Re: [DNG] bash / quote weirdness
Hendrik Boom said on Thu, 13 Jan 2022 18:15:28 -0500 >On Thu, Jan 13, 2022 at 12:45:09PM -0500, . via Dng wrote: > >> >> The shell receives a series of tokens, and tries to interpret the >> first one as a command. In the double-quoted attempt above, it gets >> two tokens before the first pipe | --- >> >> 1) "cat -n" >> >> 2) /etc/fstab >> >> Of course, the system has no command named "cat -n". (And only a >> chaotic evil person would use a space in a command's name.) >> Something like "cat" "-n" /etc/fstab > >Maybe to keep anyone from executing a potentially danterous command by >mistake? Yeah, that too. SteveT Steve Litt Spring 2021 featured book: Troubleshooting Techniques of the Successful Technologist http://www.troubleshooters.com/techniques ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] bash / quote weirdness
. via Dng said on Thu, 13 Jan 2022 12:45:09 -0500 >The shell receives a series of tokens, and tries to interpret the >first one as a command. In the double-quoted attempt above, it gets >two tokens before the first pipe | --- > > 1) "cat -n" > > 2) /etc/fstab > >Of course, the system has no command named "cat -n". (And only a >chaotic evil person would use a space in a command's name.) Something >like > "cat" "-n" /etc/fstab > >would work fine, the shell now sees three tokens (and the double >quotes are completely unnecessary here), and the first is recognized >as a command that's on the executable path. > >The same goes for "cat /etc/fstab" or "cat fstab", they're both just >text strings that happen to include a space character. ^^ dng is correct! SteveT Steve Litt Spring 2021 featured book: Troubleshooting Techniques of the Successful Technologist http://www.troubleshooters.com/techniques ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] bash / quote weirdness
Benjamin Riefenstahl said on Thu, 13 Jan 2022 18:19:23 +0100 >Hi Steve, > >Steve Litt writes: >> [slitt@mydesk ~]$ "cat -n" /etc/fstab | cut -b 1-20 | head -n5 >> bash: cat -n: command not found >> [slitt@mydesk ~]$ "cat -n /etc/fstab" | cut -b 1-20 | head -n5 >> bash: cat -n /etc/fstab: No such file or directory >> [slitt@mydesk ~]$ > >Different code paths within Bash. When there is a "/" in the command >name, that is a file that has to exist by that exact name (the file >name can be relative, though). When there is no "/", then and only >then the command is searched along $PATH, and if it is not found >there, the error message is different from the other case. This is true, but not the explanation for this particular behavior, as follows: [slitt@mydesk ~]$ /usr/bin/cat -n /etc/fstab | cut -b 1-20 | head -n5 1 UUID=730eaf92 2 UUID=41abb5fd 3 UUID=96cfdfb3 4 UUID=6F66-BF7 5 tmpfs /tmp tm [slitt@mydesk ~]$ "/usr/bin/cat -n" /etc/fstab | cut -b 1-20 | head -n5 bash: /usr/bin/cat -n: No such file or directory [slitt@mydesk ~]$ "/usr/bin/cat -n /etc/fstab" | cut -b 1-20 | head -n5 bash: /usr/bin/cat -n /etc/fstab: No such file or directory [slitt@mydesk ~]$ SteveT Steve Litt Spring 2021 featured book: Troubleshooting Techniques of the Successful Technologist http://www.troubleshooters.com/techniques ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] bash / quote weirdness
On Friday 14 January 2022 at 00:15:28, Hendrik Boom wrote: > On Thu, Jan 13, 2022 at 12:45:09PM -0500, . via Dng wrote: > > The shell receives a series of tokens, and tries to interpret the first > > one as a command. In the double-quoted attempt above, it gets two > > tokens before the first pipe | --- > > > > 1) "cat -n" > > > > 2) /etc/fstab > > > > Of course, the system has no command named "cat -n". (And only a chaotic > > evil person would use a space in a command's name.) Something like > > "cat" "-n" /etc/fstab > > Maybe to keep anyone from executing a potentially dangerous command by > mistake? That doesn't sound like the standard *nix approach to me. Antony. -- "There is no reason for any individual to have a computer in their home." - Ken Olsen, President of Digital Equipment Corporation (DEC, later consumed by Compaq, later merged with HP) Please reply to the list; please *don't* CC me. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] bash / quote weirdness
