DOCSLIB.ORG

Software Security

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Software Security dit-upm software security José A. Mañas < http://www.dit.upm.es/~pepe/> Information Technology Department Universidad Politécnica de Madrid 24 October 2018 dit the problem ⚫ in a world where everything contains software, if the software is not reliable, the system is not reliable ⚫ how do you build reliable software? ◼ shall predict errors and attacks from the environment ◼ shall fail safely shall not inform the attacker shall not fall into a state of unsafe behavior ⚫ security by design, security should not be an afterthought ◼ we should not wait for an attack to start protecting us ◼ cost: design, coding, testing, distribution ◼ bad reputation software security 2 dit why is software unreliable? 1. programmers do not know 2. is boring 3. less functionality 4. reduced performance 5. benefit (ROI) is hard to estimate ⚫ adding secure components does not make a secure system ⚫ insecurity is not necessarily a bug; it is an unacceptable behavior cybersecurity 3 dit security ⚫ preventive ◼ does not occur, occurs less often ⚫ monitor and detect ◼ if something goes wrong, you need an alert ⚫ reliable logging ◼ to prosecute ◼ to learn ⚫ recovery - resilience software security 4 dit vulnerabilidades del software ⚫ Memory safety violations ◼ Buffer overflows and over-reads ◼ Dangling pointers ⚫ Input validation errors ◼ Format string attacks ◼ SQL injection ◼ Code injection ◼ E-mail injection ◼ Directory traversal ◼ Cross-site scripting in web applications ◼ HTTP header injection ◼ HTTP response splitting https://en.wikipedia.org/wiki/Vulnerability_(computing) software security 5 dit vulnerabilidades del software ⚫ Race conditions ◼ Time-of-check-to-time-of-use bugs ◼ Symlink races ⚫ Privilege-confusion ◼ Cross-site request forgery in web applications ◼ Clickjacking ◼ FTP bounce attack ⚫ Privilege escalation ⚫ User interface failures ◼ Warning fatigue or user conditioning. ◼ Blaming the victim ◼ Race Conditions https://en.wikipedia.org/wiki/Vulnerability_(computing) software security 6 dit OWASP Top 10 https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project software security 7 dit SANS top 25 https://www.sans.org/top25-software-errors/archive/2010 software security 8 dit SANS top 25 software security 9 dit SANS top 25 software security 10 dit SANS top 25 software security 11 dit top 25 Rank Score ID Name [1] 93.8 CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') [2] 83.3 CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') [3] 79 CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') [4] 77.7 CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') [5] 76.9 CWE-306 Missing Authentication for Critical Function [6] 76.8 CWE-862 Missing Authorization [7] 75 CWE-798 Use of Hard-coded Credentials [8] 75 CWE-311 Missing Encryption of Sensitive Data [9] 74 CWE-434 Unrestricted Upload of File with Dangerous Type [10] 73.8 CWE-807 Reliance on Untrusted Inputs in a Security Decision http://cwe.mitre.org/top25/index.html software security 12 dit SQL injection php http sql software security 13 dit SQL injection $username = isset($_POST['username']) ? $_POST['username'] : ""; $password = isset($_POST['password']) ? $_POST['password'] : ""; $query = sprintf("SELECT * FROM users WHERE username = '%s' AND password = '%s’;”, $username, $password); $result = $db->query($query); $query = sprintf("SELECT * FROM users WHERE username = '%s' AND password = '%s';", SQLite3::escapeString($username), SQLite3::escapeString($password)); $stmt0 = "SELECT * FROM users " . "WHERE username = :user AND password = :pw"; $stmt = $db->prepare($stmt0); $stmt->bindValue(':user', $username, SQLITE3_TEXT); $stmt->bindValue(':pw', $password, SQLITE3_TEXT);http://sqlidemo.altervista.org/index.php $resultsoftware = $stmtsecurity->execute(); 14 dit sql injection http://xkcd.com/327/ software security 15 dit SQL injection ⚫ root cause is to accept user input blindly ◼ no analysis ◼ no sanitization ⚫ Defenses ◼ what the user writes is not reliable ◼ stored procedures ◼ prepared statements ◼ limit access to the database (minimal surface) ◼ beware of error messages software security 16 dit injection ⚫ generic technique ⚫ https://en.wikipedia.org/wiki/Code_injection software security 17 dit OS command injection $ cat _exs/nslookup.html <!DOCTYPE html> <html> <body> <h1>nslookup helper</h1> <form action="nslookup.php" method="post"> $ cat _exs/nslookup.php host: <!DOCTYPE html> <input type="text" name="host" size="100" maxlength="100"> <input type="submit" name="formSubmit" value="Submit"> <html> </form> <body> </body> <h1>nslookup ...