book

bash Cookbook, 2nd Edition

by Carl Albing, JP Vossen

October 2017

Beginner to intermediate

723 pages

15h 31m

English

O'Reilly Media, Inc.

Read now

Unlock full access

Preface
Who Should Read This BookAbout This BookConventions Used in This BookUsing Code ExamplesO’Reilly SafariWe’d Like to Hear from YouAcknowledgments
Beginning bash
1.1. Why bash?1.2. The bash Shell1.3. Decoding the Prompt1.4. Showing Where You Are1.5. Finding and Running Commands1.6. Getting Information About Files1.7. Showing All Hidden (Dot) Files in the Current Directory1.8. Using Shell Quoting1.9. Using or Replacing Builtins and External Commands1.10. Determining if You Are Running Interactively1.11. Setting bash as Your Default Shell1.12. Keeping bash Updated1.13. Getting bash for Linux1.14. Getting bash for xBSD1.15. Getting bash for macOS1.16. Getting bash for Unix1.17. Getting bash for Windows1.18. Getting bash Without Getting bash1.19. Learning More About bash Documentation
Standard Output
2.1. Writing Output to the Terminal/Window2.2. Writing Output but Preserving Spacing2.3. Writing Output with More Formatting Control2.4. Writing Output Without the Newline2.5. Saving Output from a Command2.6. Saving Output to Other Files2.7. Saving Output from the ls Command2.8. Sending Output and Error Messages to Different Files2.9. Sending Output and Error Messages to the Same File2.10. Appending Rather than Clobbering Output2.11. Using Just the Beginning or End of a File2.12. Skipping a Header in a File2.13. Throwing Output Away2.14. Saving or Grouping Output from Several Commands2.15. Connecting Two Programs by Using Output as Input2.16. Saving a Copy of Output Even While Using It as Input2.17. Connecting Two Programs by Using Output as Arguments2.18. Using Multiple Redirects on One Line2.19. Saving Output When Redirect Doesn’t Seem to Work2.20. Swapping STDERR and STDOUT2.21. Keeping Files Safe from Accidental Overwriting2.22. Clobbering a File on Purpose
Standard Input
3.1. Getting Input from a File3.2. Keeping Your Data with Your Script3.3. Preventing Weird Behavior in a Here-Document3.4. Indenting Here-Documents3.5. Getting User Input3.6. Getting Yes or No Input3.7. Selecting from a List of Options3.8. Prompting for a Password
Executing Commands
4.1. Running Any Executable4.2. Running Several Commands in Sequence4.3. Running Several Commands All at Once4.4. Telling Whether a Command Succeeded or Not4.5. Running a Command Only if Another Command Succeeded4.6. Using Fewer if Statements4.7. Running Long Jobs Unattended4.8. Displaying Error Messages When Failures Occur4.9. Running Commands from a Variable4.10. Running All Scripts in a Directory
Basic Scripting: Shell Variables
5.1. Documenting Your Script5.2. Embedding Documentation in Shell Scripts5.3. Promoting Script Readability5.4. Separating Variable Names from Surrounding Text5.5. Exporting Variables5.6. Seeing All Variable Values5.7. Using Parameters in a Shell Script5.8. Looping Over Arguments Passed to a Script5.9. Handling Parameters with Spaces5.10. Handling Lists of Parameters with Spaces5.11. Counting Arguments5.12. Consuming Arguments5.13. Getting Default Values5.14. Setting Default Values5.15. Using null as a Valid Default Value5.16. Using More than Just a Constant String for Default5.17. Giving an Error Message for Unset Parameters5.18. Changing Pieces of a String5.19. Getting the Absolute Value of a Number5.20. Using bash for basename5.21. Using bash for dirname5.22. Using Alternate Values for Comma Separated Values5.23. Using Array Variables5.24. Converting Between Upper- and Lowercase5.25. Converting to Camel Case
Shell Logic and Arithmetic
6.1. Doing Arithmetic in Your Shell Script6.2. Branching on Conditions6.3. Testing for File Characteristics6.4. Testing for More than One Thing6.5. Testing for String Characteristics6.6. Testing for Equality6.7. Testing with Pattern Matches6.8. Testing with Regular Expressions6.9. Changing Behavior with Redirections6.10. Looping for a While6.11. Looping with a read6.12. Looping with a Count6.13. Looping with Floating-Point Values6.14. Branching Many Ways6.15. Parsing Command-Line Arguments6.16. Creating Simple Menus6.17. Changing the Prompt on Simple Menus6.18. Creating a Simple RPN Calculator6.19. Creating a Command-Line Calculator
Intermediate Shell Tools I
7.1. Sifting Through Files for a String7.2. Getting Just the Filename from a Search7.3. Getting a Simple True/False from a Search7.4. Searching for Text While Ignoring Case7.5. Doing a Search in a Pipeline7.6. Paring Down What the Search Finds7.7. Searching with More Complex Patterns7.8. Searching for an SSN7.9. Grepping Compressed Files7.10. Keeping Some Output, Discarding the Rest7.11. Keeping Only a Portion of a Line of Output7.12. Reversing the Words on Each Line7.13. Summing a List of Numbers7.14. Counting String Values with awk7.15. Counting String Values with bash7.16. Showing Data as a Quick and Easy Histogram7.17. An Easy Histogram with bash7.18. Showing a Paragraph of Text After a Found Phrase
Intermediate Shell Tools II
8.1. Sorting Your Output8.2. Sorting Numbers8.3. Sorting IP Addresses8.4. Cutting Out Parts of Your Output8.5. Removing Duplicate Lines8.6. Compressing Files8.7. Uncompressing Files8.8. Checking a tar Archive for Unique Directories8.9. Translating Characters8.10. Converting Uppercase to Lowercase8.11. Converting DOS Files to Linux Format8.12. Removing Smart Quotes8.13. Counting Lines, Words, or Characters in a File8.14. Rewrapping Paragraphs8.15. Doing More with less
Finding Files: find, locate, slocate
9.1. Finding All Your MP3 Files9.2. Handling Filenames Containing Odd Characters9.3. Speeding Up Operations on Found Files9.4. Finding Files Across Symbolic Links9.5. Finding Files Irrespective of Case9.6. Finding Files by Date9.7. Finding Files by Type9.8. Finding Files by Size9.9. Finding Files by Content9.10. Finding Existing Files and Content Fast9.11. Finding a File Using a List of Possible Locations

