String Templating

In [None]:
%%bash
for i in {1..5}; 
do 
    mkdir "module-${i}"; 
done;

In [None]:
%%bash
for i in {1..5}
do
    rmdir "module-${i}";
done;

-/bin/sh is the default shell since the very first days of UNIX
- Many alternative shells have been developed and are still available and used
- /bin/bash is the most common shell in Linux and other Unices
Large parts of the operating system and its applications are written in bash
- Look for instance in /etc/init.d, /etc/profile and many more

<b>What is a Script</b>

A script is a simple program that doesn’t have to be compiled
A script can be a mare list of commands that are executed sequentially
Or more clever things can be accomplished, using smart elements like:
- variables
- conditional structures
- user input processing

The “shebang”; `#!/bin/bash`
- # is NOT a comment sign in this case
An `exit` statement if you don’t want to use the exit status of the last command in the script

*Storing and Running the Script*
- On linux the current directory is not in the $PATH variable
- Consider storing the script in a directory that is in $PATH, such as /usr/local/bin or $USER/bin
- or ru the script using ./myscript
- notice that running a script without ./ in front may lead to unexpected results
- in order to run the script, it musthave thte Execuete permdission applied `chmod +x myscript`
- If the script is started as an argument to the bash shell, it doens’t need the execute permission itself `bash myscript`

*Bash Internal and external Commands*
An internal command is a part of the Bash shell
- It does not have to be loaded from disk and therefore faster
- User help to get a list of internal command
An external command is a command that is loaded from and executable file on disk
External commands normally are slower

use type to see if it is an external/internal command
`type <command>`

*Help resources*
`man bash`
`help <command>`
https://www.tldp.org/LDP/abs/html/


*for statements*
for statements are useful to evaluate a range or series
```
for i in something
do
   command 1
   command 2
done
```

In [None]:
%%bash
for i in `cat  /etc/hosts`;
   do echo $i;
done

In [None]:
%%bash
for i in {1..5};                                                                                                                                                        
        do echo $i;                                                                                                                                                     
done  

It is common to use the variable i in a for loop, but any other variable can be used instead

In [None]:
%%bash
#!/bin/bash
# script that counts files
echo which director do you want to count?
read DIR
cd $DIR
COUNTER=0

for i in *;
do
   COUNTER=$((COUNTER + 1));
   echo I have counted $COUNTER files in this directory;
done

*Case Statements*
```
#!/bin/bash

VAR=$1

case $VAR in
yes)
   echo ok;;
no|nee)
   echo too bad;;
*)
   echo try again;;
esac
```

## Exercise
- A customer has exported a long list of LDAP user names. These user names are stored in the file ldapusers. In this file, every user has a name in the format cn=lisa, dc=example, dc=com. Write a script that extracts the username only (lisa) from all of these lines and write to a new file. Based on this new file, create a local user account on your Linux box. 
- Note: while testing it's not a really smart idea to create the user accounts directly. Find a solution that proves the script works withoug polluting your system with many usernames.

##Solution
# pattern matching

${string#*,} # remove prefix ending with ,

${string%,*} # remove suffix starting with ,

${string%%,*} # extract the first term, separated by ,

extractuser.sh

In [None]:
%%bash
#!/bin/bash

while read i;
do
    users=${i%%,*}
    echo ${users#*=} >> user
done < ./ldapusers

while read i;
do
    # don't want to pollute the environment
    echo useradd $i
done < ./user

exit 0

## Options
`getopts` is a built-in function to parse command line argtuments in your script

getopts take in 3 parameters
<ol>
    <li>First is a sequence of valid options. Ex. '123' which specifies the valid options [-1], [-2], [-3]</li>
    <li>Second is the <b>getopts</b> variable that will be populated with the option or grgument to be processed next. <b>opt</b></li>
    <li>Third argument to <b>getopts</b> is the list of arguments and options to be processed. When not provided, this defaults to the arguments and options provided to the applications '$\@'. You can provided this third argument to use getopts to parse any list of arguments and options you provide.</li>   
</ol>