On Thu, Jan 13, 2022 at 12:45:09PM -0500, . via Dng wrote: > > The shell receives a series of tokens, and tries to interpret the first one > as a command. In the double-quoted attempt above, it gets two tokens before > the first pipe | --- > > 1) "cat -n" > > 2) /etc/fstab > > Of course, the system has no command named "cat -n". (And only a chaotic > evil person would use a space in a command's name.) Something like > "cat" "-n" /etc/fstab Maybe to keep anyone from executing a potentially danterous command by mistake? -- hendrik > would work fine, the shell now sees three tokens (and the double quotes are > completely unnecessary here), and the first is recognized as a command > that's on the executable path. > > The same goes for "cat /etc/fstab" or "cat fstab", they're both just text > strings that happen to include a space character. > > > ___ > Dng mailing list > Dng@lists.dyne.org > https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] [OT] bash / quote weirdness
On Thu, Jan 13, 2022 at 06:38:56PM +, Simon wrote: > Steve Litt wrote: > > > This is one reason why, in shellscripts, you > > need to quote almost all variables: So they act correctly with the > > space laden filenames that windows dwoobydogs just love to create. > > Not just Windows users. I regularly use spaces in file names. > > There’s an argument that computers should be tools, not slavemasters. > I’m sure you’ll remember going back a few decades how interacting with > computers meant that the human had to learn how to deal with the computer’s > way of doing things. So, for example, typically when writing a document you > had an edit mode from which you couldn’t print, and a print mode (menu) from > which you couldn’t edit - you could not simply write you document and when > ready just tell the computer to print it. > > I recall a lot of resistance when Apple brought out the Mac and suddenly > programmers had to learn how to write programs that did what the user wanted > - when the user wanted. Sounds good. But for the first two years the Mac was out, programmers couldn't use it to write programs. To program it you had to use a much moe expensive machine, and Apple Lisa. Not what I, a potential user, wanter. After two years, somewone marketed a Pascal interpreter -- not even a compiler. -- hendrik >So, for example, open an editor, write your document, and whenever you want - >hit Cmd-P (or choose Print from the File menu) and it gets printed, right >there from inside your “edit mode”. > And now most people stuff like that for granted. rings have shifted from the > user doing the work to make the computer side easy to the user expecting the > computer side to do the work - after all, isn’t the purpose of computer to do > “stuff” for us ? > > Similarly with file names. Once upon a time the human had to adapt to what > the computer supported - such as fitting your entire file name into 8 > characters. Now the computer (mostly) supports what is natural for a human - > and that includes using spaces in their writing. > After_all_it_does_seem_a_bit_un-natural_not_being_allowed_to_use_spaces_in_your_writing_-_it_would_make_a_hard_to_read_book_! > > > > Another OT anecdote. This talk of spaces and quoting reminds me of an issue I > had to deal with a couple of work hats ago. I had some users who would > struggle sometimes to log into their terminals on the SCO OpenServer system. > When I watched them carefully, I’d see them mistyping either their username > or password, so for example assume their username is “username”, they might > mistype it thus : “usermname” rather than “usermname”. > Because it looked OK on the screen, it was hard to persuade them that what > the system saw them type was “usermname” and not the “username” > they could clearly see on the screen. > > > Simon > > ___ > Dng mailing list > Dng@lists.dyne.org > https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] [OT] bash / quote weirdness
