blog archive     the meetup     about     contact me

pimp my bash

Here are a few of my favorite bash aliases. Have any good ones to share?

I run a Security Onion NIDS on my home network. The times where I have tried connecting a local sguil client to a remote sguil database have been nothing short of a kernel panic. This actually works really well:

alias sguil='echo "Execute sguil.tk after this connects..." && ssh -X root@secOnionBox'

Copying the output of cat to the x clipboard can be handy:

clip() {
    cat "$1" | xclip -selection c
}

Sometimes I just want a password ready to ctrl-v. For low-risk scenarios, you can alias the following to copy a password to your x clipboard. Note: only do this for low risk passwords as it stores your password in plaintext in your .bash_profile file. Frankly one shouldn’t ever do this; rather something like the LastPass CLI should be used: https://github.com/lastpass/lastpass-cli

alias getpw='echo "superSecretPassword" | xclip -selection c'

Do you use an OpenVPN server? You should; they’re awesome. Easily tunnel up with this:

alias vpn='sudo openvpn --config /path/to/client.ovpn --auth-user-pass /path/to/user-password-file'

Want to get your public IP from terminal? Do either of these:

alias myip='dig +short myip.opendns.com @resolver1.opendns.com'

or

alias myip='wget http://ipecho.net/plain -O - -q; echo'

Save yourself from yourself by requiring confirmation on rm commands:

alias rm='rm -i' or alias rm='rm -I'

The lowercase -i will require confirmation on each file, while the -I is a little less obtrusive, but still provides some protection. You can rtfm for the full breakdown on their differences.

I have a portable USB hard drive that I take with me on engagements. Some of the data on it needs to be accessible to all machines (Windows, *nix, Mac) without trouble. So it is formatted NTFS and that is fine and dandy. However, there often arises the need to store sensitive data on it, which MUST be encrypted.

Now, certainly using full disk encryption is preferred, but this works in one-off situations. I basically carved out 500GB or so and created a LUKS encrypted container on the drive. Now whenever I need to access that encrypted container, I just call the following function. Easy.

mountc(){
  if [ -f /path/to/LUKS/file ]; then
    key=$(zenity --entry --title="Decrypt Key" --text="Enter your decryption passphrase." --hide-text)
    echo $key | cryptsetup luksOpen /path/to/LUKS/file cryptPassport -
    mount /dev/mapper/cryptPassport /path/to/mountpoint
  fi
}

and when finished, be sure to close it out gracefully:

umountc(){
  [ "$(ls -A /path/to/mountpoint)" ] && empt=0 || empt=1
  if [ $empt = "0" ]; then
    umount /path/to/mountpoint
    cryptsetup luksClose cryptPassport
  fi
}

The output of ls is just ugly. This makes it so much more readable, useful, and also lists hidden files:

alias ls='ls -al'

On Debian-based systems, sudo apt-get install can get to be cumbersome to type - especially when you’re installing packages frequently. I prefer to alias it like this:

alias agi='sudo apt-get install'

Now I can just do agi {packagename}.

I’ll add more to this post over time.