### Shifting processed options
The variable <b>OPTIND</b> holds the number of options parsed by the last call called <b>getopts</b>. It is common practice to call the <b>shift</b> command at the end of your processing loop to remove options that have already handled from <b>$@</b>

shift $((OPTIND -1))

In [None]:
%%bash
#/bin/bash

while getops "12": opt
do
case $opt in
    1 ) VAR1='a';;
    2 ) VAR2='b';;
    * ) echo 'usage: [-1] [-2]'
esac
done

echo the current arguments are set to $*
shift $((OPTIND -1))
echo now the current argument are set to $*
exit0

# Using Functions
- Functions must be defined before then can be used
- It is good practice to define all functions at the beginning of a script

<p>
<code>
function somefunction    
{
    statements
}
</code>
</p>

<p>
<code>
help ()
{
    statements
}
</code>
</p>

# Array
## Declaring an Array and Assigning values
In bash, array is created automatically when a variable is used in the format like, <br>
<code>name[index]=value</code>
<br>
- name is any name for an array
- index could be any number or expression that must evaluate a number greater than or equal to zero. You can declare an explicit array using declare -a arrayname

In [37]:
%%bash
#! /bin/bash
Unix[0]='Debian'
Unix[1]='Redhat'
Unix[2]='Ubuntu'
Unix[3]='Suse'

echo ${Unix[*]}
echo ${Unix[2]}

Debian Redhat Ubuntu Suse
Ubuntu


## Initializing an array during declaration
Instead of initializing each element of an array separately, you can declare and initialize an array by specifying the list of elements (separated by white space) with in a pair of curly braces.

<code>declare -a arrayname=(element1 element2 element3)</code>

In [39]:
%%bash
declare -a unix=('Debian' 'Redhat' 'Suse' 'Fedora')
echo ${unix[*]}

Debian Redhat Suse Fedora


length of array

In [43]:
%%bash
declare -a unix=('Debian' 'Redhat' 'Suse' 'Fedora')

echo ${#unix[@]} # Number of elements in the array
echo ${#unix[3]} # Number of elements of the 4th alement in the array

4
6


Slicing array

In [44]:
%%bash
Unix=('Debian' 'Red hat' 'Ubuntu' 'Suse' 'Fedora' 'UTS' 'OpenLinux');
echo ${Unix[@]:3:2}

Suse Fedora


Search and Replace array elements

In [45]:
%%bash
Unix=('Debian' 'Red hat' 'Ubuntu' 'Suse' 'Fedora' 'UTS' 'OpenLinux');

echo ${Unix[@]/Ubuntu/SCO Unix}


Debian Red hat SCO Unix Suse Fedora UTS OpenLinux


Append elements to an array

In [46]:
%%bash
Unix=('Debian' 'Red hat' 'Ubuntu' 'Suse' 'Fedora' 'UTS' 'OpenLinux');
Unix=("${Unix[@]}" "AIX" "HP-UX")
echo ${Unix[*]}

Debian Red hat Ubuntu Suse Fedora UTS OpenLinux AIX HP-UX


Remove elements from an array

In [47]:
%%bash
Unix=('Debian' 'Red hat' 'Ubuntu' 'Suse' 'Fedora' 'UTS' 'OpenLinux');

unset Unix[3]
echo ${Unix[*]}

Debian Red hat Ubuntu Fedora UTS OpenLinux


# Creating Menu Interfaces
- The select statement can be used to create a menu interface
- - select DIR in /bin /usr /etc
In this, DIR is the variable that will be filled with the selected choice, and /bin /usr /etc are presented as numbered menu options
- Notice the use of break in select, without it the script would run forever

test - check file types and compare values 
- test EXPRESSION
- test
- [ EXPRESSION ]
-n String: the length of STRING is nonzero

menu

In [None]:
%%bash
#! /bin/bash
# demo script that shows making manus with select

echo 'Select a directory: '
select DIR in /bin /usr /etc
do
        # only continue if the user has selected something
        if [ -n $DIR ]
        then
                DIR=$DIR
                echo you have selected $DIR
                export DIR
                break
        else
                echo invalid choice
        fi
done

admenu

In [None]:
#! /bin/bash
echo 'select a task: '
select TASK in 'Check mounts' 'Check disk space' 'Check Memory usage'
do        case $REPLY in
                1) TASK=mount;;                2) TASK="df -h";;
                3) TASK="free -m";;
                *) echo ERROR && exit 2;;
        esac
        if [ -n "$TASK" ]
        then
                clear
                $TASK
                break
        else
                echo INVALID CHOICE && exit 3
        fi
done

