '{}' grep '{}' /var/log/fail2ban.log
  • grep 'cat\|dog' ## find file matches lines containing the word "cat" or the word "dog"
  • find top email addresses in logs: tail -n 10000 /var/log/maillog | grep 'postfix\/smtp' | grep from= | awk '/from=/{for (i=1;i<=NF;i++) {if ( $i ~ /[[:alpha:]]@[[:alpha:]]/ ) {print tolower($i)}}}' | sed -n 's/from\=//p' | sort | uniq -c | sort -nr
  • awk '{print $2 ":" (strftime("%D-%T", $2)) " " $4}'
  • awk '{print substr($1,4),"@",$2,$3}' ./times.txt
  • awk -F, '{if ($5 > 0 || $13=1) print $(NF-1)}' ## if fifth field is >0 OR thirteenth field equal to 1 then print second-to-last field
  • awk '/Monday/{print substr($1,4),"@",$2,$3}' ./times.txt
  • find /home/ -name '.snapshot' -prune -o -name '\*' -type d -fprintf ./fprint.txt '%U\t%G\t%p\n'
  • find . -name nopo\* #finds files in current directory that begin in "nopo"
  • find files modified w/in the last 24 hours but skip the rra directory or any file containing rra in the name: find ./ -name 'rra' -prune -o -mtime 0 -ls
  • find /data/backup/ -mtime +10 -and -name tccu-server-\*.tar.gz\* -exec rm {} ;
  • find . -path './mail/\*' -prune -o -mtime +120 -ls
  • find /var/log/ -name maillog* | xargs ls -tr | xargs zgrep -h mydomainname
  • postqueue -p |grep -P '^[0-9A-F]+' | sed 's/*//g' | awk '{print $1}' | postsuper -d -
Posted by Unknown at 2:48 PM
Labels: , , ,
Subscribe to: Posts (Atom)