Steve Litt wrote: > This is one reason why, in shellscripts, you > need to quote almost all variables: So they act correctly with the > space laden filenames that windows dwoobydogs just love to create. Not just Windows users. I regularly use spaces in file names. There’s an argument that computers should be tools, not slavemasters. I’m sure you’ll remember going back a few decades how interacting with computers meant that the human had to learn how to deal with the computer’s way of doing things. So, for example, typically when writing a document you had an edit mode from which you couldn’t print, and a print mode (menu) from which you couldn’t edit - you could not simply write you document and when ready just tell the computer to print it. I recall a lot of resistance when Apple brought out the Mac and suddenly programmers had to learn how to write programs that did what the user wanted - when the user wanted. So, for example, open an editor, write your document, and whenever you want - hit Cmd-P (or choose Print from the File menu) and it gets printed, right there from inside your “edit mode”. And now most people stuff like that for granted. rings have shifted from the user doing the work to make the computer side easy to the user expecting the computer side to do the work - after all, isn’t the purpose of computer to do “stuff” for us ? Similarly with file names. Once upon a time the human had to adapt to what the computer supported - such as fitting your entire file name into 8 characters. Now the computer (mostly) supports what is natural for a human - and that includes using spaces in their writing. After_all_it_does_seem_a_bit_un-natural_not_being_allowed_to_use_spaces_in_your_writing_-_it_would_make_a_hard_to_read_book_! Another OT anecdote. This talk of spaces and quoting reminds me of an issue I had to deal with a couple of work hats ago. I had some users who would struggle sometimes to log into their terminals on the SCO OpenServer system. When I watched them carefully, I’d see them mistyping either their username or password, so for example assume their username is “username”, they might mistype it thus : “usermname” rather than “usermname”. Because it looked OK on the screen, it was hard to persuade them that what the system saw them type was “usermname” and not the “username” they could clearly see on the screen. Simon ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] nftables firewall and fail2ban replacement.
Antony Stone wrote: > The one feature I'd like to see on fail2ban is multi-server communication, so > that if one of my machines has a reason to block an address, it tells all my > others to block that address as well. That’s also possible to “roll your own”. I was considering this at my last place, but never got round to doing it. The only hard bit is messaging between machines, but my plan was to send a message to the outside router so it could block the address at the perimeter. One thought I had was to use syslog to send certain messages to the router’s syslog so fail2ban could pick them up and apply rules. Simon ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] [OT] bash / quote weirdness
On 1/13/22 09:43, Antony Stone wrote: On Thursday 13 January 2022 at 15:07:22, Hendrik Boom wrote: On Wed, Jan 12, 2022 at 05:45:08PM -0500, Steve Litt wrote: [slitt@mydesk ~]$ cat -n /etc/fstab | cut -b 1-20 | head -n5 1 UUID=730eaf92 2 UUID=41abb5fd 3 UUID=96cfdfb3 4 UUID=6F66-BF7 5 tmpfs /tmp tm [slitt@mydesk ~]$ "cat -n" /etc/fstab | cut -b 1-20 | head -n5 bash: cat -n: command not found [slitt@mydesk ~]$ "cat -n /etc/fstab" | cut -b 1-20 | head -n5 bash: cat -n /etc/fstab: No such file or directory So if it has parameters it's a command, and if it diesn't it's just a file or directory? It looks a good deal more complicated than that... $ "cat /etc/fstab" bash: cat /etc/fstab: No such file or directory $ "cat fstab" bash: cat fstab: command not found I have no idea what's really going on here. Antony. Really very simple. Bash interprets the string in total. It does not parse it for content prior to attempting to execute it. To do that, you need to change the context: eval "cat /etc/fstab" This behavior is well documented on the Bash man page and in all books on shell programming. It is also true for other P-code or interpreted languages such as Perl. -- William (Bill) Moss billm...@acm.org NY (USA) Those who will not reason, are bigots, those who cannot, are fools, and those who dare not, are slaves. Lord Byron Justice will not be served until those who are unaffected are as outraged as those who are. Benjamin Franklin When the people fear the government there is tyranny, when the government fears the people there is liberty. John Basil Barnhill ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] [OT] bash / quote weirdness