# Bash Traps and Signals
- Signals are software interrupts sent to a program to indicate than an important event has occurred
- The events can vary from user requests to illegal memory access errors
- Some signals, such as the interrupt siganl, indicate that a user has asked the progrm to do something athat is not in the usual flow of control

## Types of Signals
|Signal Name|Signal Number| Description|
|---|---|---|
|SIGHUP|1|Hang up detected on controlling terminal or death controlling process|
|SIGINT|2|Issued if the user sends an interrupt signal Ctrl + C)|
|SIGQUIT|3|Issued if the user sends a quit signal (Ctrl + D)|
|SIGFPE|8|Issued if an illegal mathematical operation is attempted|
|SIGKILL|9|If a process gets this signal it must quit immediately and will not perform any clean-up operations|
|SIGALRM|14|Alarm clock signal (used for timers)|
|SIGTERM|15|Software termination signal (sent by kill by default)|

## Traps
- traps: can be used to redefine signals
- Useful to disallow Ctrl-C or other ways of killing a script
- Consult `man 7 signal` for a list of available signals or `trap -l`

## Exercise
Create a user helpdesk. Write a menu script that is started automatically when this user logs in. The menu script should never terminate, unless the user logs out (which is a menu option as well). From this menu, make at least the following options available:

1) Reset Password <br>
2) Show disk usage <br>
3) Ping a host <br>
4) Log out

Bonus question: modify this script and related configuration so that the user can use sudo to set passwords for other users as well

## Solution
newmenu

In [None]:
%%bash
#! /bin/bash

pinghost ()
{
    echo which host you wnat to ping?
    read HOSTNAME
    ping -c -1 $HOSTNAME
}

while true;
do
    # user cannot ctrl out ofthe script
    trap "echo NOPE" INT
    
    echo'select an option?'
    select TASK in 'Reset password' 'Show disk usage' 'Ping a host' 'Log out'
    do
        case $REPLY in
            1) TASK=passwd;;
            2) TASK="df -h";;
            3) TASK=pinghost;;
            4) TASK=exit;;
            *) echo ERROR && exit 2;;
        esac
        if [ -n "$TASK" ]
        then
            clear
            $TASK
            break
        else
            echo INVALID CHOICE && exit 3
        fi
    done
done
    

# Debugging

## Design Considerations
- Write readable!
- - Include white lines
- - Include comments
- - Be compact only if you need
- Don't write for yourself, but write for the person whow works with this script 
- Develop for speed
- Use exit to identify specific errors

## Common Analyzing Tools
- Use **bash** syntax highlighting available in editors
- In vim use **:set list** to show hidden characters
- In the scirpt code, insert **echo** or **read** at critical points
- Use **bash -v** to show verbose output (including error messages)
- Use **bash -n** to check for sentax errors
- Use **bash -x** to show xtrace information
- Use the **DEBUG** trap to show debugging information for everything between setting it on and off

