HowTo One Liners

From NST Wiki
Revision as of 10:01, 11 February 2020 by Rwh (talk | contribs) (Serial Over TCP/IP)
Jump to navigationJump to search


This page provides a quick reference to common One Liner administrative command line operations.

One Liner Resources

Get Syntax Color In Less

The NST includes the source-highlight package which can "smartly" apply color to a wide variety of file formats. You can set some less environment variables to make use of the source-hightlight package to color code files in your terminal with the following settings:

export LESSOPEN="| source-highlight --out-format=esc -o STDOUT -i %s 2>/dev/null"; export LESS=" -R "

Then try something like:

less /usr/share/nstwui/apps/arp-scan/arp-scan.js
less /usr/bin/

Unfortunately, source-highlight only works by filename extensions (it won't try to guess the input format based on the contents of the file).

Find The Largest Files Within A File System

This example finds the 10 largest files, descending sorted, using the "/var" top level directory:

[root@vortex wui]# find /var -printf '%s %p\n' | sort -nr | head -10;
29956694633 /var/named/chroot/var/named/data/default_debug.log
182947840 /var/lib/rpm/Packages
134217728 /var/log/journal/597d443ff603490286135ca186ed9c7d/system@f9cb0e593f6c413d8fdfaa88bd1c9f42-00000000000b1d98-0005092323239c17.journal
125829120 /var/log/journal/597d443ff603490286135ca186ed9c7d/system@f9cb0e593f6c413d8fdfaa88bd1c9f42-000000000008eadb-000506c496be90cb.journal
125829120 /var/log/journal/597d443ff603490286135ca186ed9c7d/system@f9cb0e593f6c413d8fdfaa88bd1c9f42-00000000000251f3-0004f57678d900a6.journal
125829120 /var/log/journal/597d443ff603490286135ca186ed9c7d/system@f9cb0e593f6c413d8fdfaa88bd1c9f42-0000000000000001-0004f10922bc1e86.journal
95967232 /var/cache/yum/x86_64/20/fedora/gen/primary_db.sqlite
83886080 /var/log/journal/597d443ff603490286135ca186ed9c7d/system@f9cb0e593f6c413d8fdfaa88bd1c9f42-0000000000077d06-00050460486ab015.journal
75497472 /var/log/journal/597d443ff603490286135ca186ed9c7d/system@f9cb0e593f6c413d8fdfaa88bd1c9f42-000000000004d2bc-0004fbc9efdbc627.journal
64720632 /var/lib/clamav/main.cvd

Use SSH To Login On Remote System Using A Different New Shell

The command below demonstrates how to login on to a remote system using a different shell (i.e., /bin/ash):

imac2012:~ rwhalb$ ssh -t root@ /bin/ash
root@'s password: 
Warning: untrusted X11 forwarding setup failed: xauth key data not generated

BusyBox v1.30.1 () built-in shell (ash)

~ # exit
Connection to closed.
imac2012:~ rwhalb$

Remove Incorrect Host Key from ~/.ssh/known_hosts (Delete 1 Line from File)

The sed command can be very useful when you want to remove a specific line from a file. For example, the following command can be used to remove line 12 out of the file: ~/.ssh/known_hosts.

 sed -i -e 12d ~/.ssh/known_hosts

Alternatively, you can add a rmsshhost function to your ~/.bash_profile:

 rmsshhost() {
   sed -i -e ${1:-999999999}d ${2:-~/.ssh/known_hosts};

This is particularly useful in situations where ssh host keys are expected to change. For example, depending on which micro SD card is loaded on a Beagle Bone Black, it's host key might change. The following demonstrates the output from ssh when it detects this change in the host key (note how it reports the problem line as 54). The sed command is then used to quickly remove the old key.

taco:~ pkb$ ssh salsa-e
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
Please contact your system administrator.
Add correct host key in /Users/pkb/.ssh/known_hosts to get rid of this message.
Offending RSA key in /Users/pkb/.ssh/known_hosts:54
Password authentication is disabled to avoid man-in-the-middle attacks.
Keyboard-interactive authentication is disabled to avoid man-in-the-middle attacks.
Agent forwarding is disabled to avoid man-in-the-middle attacks.
X11 forwarding is disabled to avoid man-in-the-middle attacks.
Debian GNU/Linux 7 Debian Image 2015-03-01


default username:password is [debian:temppwd]

Permission denied (publickey,password).
(reverse-i-search)`se': cd release/
taco:~ pkb$ sed -i -e 54d ~/.ssh/known_hosts
taco:~ pkb$

Or, if using the rmsshhost function, you can remove line 54 using the following command:

rmsshhost 54

Find File Differences in Two Directories

This one is handy when you have two directories (DIRA and DIRB) with a similar set of files and you want to determine if any of the files in DIRB are different than the files in DIRA. As an example, if you are looking for differences in your CSS files under the css directory (DIRA) with the css files in the 1.1.7 release found at ../1.1.7/css (DIRB).

