Bash & Vim

Jump to: navigation, search

Bash Envronment

My .bashrc

export VISUAL=vim

function MyPrompt {


        if [ ${UID} -eq 0 ];

        PROMPT="\n |${UID_COLOR} \u@\h ${OFF}\n | Time: \@ \n | \w \n"

        if [ "${EXITSTATUS}" -eq 0 ]
                PS1="${PROMPT} ${BOLD}${GREEN}] ${OFF}"
                PS1="${PROMPT} ${BOLD}${RED}] ${OFF}"

    PS2="${BOLD}>${OFF} "


Reload Bashrc

Reload your bash settings.

source ~/.bashrc

Minimal Allowable /etc/vimrc

set paste
set modeline
set tabstop=2 shiftwidth=2 expandtab
set background=dark
set softtabstop=2

syntax on
filetype indent on

Bash Scriptlets

Find the date RHEL / Centos System software was last updated or installed

rpm -qa --queryformat '%{installtime} (%{installtime:date}) %{name}\n' | sort -n | tail -n1

For a detailed report of what software was updated or what software was installed, remove the tail command.

It's important to note that the latest date displayed by the above command may not be the date the system was updated. Just the latest date software was installed. In the bottom example January 5th was actually the latest date something was updated with individual packages being installed as needed at later dates.

1515190849 (Fri 05 Jan 2018 02:20:49 PM PST) iwl3945-firmware
1515190849 (Fri 05 Jan 2018 02:20:49 PM PST) iwl7260-firmware
1515190850 (Fri 05 Jan 2018 02:20:50 PM PST) glibc
1515190850 (Fri 05 Jan 2018 02:20:50 PM PST) libgcc
1515190850 (Fri 05 Jan 2018 02:20:50 PM PST) libstdc++
1521240335 (Fri 16 Mar 2018 03:45:35 PM PDT) b9notifier
1521240346 (Fri 16 Mar 2018 03:45:46 PM PDT) b9agent
1523291607 (Mon 09 Apr 2018 09:33:27 AM PDT) iftop
1527143320 (Wed 23 May 2018 11:28:40 PM PDT) swiagent
1534649977 (Sat 18 Aug 2018 08:39:37 PM PDT) mysql-community-common
1534649977 (Sat 18 Aug 2018 08:39:37 PM PDT) mysql-community-libs
1534649982 (Sat 18 Aug 2018 08:39:42 PM PDT) mysql-community-client
1534650010 (Sat 18 Aug 2018 08:40:10 PM PDT) mysql-community-libs-compat
1534650010 (Sat 18 Aug 2018 08:40:10 PM PDT) mysql-community-server
1534653516 (Sat 18 Aug 2018 09:38:36 PM PDT) mysql-shell

rpm -qa --queryformat '%{installtime} (%{installtime:date}) %{name}\n' | sort -n | grep -E "(swiagent|bit9|filebeat)"

Stolen and subsequently modified from : how-to-tell-when-redhat-was-last-updated

Drill down into specific package updates:

yum history package-list <package-name-without-gt,lt>
] yum history package-list openssh-server
Loaded plugins: enabled_repos_upload, langpacks, package_upload, product-id, search-disabled-repos, subscription-manager
ID     | Action(s)      | Package
    52 | Updated        | openssh-server-7.4p1-13.el7_4.x86_64               EE
    52 | Update         |                7.4p1-16.el7.x86_64                 EE
     3 | Updated        | openssh-server-6.6.1p1-31.el7.x86_64               EE
     3 | Update         |                7.4p1-13.el7_4.x86_64               EE
     1 | Install        | openssh-server-6.6.1p1-31.el7.x86_64
history package-list
Uploading Enabled Repositories Report
Loaded plugins: langpacks, product-id, subscription-manager

Use the ID to get more details on the history for this package. Warning, this may generate pages of information !

yum history info 52

Find Source Ports for specific port connections

This will identify Active Directory / LDAP connections from SSSD ( Or other Daemon ) to the AD server.

netstat -an | grep '\:389 ' | gawk '{print $5}'

This will identify the outbound port being used from SSSD ( Or other daemon ) to the AD server.

netstat -an | grep '\:389 ' | gawk '{print $4}' 

Include the connection Status:

netstat -an | grep '\:389 ' | gawk '{print $5, $6 }'

Find Folder and File sizes recursively.

This is an overly complex way to perform 'du -h'

find -maxdepth 1 -exec du -sk {} \;|sort -rn|head|while read size loc; do echo "scale=2; $size/1024" |bc|gawk '{ print $1"MB '"$loc"' " }';done|column -t

Find PHP Shells

PHP shells are usually placed by malcontents that have hacked your system and will use a shell to infect other parts of your system. Place the following contents into an executable bash script and let it go where you want to

find PHP Shells.

 find $1 -name "*.php" -o -name "*.sh" -o -name "*.txt" | xargs -i egrep -lr "back_connect|backdoor|r57|PHPJackal|PhpSpy|GiX|Fx29SheLL|w4ck1ng|milw0rm|PhpShell|k1r4|FeeLCoMz|FaTaLisTiCz|Ve_cENxShell|UnixOn|C99madShell|

Spamfordz|Locus7s|c100|c99|x2300|cgitelnet|webadmin|STUNSHELL|Pr!v8|PHPShell|KaMeLeOn|S4T|oRb|tryag|sniper|noexecshell|revengans" {} ;

Bash Expansion

Sometimes you need to create a list of IP address really fast.

echo 10.245.10.{1..252} | tr ' ' '\012'

Kill off Lots of processes

If you find yourself with hundreds of similar or regex-able processes to kill:

 killit=$(ps aux | grep wget | gawk '{print $2}') ; echo $killit ; kill -9 $killit

If you fillter by user and omit root references. Thanks to Wendre Vaughan for this one.

 killit=$(ps aux | grep <user> |grep -v root | gawk '{print $2}') ; echo $killit

Vim Tricks

Sudo from VIM

Getting root permissions while inside VIM

Sometimes you want to write to a read only file without losing your work or saving to a temporary file.

:w !sudo tee <FileName>

Vim Cheat Sheet

Vim cheat sheet for programmers screen.png