debug_trap_example

In [86]:
%%bash
#! /bin/bash
function erroneous
{
    echo the error is $error
}

trap DEBUG

echo this line is OK
erroneous

trap - DEBUG

echo this line is also good

this line is OK
the error is
this line is also good


In [87]:
! ./debug_trap_example

this line is OK
the error is
this line is also good


## Monitoring CPU Usage
cpuusage

In [None]:
%%bash
#! /bin/bash                                                                                                             
INTERVAL=$1                                                                                                              
# user set interval which cpu monitoring happens                                                                         
while sleep $INTERVAL                                                                                                    
do                                                                                                                       
        USAGE=`ps -eo pcpu,pid -o comm= | sort -k1 -n -r | head -1 | awk '{ print $1 }'`                                 
        USAGE=${USAGE%.*}                                                                                                
        PID=`ps -eo pcpu,pid -o comm= | sort -k1 -n -r | head -1 | awk '{ print $2 }'`                                  
        PNAME=`ps -eo pcpu,pid -o comm= | sort -k1 -n -r | head -1 | awk '{ print $3 }'`
        # the following code is to see if usage is greater than 80%
        if [ $USAGE -gt 80 ]                                                                                             
        then                                                                                                             
                USAGE1=$USAGE                                                                                            
                PID1=$PID                                                                                                
                PNAME=$PNAME                                                                                             
                sleep 7                                                                                                  
                USAGE2=`ps -eo pcpu,pid -o comm= | sort -k1 -n -r | head -1 | awk '{ print $1 }'`                       
                USAGE2=${USAGE2%.*}                                                                                      
                PID2=`ps -eo pcpu,pid -o comm= | sort -k1 -n -r | head -1 | awk '{ print $2 }'`                         
                PNAME2=`ps -eo pcpu,pid -o comm = | sort -k1 -n -r | head -1 | awk '{ print $3 }'`                       
                [ $USAGE2 -gt 80 ] && [ $PID1 = $PID2 ] && \                                                             
                        mail -s "CPU load of $PNAME is above 80%" root.com < .                                      
        fi                                                                                                               
done              

In [24]:
! ps -eo pcpu,pid -o comm= | sort -k1 -n -r | head -1

 10.6   231 /System/Library/PrivateFrameworks/SkyLight.framework/Resources/WindowServer


ps: report a snapshot of current processes<br>
-e: report all processes, -o: format<br>
sort: sort lines of files, -k1: sort option to sort by the first column, -n: numberic sort, -r: reverse<br>
head -1: output the first part of files<br>
pcpu: physical cpu

In [28]:
! ps -eo pcpu,pid -o comm= | sort -k1 -n -r | head -1 | awk '{ print $1 }'

23.6


In [30]:
! ps -eo pcpu,pid -o comm= | sort -k1 -n -r | head -1 | awk '{ print $2 }'

231


In [31]:
! ps -eo pcpu,pid -o comm= | sort -k1 -n -r | head -1 | awk '{ print $3 }'

/System/Library/PrivateFrameworks/SkyLight.framework/Resources/WindowServer


awk '{ print $1 }': print the first part<br>
awk '{ print $2 }': print the second part<br>
awk '{ print $3 }': print the third part<br>

In [15]:
%%bash
USAGE=`ps -eo pcpu,pid -o comm= | sort -k1 -n -r | head -1 | awk '{ print $1 }'`                                 
echo ${USAGE%.*} 

11


${USAGE%.*}: strip the decimal places

In [None]:
! ./cpuusage 10

Cleaner version of cpuusage

In [None]:
#! /bin/bash                                                                                                             
INTERVAL=$1                                                                                                              
# user set interval which cpu monitoring happens                               
while sleep $INTERVAL 
do    
        VALUE=$(ps -eo pcpu,pid -o comm= | sort -k1 -n -r | head -1)
        USAGE1=$(echo $VALUE | awk '{ print $1 }')
        USAGE1=${USAGE1%.*} 
        PID1=$(echo $VALUE | awk '{ print $2 }')                               
        PNAME1=$(echo $VALUE | awk '{ print $3 }')
        # the following code is to see if usage is greater than 80%
        if [ $USAGE1 -gt 80 ]       
        then  
                sleep 7 
                VALUE2=$(ps -eo pcpu,pid -o comm= | sort -k1 -n -r | head -1)
                USAGE2=$(echo $VALUE2 | awk '{ print $1 }')
                USAGE2=${USAGE2%.*}
                PID2=$(echo $VALUE2 | awk '{ print $2 }')
                PNAME2=$(echo $VALUE2 | awk '{ print $3 }')       
                [ $USAGE2 -gt 80 ] && [ $PID1 = $PID2 ] && \ 
                    mail -s "CPU load of $PNAME2 is above 80%" root < . 
        fi              
done