[root@rice 1.1.4]# find css -type f | wc -l 
[root@rice 1.1.4]# find css -type f | while read src; do cmp ${src} ../1.1.7/${src}; done
css/site.css ../1.1.7/css/site.css differ: byte 31, line 3
[root@rice 1.1.4]#

Modifying An ISO Image for Booting

The example below mounts an iso image and copies both the "EFI" and "isolinux" directories to a Read / Write directory: "/DATA/nstboot/" for the purpose of modifying isolinux and EFI booting:

[root@shopper2 iso]# mount -o loop ./nst-30-11210.x86_64.iso /mnt/iso/;
[root@shopper2 iso]# cd /DATA/nstboot/;
[root@shopper2 iso]# cp -aR /mnt/iso/EFI .
[root@shopper2 iso]# cp -aR /mnt/iso/isolinux .
[root@shopper2 iso]# ls -al /DATA/nstboot/
total 16
drwxr-xr-x 4 root root 4096 Jan  3 09:14 .
drwxr-xr-x 9 root root 4096 Jan  3 09:08 ..
dr-xr-xr-x 3 root root 4096 Jul 16 09:10 EFI
dr-xr-xr-x 2 root root 4096 Jul 16 09:10 isolinux
[root@shopper2 iso]#
[root@shopper2 iso]# umount /mnt/iso;
[root@shopper2 iso]#

After making modifications, the following mkisofs command can be used to rebuild the ISO boot image for testing.

[root@shopper2 iso]# mkisofs -o /DATA/iso/nstboot.iso -b isolinux/isolinux.bin -J -R -l -c isolinux/ -no-emul-boot -boot-load-size 4 -boot-info-table -eltorito-alt-boot -e isolinux/efiboot.img -no-emul-boot -graft-points -V "NST30-BOOT" /DATA/nstboot/;
[root@shopper2 iso]#
[root@shopper2 iso]# ls -al /DATA/iso/nstboot.iso;
-rw-r--r-- 1 root root 110659584 Jan  3 09:17 /DATA/iso/nstboot.iso
[root@shopper2 iso]#

Ncat One Liners


Ncat is a similar tool to netcat provided by Nmap suite. Ncat features includes: ability to chain Ncats together, redirect both TCP and UDP ports to other sites, SSL support, and proxy connections via SOCKS4 or HTTP (CONNECT method) proxies (with optional proxy authentication as well).

Ncat always operates in one of two basic modes: connect mode and listen mode. In connect mode, Ncat initiates a connection (or sends UDP data) to a service that is listening somewhere. For those familiar with socket programming, connect mode is like using the connect function. In listen mode, Ncat waits for an incoming connection (or data receipt), like using the bind and listen functions. You can think of connect mode as “client” mode and listen mode as “server” mode.

To use Ncat in connect mode, run

ncat <host> [<port>]

<host> may be a hostname or IP address, and <port> is a port number. Listen mode is the same, with the addition of the --listen option (or its -l alias):

ncat --listen [<host>] [<port>] ncat -l [<host>] [<port>]

In listen mode, <host> controls the address on which Ncat listens; if you omit it, Ncat will bind to all local interfaces (INADDR_ANY). If the port number is omitted, Ncat uses its default port 31337. Typically only privileged (root) users may bind to a port number lower than 1024. A listening TCP server normally accepts only one connection and will exit after the client disconnects. Combined with the --keep-open option, Ncat accepts multiple concurrent connections up to the connection limit. With --keep-open (or -k for short), the server receives everything sent by any of its clients, and anything the server sends is sent to all of them. A UDP server will communicate with only one client (the first one to send it data), because in UDP there is no list of “connected” clients.

See the Ncat Basic Users' Guide for a detailed infomation.

By default, Ncat uses TCP. The option --udp or -u enables UDP instead, and --sctp enables SCTP. Ncat listens on both IPv4 and IPv6, and connects to either address family as well. The -6 option forces IPv6-only, and -4 forces IPv4-only. For a quick summary of options at any time, run ncat --help or man ncat.

Ncat As a Web Browser

After the connection type in "GET / HTTP/1.0" followed by two(2) enter key strokes.

[root@ ~]# ncat -C 80
GET / HTTP/1.0

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Mon, 10 Feb 2020 13:44:37 GMT
Content-Type: text/html
Content-Length: 178
Connection: close

<head><title>301 Moved Permanently</title></head>
<body bgcolor="white">
<center><h1>301 Moved Permanently</h1></center>

SMTP Connection

After the connection type in SMTP command (helo <domain>): "helo" followed by one(1) enter key stroke.

[root@ tmp]# ncat -C 587
220 ESMTP ready
250 Hello [])
[root@ tmp]#

Command Execution

Run a command with --exec using TCP/IP port: 30000.

Server Side:

[root@ ~]# ncat -l -k -p 30000 --exec "/bin/echo Hello."

Client Side:

[root@ ~]# netstat -tunap | grep ncat
tcp        0      0 *               LISTEN      6076/ncat           
tcp6       0      0 :::30000                :::*                    LISTEN      6076/ncat
[root@ ~]# ncat 30000
[root@ ~]#

Serial Over TCP/IP

In this example we will used a GPS serial stream (4800 Baud) connected to USB-to-Serial adapter: "/dev/ttyUSB1" on host: "" and use ncat to establish a TCP/IP listening socket on port: "22222". On host: "" we will connect via TCP/IP to this service on host: "".

On host: ""

  • First set the serial baud rate and any special settings for the USB-to-Serial device: "/dev/ttyUSB1" using the "stty" utility:
[root@ ~]# stty -F /dev/ttyUSB1 4800 raw;
  • Next establish the TCP/IP GPS service on port: "22222" via ncat:
[root@ ~]# ncat -l 22222 > /dev/ttyUSB1 < /dev/ttyUSB1;

On host: ""

  • Connect to the TCP/IP GPS service on host: "" using ncat:
[root@ ~]# ncat 22222;
[root@ ~]#

Tunneling UDP Traffic Through An SSH Connection

See article: Tunnelling_UDP_Traffic_Through_An_SSH_Connection