Additional Features for Scripting
10.1. “Daemon-izing” Your Script10.2. Reusing Code with Includes and Sourcing10.3. Using Configuration Files in a Script10.4. Defining Functions10.5. Using Functions: Parameters and Return Values10.6. Trapping Interrupts10.7. Redefining Commands with alias10.8. Avoiding Aliases and Functions10.9. Counting Elapsed Time10.10. Writing Wrappers
Working with Dates and Times
11.1. Formatting Dates for Display11.2. Supplying a Default Date11.3. Automating Date Ranges11.4. Converting Dates and Times to Epoch Seconds11.5. Converting Epoch Seconds to Dates and Times11.6. Getting Yesterday or Tomorrow with Perl11.7. Figuring Out Date and Time Arithmetic11.8. Handling Time Zones, Daylight Saving Time, and Leap Years11.9. Using date and cron to Run a Script on the Nth Day11.10. Logging with Dates
End-User Tasks as Shell Scripts
12.1. Starting Simple by Printing Dashes12.2. Viewing Photos in an Album12.3. Loading Your MP3 Player12.4. Burning a CD12.5. Comparing Two Documents
Parsing and Similar Tasks
13.1. Parsing Arguments for Your Shell Script13.2. Parsing Arguments with Your Own Error Messages13.3. Parsing Some HTML13.4. Parsing Output into an Array13.5. Parsing Output with a Function Call13.6. Parsing Text with a read Statement13.7. Parsing with read into an Array13.8. Reading an Entire File13.9. Getting Your Plurals Right13.10. Taking It One Character at a Time13.11. Cleaning Up an SVN Source Tree13.12. Setting Up a Database with MySQL13.13. Isolating Specific Fields in Data13.14. Updating Specific Fields in Datafiles13.15. Trimming Whitespace13.16. Compressing Whitespace13.17. Processing Fixed-Length Records13.18. Processing Files with No Line Breaks13.19. Converting a Datafile to CSV13.20. Parsing a CSV Datafile
Writing Secure Shell Scripts
14.1. Avoiding Common Security Problems14.2. Avoiding Interpreter Spoofing14.3. Setting a Secure $PATH14.4. Clearing All Aliases14.5. Clearing the Command Hash14.6. Preventing Core Dumps14.7. Setting a Secure $IFS14.8. Setting a Secure umask14.9. Finding World-Writable Directories in Your $PATH14.10. Adding the Current Directory to the $PATH14.11. Using Secure Temporary Files14.12. Validating Input14.13. Setting Permissions14.14. Leaking Passwords into the Process List14.15. Writing setuid or setgid Scripts14.16. Restricting Guest Users14.17. Using chroot Jails14.18. Running as a Non-root User14.19. Using sudo More Securely14.20. Using Passwords in Scripts14.21. Using SSH Without a Password14.22. Restricting SSH Commands14.23. Disconnecting Inactive Sessions
Advanced Scripting
15.1. Finding bash Portably for #!15.2. Setting a POSIX $PATH15.3. Developing Portable Shell Scripts15.4. Testing Scripts Using Virtual Machines15.5. Using for Loops Portably15.6. Using echo Portably15.7. Splitting Output Only When Necessary15.8. Viewing Output in Hex15.9. Using bash Net-Redirection15.10. Finding My IP Address15.11. Getting Input from Another Machine15.12. Redirecting Output for the Life of a Script15.13. Working Around “Argument list too long” Errors15.14. Logging to syslog from Your Script15.15. Using logger Correctly15.16. Sending Email from Your Script15.17. Automating a Process Using Phases15.18. Doing Two Things at Once15.19. Running an SSH command on multiple hosts
Configuring and Customizing bash