### Calculator

In [None]:
#! /bin/bash                                                                                                          
                                                                                                                      
logfile="$home/.fcalc-log"                                                                                            
                                                                                                                      
date >> $logfile                                                                                                      
while /bin/true; do                                                                                                   
        if [ "$(expr $RANDOM % 100)" -lt "70" ]; then                                                                 
                x=`expr $(expr $RANDOM % 4) + 6`                                                                      
        else                                                                                                          
                x=`expr $RANDOM % 5`                                                                                  
        fi                                                                                                            
        y=`expr $RANDOM % 10`                                                                                         
                                                                                                                      
        rep=`expr $y \* $x`                                                                                           
                                                                                                                      
        urep="-1"                                                                                                     
                                                                                                                      
        while [ "$urep" -ne "$rep" ]                                                                                  
        do                                                                                                            
                read -p "$y * $x = ?:" urep                                                                           
                if [ "$urep" -ne "$rep" ]; then                                                                       
                        echo "$y * $x = ?: $rep: WRONG" >> $logfile                                                   
                else                                                                                                  
                        echo "$y * $x = ?: $rep: CORRECT" >> $logfile                                                 
                fi                                                                                                    
        done                                                                                                          
done 

In [1]:
! ./calculator

./calculator: line 5: /.fcalc-log: Permission denied
./calculator: line 6: /bin/true: No such file or directory


## Sourcing functions

In [None]:
! . /etc/init.d/functions

## Efficient if else scripts

In [2]:
# if_else_fi
#! /bin/bash

if [ -z $1 ]
then
    echo no argument provided
    exit 1
elif [ ! -e $1 ]
then
    echo $1 does not exist
    exit 2
elif [ -d $1 ]
then
    echo $1 is a directory
elif [ -x $1 ]
then
    echo $1 is not a directory and not a file
elif [ -x $1 ]
then
    echo $1 is an executable file
elif grep '#! /bin/bash' $1
then 
    echo $1 is an non-executable bash script
    chmod _x $1
else
    echo I don\'t know what this is
fid

In [None]:
# if_else_fi_efficient
#! /bin/bash

[ -z $1 ] && echo no argument provided && exit 1
[ ! -e $1 ] && echo $1 does not exist && exit 2
[ -d $1 ] && echo $1 is a directory && exit
[ ! -f $1 ] && echo $1 is not a directory or file && exit
[ -x $1 ] && echo $1 is executable && exit
grep '#! /bin/bash' $1 && echo $1 is a non-executable shell script && chmod +x $1 && exit
echo I don\'t know what this is

# Pattern Matching
*ba means `ba` preceeding by something<br>
\#\# means we are looking for the last occurance from left to right<br>
\# means we are looking at the first occurance starting from left to right

ba* means `ba` followed by something<br>
%% means we are looking at the last occurance from right to left<br>
% means we are looking at the first occurance from right to left

In [12]:
%%bash

BLAH=rabababarabarabarara

echo BLAH is $BLAH
echo ' the result of ##*ba is' ${BLAH##*ba}
echo ' the result of #*ba is' ${BLAH#*ba} 
echo ' the result of %%ba* is' ${BLAH%%ba*}
echo ' the result of %ba* is' ${BLAH%ba*}

BLAH is rabababarabarabarara
 the result of ##*ba is rara
 the result of #*ba is babarabarabarara
 the result of %%ba* is ra
 the result of %ba* is rabababarabara


# Using Command Substitution
- cd /lib/modules/\`uname -r\`
- cd /lib/modules/\$(uname -r)

# Arguments and Variables

In [None]:
#! /bin/bash
#
# ask if no arguments are provided
# if test -z $1; then
if [ -z $1 ]; then
    echo please provide an argument
    read ARG
else
    ARG=$1
fi

echo your argument was $ARG

# Command Line Arguments
- \$*: includes all the arguments not including the name of the function call, not separated by delimiter " "
- \$#: count of number of arguments separated by delimiter " "
- \$@: includes all the arguments not including the name of the function call, as a list separated by delimiter " "
- \$0: name of the calling function