Hi everyone,
to better understand how the shell interprets quotes, you should compile
and use the following small C program to test some expressions :
$ cat args.c
#include
#include
int main(int argc, char *argv[])
{
int _i;
printf("ARGC = %d\n", argc);
for (_i = 1; _i < argc; _i++) {
printf("ARGV[%3d : length = %3d] = [%s]\n",
_i, strlen(argv[_i]), argv[_i]);
}
return 0;
}
Now, test your expressions :
$ xcmd="unrar x"
$ args xcmd
ARGC = 2
ARGV[ 1 : length = 4] = [xcmd]
$ args $xcmd
ARGC = 3
ARGV[ 1 : length = 5] = [unrar]
ARGV[ 2 : length = 1] = [x]
$ args "$xcmd"
ARGC = 2
ARGV[ 1 : length = 7] = [unrar x]
$ args '$xcmd'
ARGC = 2
ARGV[ 1 : length = 5] = [$xcmd]
$ args "cat /etc/fstab"
ARGC = 2
ARGV[ 1 : length = 14] = [cat /etc/fstab]
Regards,
Martial
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] bash / quote weirdness
On Wed, 2022-01-12 at 00:08 +0100, Florian Zieboll via Dng wrote: Dear list, this im my 'test.sh': #!/bin/bash for f in "$@" ; do xcmd="unrar x" $xcmd "$f" done Can please somebody explain, why, if I double-quote the "$xcmd" variable in line 4, the script fails with ./test.sh: line 4: unrar x: command not found ??? Commands without parameters resp. whitespace (e.g. xcmd="unzip") work fine when double-quoted; a web search (including the "GNU Bash manual" [1]) did not shed any light on this mystery... Thank you and libre Grüße, Florian -- Message: 2 Date: Thu, 13 Jan 2022 09:07:22 -0500 From: Hendrik Boom To: dng@lists.dyne.org Subject: Re: [DNG] [OT] bash / quote weirdness Message-ID: <20220113140722.ga30...@topoi.pooq.com> Content-Type: text/plain; charset=us-ascii On Wed, Jan 12, 2022 at 05:45:08PM -0500, Steve Litt wrote: On the other hand... === [slitt@mydesk ~]$ cat -n /etc/fstab | cut -b 1-20 | head -n5 1 UUID=730eaf92 2 UUID=41abb5fd 3 UUID=96cfdfb3 4 UUID=6F66-BF7 5 tmpfs /tmp tm [slitt@mydesk ~]$ "cat -n" /etc/fstab | cut -b 1-20 | head -n5 bash: cat -n: command not found [slitt@mydesk ~]$ "cat -n /etc/fstab" | cut -b 1-20 | head -n5 bash: cat -n /etc/fstab: No such file or directory [slitt@mydesk ~]$ So if it has parameters it's a command, and if it diesn't it's just a file or directory? -- hendrik -- Message: 3 Date: Thu, 13 Jan 2022 15:43:29 +0100 From: Antony Stone To: dng@lists.dyne.org Subject: Re: [DNG] [OT] bash / quote weirdness Message-ID: <202201131543.29980.antony.st...@devuan.open.source.it> Content-Type: Text/Plain; charset="utf-8" On Thursday 13 January 2022 at 15:07:22, Hendrik Boom wrote: On Wed, Jan 12, 2022 at 05:45:08PM -0500, Steve Litt wrote: [slitt@mydesk ~]$ cat -n /etc/fstab | cut -b 1-20 | head -n5 1 UUID=730eaf92 2 UUID=41abb5fd 3 UUID=96cfdfb3 4 UUID=6F66-BF7 5 tmpfs /tmp tm [slitt@mydesk ~]$ "cat -n" /etc/fstab | cut -b 1-20 | head -n5 bash: cat -n: command not found [slitt@mydesk ~]$ "cat -n /etc/fstab" | cut -b 1-20 | head -n5 bash: cat -n /etc/fstab: No such file or directory So if it has parameters it's a command, and if it diesn't it's just a file or directory? It looks a good deal more complicated than that... $ "cat /etc/fstab" bash: cat /etc/fstab: No such file or directory $ "cat fstab" bash: cat fstab: command not found I have no idea what's really going on here. Antony. The shell receives a series of tokens, and tries to interpret the first one as a command. In the double-quoted attempt above, it gets two tokens before the first pipe | --- 1) "cat -n" 2) /etc/fstab Of course, the system has no command named "cat -n". (And only a chaotic evil person would use a space in a command's name.) Something like "cat" "-n" /etc/fstab would work fine, the shell now sees three tokens (and the double quotes are completely unnecessary here), and the first is recognized as a command that's on the executable path. The same goes for "cat /etc/fstab" or "cat fstab", they're both just text strings that happen to include a space character. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] [OT] bash / quote weirdness