16.1. bash Startup Options16.2. Customizing Your Prompt16.3. A Prompt Before Your Program Runs16.4. Changing Your $PATH Permanently16.5. Changing Your $PATH Temporarily16.6. Setting Your $CDPATH16.7. When Programs Are Not Found16.8. Shortening or Changing Command Names16.9. Adjusting Shell Behavior and Environment16.10. Adjusting readline Behavior Using .inputrc16.11. Keeping a Private Stash of Utilities by Adding ~/bin16.12. Using Secondary Prompts: $PS2, $PS3, $PS416.13. Synchronizing Shell History Between Sessions16.14. Setting Shell History Options16.15. Creating a Better cd Command16.16. Creating and Changing Into a New Directory in One Step16.17. Getting to the Bottom of Things16.18. Adding New Features to bash Using Loadable Builtins16.19. Improving Programmable Completion16.20. Using Initialization Files Correctly16.21. Creating Self-Contained, Portable rc Files16.22. Getting Started with a Custom Configuration
Housekeeping and Administrative Tasks
17.1. Renaming Many Files17.2. Using GNU Texinfo and info on Linux17.3. Unzipping Many ZIP Files17.4. Recovering Disconnected Sessions Using screen17.5. Sharing a Single bash Session17.6. Logging an Entire Session or Batch Job17.7. Clearing the Screen When You Log Out17.8. Capturing File Metadata for Recovery17.9. Creating an Index of Many Files17.10. Using diff and patch17.11. Counting Differences in Files17.12. Removing or Renaming Files Named with Special Characters17.13. Prepending Data to a File17.14. Editing a File in Place17.15. Using sudo on a Group of Commands17.16. Finding Lines That Appear in One File but Not in Another17.17. Keeping the Most Recent N Objects17.18. Writing to a Circular Log17.19. Circular Backups17.20. Grepping ps Output Without Also Getting the grep Process Itself17.21. Finding Out Whether a Process Is Running17.22. Adding a Prefix or Suffix to Output17.23. Numbering Lines17.24. Writing Sequences17.25. Emulating the DOS Pause Command17.26. Commifying Numbers
Working Faster by Typing Less
18.1. Moving Quickly Among Arbitrary Directories18.2. Repeating the Last Command18.3. Running Almost the Same Command18.4. Quick Substitution18.5. Reusing Arguments18.6. Finishing Names for You18.7. Playing It Safe18.8. Big Changes, More Lines
Tips and Traps: Common Goofs for Novices
19.1. Forgetting to Set Execute Permissions19.2. Fixing “No such file or directory” Errors19.3. Forgetting That the Current Directory Is Not in the $PATH19.4. Naming Your Script “test”19.5. Expecting to Change Exported Variables19.6. Forgetting Quotes Leads to “command not found” on Assignments19.7. Forgetting that Pattern Matching Alphabetizes19.8. Forgetting that Pipelines Make Subshells19.9. Making Your Terminal Sane Again19.10. Deleting Files Using an Empty Variable19.11. Seeing Odd Behavior from printf19.12. Testing bash Script Syntax19.13. Debugging Scripts19.14. Avoiding “command not found” When Using Functions19.15. Confusing Shell Wildcards and Regular Expressions
Reference Lists
bash InvocationPrompt String CustomizationsANSI Color Escape SequencesBuiltin Commandsbash Reserved WordsBuiltin Shell Variablesset Optionsshopt OptionsTest OperatorsI/O Redirectionecho Options and Escape SequencesprintfDate and Time String Formatting with strftimePattern-Matching Charactersextglob Extended Pattern-Matching Operatorstr Escape Sequencesreadline Init File SyntaxTable of ASCII Values
Examples Included with bash
bash Documentation and Examples
Command-Line Processing
Command-Line Processing Steps
Revision Control
GitBazaarMercurialSubversionMeldetckeeperOther
Building bash from Source
Obtaining bashUnpacking the ArchiveWhat’s in the ArchiveWho Do I Turn To?
Index

