HowTo One Liners: Difference between revisions
Line 76: | Line 76: | ||
* '''[https://posts.specterops.io/fawk-yeah-advanced-sed-and-awk-usage-parsing-for-pentesters-3-e5727e11a8ad Advanced Parsing for Pentesters]''' | * '''[https://posts.specterops.io/fawk-yeah-advanced-sed-and-awk-usage-parsing-for-pentesters-3-e5727e11a8ad Advanced Parsing for Pentesters]''' | ||
* '''[https://www.gnu.org/software/gawk/GNU Gawk Homepage]''' | * '''[https://www.gnu.org/software/gawk/ GNU Gawk Homepage]''' | ||
* '''[https://www.gnu.org/software/gawk/manual/gawk.html The GNU Awk User’s Guide]''' | * '''[https://www.gnu.org/software/gawk/manual/gawk.html The GNU Awk User’s Guide]''' |
Revision as of 12:19, 15 October 2017
Overview
This page provides a quick reference to common One Liner administrative command line operations.
Find The Largest Files Within A File System
This example finds the 10 largest files, descending sorted, using the "/var" top level directory:
[root@vortex wui]# find /var -printf '%s %p\n' | sort -nr | head -10; 29956694633 /var/named/chroot/var/named/data/default_debug.log 182947840 /var/lib/rpm/Packages 134217728 /var/log/journal/597d443ff603490286135ca186ed9c7d/system@f9cb0e593f6c413d8fdfaa88bd1c9f42-00000000000b1d98-0005092323239c17.journal 125829120 /var/log/journal/597d443ff603490286135ca186ed9c7d/system@f9cb0e593f6c413d8fdfaa88bd1c9f42-000000000008eadb-000506c496be90cb.journal 125829120 /var/log/journal/597d443ff603490286135ca186ed9c7d/system@f9cb0e593f6c413d8fdfaa88bd1c9f42-00000000000251f3-0004f57678d900a6.journal 125829120 /var/log/journal/597d443ff603490286135ca186ed9c7d/system@f9cb0e593f6c413d8fdfaa88bd1c9f42-0000000000000001-0004f10922bc1e86.journal 95967232 /var/cache/yum/x86_64/20/fedora/gen/primary_db.sqlite 83886080 /var/log/journal/597d443ff603490286135ca186ed9c7d/system@f9cb0e593f6c413d8fdfaa88bd1c9f42-0000000000077d06-00050460486ab015.journal 75497472 /var/log/journal/597d443ff603490286135ca186ed9c7d/system@f9cb0e593f6c413d8fdfaa88bd1c9f42-000000000004d2bc-0004fbc9efdbc627.journal 64720632 /var/lib/clamav/main.cvd
Remove Incorrect Host Key from ~/.ssh/known_hosts (Delete 1 Line from File)
The sed command can be very useful when you want to remove a specific line from a file. For example, the following command can be used to remove line 12 out of the file: ~/.ssh/known_hosts.
sed -i -e 12d ~/.ssh/known_hosts
This is particularly useful in situations where ssh host keys are expected to change. For example, depending on which micro SD card is loaded on a Beagle Bone Black, it's host key might change. The following demonstrates the output from ssh when it detects this change in the host key (note how it reports the problem line as 54). The sed command is then used to quickly remove the old key.
taco:~ pkb$ ssh salsa-e @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! Someone could be eavesdropping on you right now (man-in-the-middle attack)! It is also possible that a host key has just been changed. The fingerprint for the RSA key sent by the remote host is fb:a7:a9:09:1a:f3:d2:4a:aa:89:9d:34:47:1c:d5:3c. Please contact your system administrator. Add correct host key in /Users/pkb/.ssh/known_hosts to get rid of this message. Offending RSA key in /Users/pkb/.ssh/known_hosts:54 Password authentication is disabled to avoid man-in-the-middle attacks. Keyboard-interactive authentication is disabled to avoid man-in-the-middle attacks. Agent forwarding is disabled to avoid man-in-the-middle attacks. X11 forwarding is disabled to avoid man-in-the-middle attacks. Debian GNU/Linux 7 BeagleBoard.org Debian Image 2015-03-01 Support/FAQ: http://elinux.org/Beagleboard:BeagleBoneBlack_Debian default username:password is [debian:temppwd] Permission denied (publickey,password). (reverse-i-search)`se': cd release/ taco:~ pkb$ sed -i -e 54d ~/.ssh/known_hosts taco:~ pkb$
Find File Differences in Two Directories
This one is handy when you have two directories (DIRA and DIRB) with a similar set of files and you want to determine if any of the files in DIRB are different than the files in DIRA. As an example, if you are looking for differences in your CSS files under the css directory (DIRA) with the css files in the 1.1.7 release found at ../1.1.7/css (DIRB).
[root@rice 1.1.4]# find css -type f | wc -l 4 [root@rice 1.1.4]# find css -type f | while read src; do cmp ${src} ../1.1.7/${src}; done css/site.css ../1.1.7/css/site.css differ: byte 31, line 3 [root@rice 1.1.4]#