On Thursday 13 January 2022 at 18:19:23, Benjamin Riefenstahl wrote: > Steve Litt writes: > > [slitt@mydesk ~]$ "cat -n" /etc/fstab | cut -b 1-20 | head -n5 > > bash: cat -n: command not found > > [slitt@mydesk ~]$ "cat -n /etc/fstab" | cut -b 1-20 | head -n5 > > bash: cat -n /etc/fstab: No such file or directory > > When there is a "/" in the command name, that is a file that has to exist by > that exact name (the file name can be relative, though). > > When there is no "/", then and only then the command is searched along > $PATH, and if it is not found there, the error message is different from the > other case. > > At least that is my explanation. This makes excellent sense and is a good explanation, I believe. Thanks, Antony. -- Anyone that's normal doesn't really achieve much. - Mark Blair, Australian rocket engineer Please reply to the list; please *don't* CC me. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] bash / quote weirdness
Hi Steve, Steve Litt writes: > [slitt@mydesk ~]$ "cat -n" /etc/fstab | cut -b 1-20 | head -n5 > bash: cat -n: command not found > [slitt@mydesk ~]$ "cat -n /etc/fstab" | cut -b 1-20 | head -n5 > bash: cat -n /etc/fstab: No such file or directory > [slitt@mydesk ~]$ Different code paths within Bash. When there is a "/" in the command name, that is a file that has to exist by that exact name (the file name can be relative, though). When there is no "/", then and only then the command is searched along $PATH, and if it is not found there, the error message is different from the other case. At least that is my explanation. so long, benny ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] [OT] bash / quote weirdness
No problem. Happy that you found it useful :D On Thu, 2022-01-13 at 10:52 -0500, Steve Litt wrote: > Thank you, thank you, THANK YOU!!! > > I've needed this for the last 23 years. Thank you! > > SteveT ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] [OT] bash / quote weirdness
Anno domini 2022 Thu, 13 Jan 15:43:29 +0100
Antony Stone scripsit:
> On Thursday 13 January 2022 at 15:07:22, Hendrik Boom wrote:
>
> > On Wed, Jan 12, 2022 at 05:45:08PM -0500, Steve Litt wrote:
>
> > > [slitt@mydesk ~]$ cat -n /etc/fstab | cut -b 1-20 | head -n5
> > >
> > > 1UUID=730eaf92
> > > 2UUID=41abb5fd
> > > 3UUID=96cfdfb3
> > > 4UUID=6F66-BF7
> > > 5tmpfs /tmp tm
> > >
> > > [slitt@mydesk ~]$ "cat -n" /etc/fstab | cut -b 1-20 | head -n5
> > > bash: cat -n: command not found
> > >
> > > [slitt@mydesk ~]$ "cat -n /etc/fstab" | cut -b 1-20 | head -n5
> > > bash: cat -n /etc/fstab: No such file or directory
> >
> > So if it has parameters it's a command, and if it diesn't it's just
> > a file or directory?
>
> It looks a good deal more complicated than that...
>
> $ "cat /etc/fstab"
> bash: cat /etc/fstab: No such file or directory
>
> $ "cat fstab"
> bash: cat fstab: command not found
>
> I have no idea what's really going on here.
Your example misses a minor detail. "" and '' build strings with/without
variable substitution (e.g. A="cat /etc/fstab"). When passed as a not-quoted
variable (e.g. $A) to the current shell the whole string is broken up into
arguments at whitespaces (e.g. $A -> "cat" "/etc/fstab"), the first argument is
the command that gets passed all remaining arguments including pipe symbols
('|'). A quoted variable is passed as one argument ("$A" -> "car /etc/fstab") -
if it's the only argument then that programm/command/function is evaluated and
is most likely to fail. Note that the pipe symbol ("|") as part of a string is
passed as an argument or part of an argument to argument 0 (command) and does
not build a pipe.
Nik
>
>
> Antony.
>
--
Please do not email me anything that you are not comfortable also sharing with
the NSA, CIA ...