Content preview from bash Cookbook, 2nd Edition

Chapter 14. Writing Secure Shell Scripts

Writing secure shell scripts?! How can shell scripts be secure when you can read the source code?

Any system that depends on concealing implementation details is attempting to use security by obscurity, and that is no security at all. Just ask the major software manufacturers whose source code is a closely guarded trade secret, yet whose products are incessantly vulnerable to exploits written by people who have never seen that source code. Contrast that with the code from OpenSSH and OpenBSD, which is totally open, yet very secure.

Security by obscurity will never work for long, though some forms of it can be a useful additional layer of security. For example, having daemons assigned to listen on nonstandard port numbers will keep a lot of the so-called script-kiddies away. But security by obscurity must never be the only layer of security because sooner or later, someone is going to discover whatever you’ve hidden.

As Bruce Schneier says, security is a process. It’s not a product, object, or technique, and it is never finished. As technology, networks, attacks and defenses evolve, so must your security process. So what does it mean to write secure shell scripts?

Secure shell scripts will reliably do what they are supposed to do, and only what they are supposed to do. They won’t lend themselves to being exploited to gain root access, they won’t accidentally rm -rf /, and they won’t leak information, such as passwords. They will be robust, ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Publisher Resources

ISBN: 9781491975329Errata Page

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills

bash Cookbook, 2nd Edition

by Carl Albing, JP Vossen

Chapter 14. Writing Secure Shell Scripts

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.