In [None]:
# for_arg
#! /bin/bash
#
# Script that allows you to greet someone
# Usage:  /.hello [name]

echo "Hello $1, how are you doing today"
echo "\$* gives $*"
echo "\$# gives $#"
echo "\$@ gives $@"
echo "\$0 is $0"

# trying to show every single argument on a separated line
echo showing the interpretation of \$*
for i in "$*"
do
    echo $i
done

echo showing the interpretation of \$@
for i in "$@"
do
    echo $i
done
exit 0

In [17]:
! ./for_arg hi hello how are you doing today and what do your see

Hello hi, how are you doing today
$* gives hi hello how are you doing today and what do your see
$# gives 12
$@ gives hi hello how are you doing today and what do your see
$0 is ./for_arg
showing the interpretation of $*
hi hello how are you doing today and what do your see
showing the interpretation of $@
hi
hello
how
are
you
doing
today
and
what
do
your
see


## Declaring Variables
Declaring Variables is not requiredm but can be useful if you need to make sure that a specific type of input is provided
- **declare -r var=1** (readonly)
- **declare -i var=1** (number)
- **declare -a var** (array)
- **declare -f function_name** (function)
- **declare -x var=1** (export export to subshell)

# Using Arrays
Arrays are multi-value variables to which individual variables can be referred
- Set using index values: **arr[0]=Hello; arr[1]=World**
- Refer to using index values and curly braces **echo \\${arr[0]} \\${arr[1]}**
- - **\\${arr[*]}** refers to all the values in the array
- - **\\${!arr[*]}** shows all index values currently in use
- - **\\${#arr[*]}** shows how many items there are in the array

In [None]:
%%bash
# array_primer
#! /bin/bash

array=(one two three four [5]=five)

echo "Array size: ${#array[*]}"

echo "Array items:"
for item in ${array[*]}
do
    printf "   %s\n" $item
done

echo "Array indexes:"
for index in ${!array[*]}
do
    printf "   %d\n" $index
done

echo "Array items and indexes:"
for index in ${!array[*]}
do
    printf "%4d: %s\n" $index ${array[$index]}
done

In [19]:
! ./array_primer

Array size: 5
Array items:
   one
   two
   three
   four
   five
Array indexes:
   0
   1
   2
   3
   5
Array items and indexes:
   0: one
   1: two
   2: three
   3: four
   5: five


## Exercise
Write a script with the name servicemon. This script should monitor the availability of a service, of which the name has to be sepeecied as a boot argument for the script. The script would run indefinitely, and if the service that it monitors stops, it should do three things:
- Restart the service
- Write a message to syslog
- Send an email message to the root user

In [None]:
## servicemon Solution
#! /bin/bash
# script that monnitors availability of a service
#
##### exit code documentation
# 3: no argument provided
# 4: something else
#####

# make sure that service name is provided as an argument
if [ -z $1 ]; then
    echo you need to provide a service name when starting this script
    exit 3
else
    SERVICE=$1
fi

# run without stopping to do the monitoring tasks
# verify that $SERVICE is running
if ps aux | grep $SERVICE | grep -v grep | grep -v servicemon
then
    echo all good
else
    echo \$SERVICE could not be find as a service
    echo Make sure that \$SERVICE is running and try again
    echo 'The command ps aux | grep $SERVICE should show service up and running'
    exit $4
fi    

# monitor $SERVICE
while ps aux | grep $SERVICE | grep -v grep | grep -v servicemon
do 
    sleep 10
done

# actions if services is failing
# assume that the service processname can be #started with the service command
service $SERVICE start
logger servicemon: $SERVICE restarted
mail -s "servicemon: $SERVICE restarted at $(date +%d-%m-%Y %H:%M)" root < .

# Include Files
Include files can be used to
- Separate dynamic code from static code:
- Make scripts more portable
- Include with *source* or the *.* command

include files never starts with shebang

## Internal vs. External commands
internal command: something that is loaded to the bash shell itself<br>
external command is a command living as a file on the hard disc ofthe system that is running

It is more efficient to use internal commands in your bare scripts because internal commands are already available in memory

- To recognize the type of command, use the **type** command
- If you need an external command, use specific path to find it

**help** will give you list of internal commands in the system

In [20]:
!help

GNU bash, version 3.2.57(1)-release (x86_64-apple-darwin18)
These shell commands are defined internally.  Type `help' to see this list.
Type `help name' to find out more about the function `name'.
Use `info bash' to find out more about the shell in general.
Use `man -k' or `info' to find out more about commands not in this list.