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] [OT] bash / quote weirdness
Antony Stone said on Thu, 13 Jan 2022 15:43:29 +0100 >$ "cat fstab" >bash: cat fstab: command not found > >I have no idea what's really going on here. > > >Antony. Hi Anthony, Different programs handle commands with arguments different ways. sed -e handles the string that follows, which must be in quotes, as several different words. The C system() function handles its one string argument the same way, busting it into words delineated by spaces or beginning or end of line. On the other hand, the C execve() function is fed an array of strings, and doesn't do any splitting itself. Likewise, my /bin/sh, which I believe is a symlink for dash, takes a series of whitespace separated strings. If you quote something with a one or more spaces inside, dash considers the entire quoted entity to be exactly one string. This is one reason why, in shellscripts, you need to quote almost all variables: So they act correctly with the space laden filenames that windows dwoobydogs just love to create. Here at Troubleshooters.Com, spaces and all punctuation except underscore and hyphen are forbidden, but files coming in from the outside have horrible filenames. I'm pretty sure that, pertaining to quotes and whitespace, bash acts like my dash. I quit using bash in shellscripts after that horrific SHELLSHOCK security flaw (CVE-2014-6271) in 2014 and never came back. Dash has a smaller attack surface. This isn't to say I don't use bash. It's a spectacular interactive shell. But I never use it for shellscripts. In 2014 I had to rewrite over 100 shellscripts to use #!/bin/sh instead of #!/bin/bash. So when you issue a command from a shellscript, that command must be free from quotes except in places where the quoted material is intentionally one string. SteveT Steve Litt Spring 2021 featured book: Troubleshooting Techniques of the Successful Technologist http://www.troubleshooters.com/techniques ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] [OT] bash / quote weirdness
Gabe Stanton via Dng said on Thu, 13 Jan 2022 07:03:57 -0700 >There's an html version and a pdf version of the abs guide available >here > >https://tldp.org/LDP/abs/html/ > >or here > >https://tldp.org/LDP/abs/abs-guide.pdf Thank you, thank you, THANK YOU!!! I've needed this for the last 23 years. Thank you! SteveT Steve Litt Spring 2021 featured book: Troubleshooting Techniques of the Successful Technologist http://www.troubleshooters.com/techniques ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] [OT] bash / quote weirdness
On Thursday 13 January 2022 at 15:07:22, Hendrik Boom wrote: > On Wed, Jan 12, 2022 at 05:45:08PM -0500, Steve Litt wrote: > > [slitt@mydesk ~]$ cat -n /etc/fstab | cut -b 1-20 | head -n5 > > > > 1 UUID=730eaf92 > > 2 UUID=41abb5fd > > 3 UUID=96cfdfb3 > > 4 UUID=6F66-BF7 > > 5 tmpfs /tmp tm > > > > [slitt@mydesk ~]$ "cat -n" /etc/fstab | cut -b 1-20 | head -n5 > > bash: cat -n: command not found > > > > [slitt@mydesk ~]$ "cat -n /etc/fstab" | cut -b 1-20 | head -n5 > > bash: cat -n /etc/fstab: No such file or directory > > So if it has parameters it's a command, and if it diesn't it's just > a file or directory? It looks a good deal more complicated than that... $ "cat /etc/fstab" bash: cat /etc/fstab: No such file or directory $ "cat fstab" bash: cat fstab: command not found I have no idea what's really going on here. Antony. -- "It would appear we have reached the limits of what it is possible to achieve with computer technology, although one should be careful with such statements; they tend to sound pretty silly in five years." - John von Neumann (1949) Please reply to the list; please *don't* CC me. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] [OT] bash / quote weirdness
On Wed, Jan 12, 2022 at 05:45:08PM -0500, Steve Litt wrote: > > On the other hand... > > === > [slitt@mydesk ~]$ cat -n /etc/fstab | cut -b 1-20 | head -n5 > 1UUID=730eaf92 > 2UUID=41abb5fd > 3UUID=96cfdfb3 > 4UUID=6F66-BF7 > 5tmpfs /tmp tm > [slitt@mydesk ~]$ "cat -n" /etc/fstab | cut -b 1-20 | head -n5 > bash: cat -n: command not found > [slitt@mydesk ~]$ "cat -n /etc/fstab" | cut -b 1-20 | head -n5 > bash: cat -n /etc/fstab: No such file or directory > [slitt@mydesk ~]$ So if it has parameters it's a command, and if it diesn't it's just a file or directory? -- hendrik ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] [OT] bash / quote weirdness
I don't have anything of my own to add except that single quotes result in the same behavior as double quotes in this case. I was curious about that after reading about the difference between single and double quotes in the Advanced Bash Scripting Guide or abs guide. I'm a novice obviously. I wanted to share the abs guide in case anyone reading isn't aware of it. I found it recently while working on a script myself (rename files and folders according to a standard, all lower case, limited special characters and no spaces in case anyone finds it interesting). There's an html version and a pdf version of the abs guide available here https://tldp.org/LDP/abs/html/ or here https://tldp.org/LDP/abs/abs-guide.pdf Gabe On Wed, 2022-01-12 at 00:08 +0100, Florian Zieboll via Dng wrote: > Dear list, > > this im my 'test.sh': > > #!/bin/bash > for f in "$@" ; do > xcmd="unrar x" > $xcmd "$f" > done > > Can please somebody explain, why, if I double-quote the "$xcmd" > variable in line 4, the script fails with > > ./test.sh: line 4: unrar x: command not found > > ??? > > Commands without parameters resp. whitespace (e.g. xcmd="unzip") work > fine when double-quoted; a web search (including the "GNU Bash > manual" > [1]) did not shed any light on this mystery... > > Thank you and libre Grüße, > Florian > > > > [1] > https://www.gnu.org/software/bash/manual/html_node/Double-Quotes.html > ___ > Dng mailing list > Dng@lists.dyne.org > https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] nftables firewall and fail2ban replacement.
On Thursday 13 January 2022 at 11:41:48, Didier Kryn wrote: > My experience/understanding of fail2ban is that it's intended > against attackers "smart" enough to periodically change their address. I don't care whether it's individual attackers who change their address, or multiple attackers each coming from one address; I use fail2ban to block anyone who's clearly trying to "get in" or at least abuse my services (email, SSH, SIP are th emost common I see) by trying some credentials, failing, and then trying again and failing sufficient times in a short period that it can't be someone who's supposed to get in. I have also (like Simon) written my own rule to scan the fail2ban log file itself, and add repeat offenders to a permanent block list, which also survives reboots. The one feature I'd like to see on fail2ban is multi-server communication, so that if one of my machines has a reason to block an address, it tells all my others to block that address as well. > For fix addresses, custom iptables rules was the "simple" way to go. Now > I guess it's custom nftables rules. Where do you get the list of fixed address to block? Antony. -- The more 'success' you get, the easier it is to be disappointed by not getting things. The only difference is that now no-one feels sorry for you. - Matt Haig Please reply to the list; please *don't* CC me. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] nftables firewall and fail2ban replacement.
Le 12/01/2022 à 14:49, onefang a écrit : I've been using shorewall and fail2ban for a while now, but nftables is soon replacing iptables, so it's time to consider some options. Apparently fail2ban already supports nftables, but shorewall doesn't and wont - https://shorewall-users.narkive.com/aujuSpJ1/nftables-on-the-roadmap My main problem with fail2ban is that it fails to ban. Or rather it does ban, for that one rule I wrote myself, but not for any of the built in rules, but then it releases the ban, even though I have told shorewall to ban that particular IP. So the IP ends up being unbanned, coz fail2ban says so. Yes, I'm aware you can configure fail2ban to shift from temporary to permanent bans for persistent rule breakers. Would be good if the built in rules actually worked. Right now there's a particular IP hitting that one rule, and no matter what I do, even completely zapping fail2ban's database and leaving it turned off, that IP keeps bypassing my firewall somehow. So I'll eventually need a replacement for shorewall anyway, and I'd like something similar to fail2ban that doesn't fail to ban. So the two replacements have to get along with each other. None of this "bad IP can get through coz the two fight over it" bullshit. This has to run on my servers and desktop, so no GUI. I'm an experienced sysadmin, text config is good. Any suggestions? My experience/understanding of fail2ban is that it's intended against attackers "smart" enough to periodically change their address. For fix addresses, custom iptables rules was the "simple" way to go. Now I guess it's custom nftables rules. -- Didier ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