A star (*) next to a name means that the command is disabled.

 JOB_SPEC [&]                       (( expression ))
 . filename [arguments]             :
 [ arg... ]                         [[ expression ]]
 alias [-p] [name[=value] ... ]     bg [job_spec ...]
 bind [-lpvsPVS] [-m keymap] [-f fi break [n]
 builtin [shell-builtin [arg ...]]  caller [EXPR]
 case WORD in [PATTERN [| PATTERN]. cd [-L|-P] [dir]
 command [-pVv] command [arg ...]   compgen [-abcdefgjksuv] [-o option
 complete [-abcdefgjksuv] [-pr] [-o continue [n]
 declare [-afFirtx] [-p] [name[=val dirs [-clpv] [+N] [-N]
 disown [-h] [-ar] [jobspec ...]    echo [-neE] [arg ...]
 enable [-pnds] [-a] 

In [21]:
!type ls

ls is /bin/ls


In [23]:
!type cd

cd is a shell builtin


In [24]:
!type time

time is a shell keyword


In [25]:
! time ls

[31madmenu[m[m                    [31mdebug_trap_example[m[m        log
[31marg_or_read[m[m               [31merror_script[m[m              [31mmath[m[m
[31marray_primer[m[m              extractuser.sh            [31mmenu[m[m
bash.ipynb                [31mfor_arg[m[m                   newmenu
[31mcalculator[m[m                [31mif_then_fi[m[m                [31mservicemon[m[m
[31mcountdown[m[m                 [31mif_then_fi_efficient[m[m      simple_process_monitoring
[31mcpuusage[m[m                  ldapusers

real	0m0.007s
user	0m0.001s
sys	0m0.004s


In [26]:
! which time

/usr/bin/time


In [27]:
! /usr/bin/time ls

[31madmenu[m[m                    [31mdebug_trap_example[m[m        log
[31marg_or_read[m[m               [31merror_script[m[m              [31mmath[m[m
[31marray_primer[m[m              extractuser.sh            [31mmenu[m[m
bash.ipynb                [31mfor_arg[m[m                   newmenu
[31mcalculator[m[m                [31mif_then_fi[m[m                [31mservicemon[m[m
[31mcountdown[m[m                 [31mif_then_fi_efficient[m[m      simple_process_monitoring
[31mcpuusage[m[m                  ldapusers
        0.00 real         0.00 user         0.00 sys


# Marking Shell more Secure
Using rbash
- Start with bash -r
- For in /etc/passwd, create a symbolic link
- - **ln -s /bin/bash /bin/rbash**
- rbash Features
- - No **cd** to root
- - No modifications of ENV and PATH
- - No functions
- - No output redirection

In [None]:
# code injections (2 problems)
read FOO
read BAR
if [ x$FOO = xfoo ]; then
    echo $FOO
    eval $BAR
fi

- Enter "foo = xfoo -o x" as the value for FOO
- Avoid by using quotes: if [ "x$FOO" = "xfoo" ] then
- Never use **eval** on user input because it allows user to open subshell

## Security Tips
- Design before you write the script
- Always quote user input
- Nevel use **eval**
- Make sure to protect the \$PATH variable
- Use full command names
- Don't worry about SUID, it's disabled for shell scripts

## Analyzing cd Scripts

In [28]:
# there are problems with this cd
# script
#! /bin/bash
# Ask a sue what directory he/she wants to activate and next show a list
# of iles in that directory

echo What Directory do you want to activate?
read DIR
cd $DIR

for i in *
do
    echo found file $i
    echo Do you want to see it?
    read
    cat $i
done

Problems
- This script really has a lot to improve
- Test if $DIR exists
- Implements yes/no functionality on the question in the loop
- Check if the file in \$i is non-text and if that is the case, tell user we can't open it