</h1> </html> <?php echo '<pre>'; $host = $_POST["host"]; echo "nslookup " . $host . "\n"; system("nslookup " . $host); echo '</pre>'; ?> </body> </html> software security 18 dit rce – remote command execution $ cat _exs/nslookup.php <!DOCTYPE html> <html> <body> <h1>nslookup ...</h1> <?php echo '<pre>'; $host = $_POST["host"]; echo "nslookup " . $host . "\n"; system("nslookup " . $host); echo '</pre>'; ?> </body> </html> software security 19 dit [classic] buffer overflow ⚫ typical problem in C y C++ lack of bound checking software security 20 dit buffer overflow char buff[10]; buff[10] = 'a'; strcpy(buff, “mas de 10 caracteres”); software security 21 dit stack smash ⚫ C: when a function is called, the stack saves ◼ return address ◼ call arguments ◼ local variables ⚫ when a local buffer overflows, ◼ arguments can be modified ◼ return address can be changed (jump somewhere else) software security 22 dit C stack function call software security 23 dit buffer overflow ⚫ remedies ◼ safe coding safe libraries ◼ tools to analyse source code (static analysis) no gets(), strcmp(), strcpy(), … ◼ pattern detection (nop slide, virtual nops, …) on download (IDS) ◼ executable space protection ◼ canary ◼ … https://en.wikipedia.org/wiki/Buffer_overflow https://en.wikipedia.org/wiki/Buffer_overflow_protection software security 24 dit languages Direct Language / Compiled or Strongly Safe or Memory Environment Interpreted Typed Unsafe Access Java, Java Virtual Both Yes No Safe Machine (JVM) .NET Both Yes No Safe Perl Both Yes No Safe Python - interpreted Intepreted Yes No Safe Ruby Interpreted Yes No Safe C/C++ Compiled No Yes Unsafe Assembly Compiled No Yes Unsafe COBOL Compiled Yes No Safe https://www.owasp.org/index.php/Buffer_Overflows software security 25 dit XSS - cross-site scripting ⚫ when the attacker succeeds to execute javascript on user’s browser ◼ when the server copies attacker’s text into web response ◼ reflected ◼ stored ◼ DOM-based dynamic modification of html ⚫ typical usage: send session ids (i.e. cookies) software security 26 dit stored xss (persistent) https://excess-xss.com/ software security 27 dit reflected xss https://excess-xss.com/ software security 28 dit DOM-based xss (client-side) https://excess-xss.com/ software security 29 dit XSS - defenses ⚫ difficult to remove entirely ⚫ input validation (stored) ⚫ encoded output ⚫ https://excess-xss.com/ ⚫ https://www.google.com/about/appsecurity/learning/xss/ software security 30 Authentication & authorization dit ⚫ when we step into a critical task without sound authentication ◼ sensible data leak ◼ denial of service ⚫ when the server blindly trust clinet side authentication ⚫ remedy ◼ design task classification: normal, priviledged, administrative environment authentication ◼ source code inspection: revise critical areas software security 31 dit Use of Hard-coded Credentials ⚫ crypto keys or passwords in … ◼ in code (source or executable) ◼ in configuration files (obfuscated) ◼ in registry (obfuscated) ⚫ reverse engineer to access ◼ decompile ◼ memory dump ◼ step by step execution ⚫ if the secret is revealed, (white hat | black hat) it is very difficult to repair ◼ downloaded programs ◼ client-server coordination software security 32 dit Use of Hard-coded Credentials ⚫ remedies (partial) ◼ store hash to check correct data input ◼ limit the life of the key in clear ◼ OTP – reduced lifetime software security 33 dit secrets in code $ cat EncodedPW.java $ strings EncodedPW.class public class EncodedPW { user private String user= "pepe"; Ljava/lang/String; private String pw= "my key"; <init> Code } LineNumberTable SourceFile EncodedPW.java pepe my key EncodedPW java/lang/Object software security 34 dit secrets in code $ cat EncodedPW.java public class EncodedPW { private String user= "pepe"; private String pw= “my key"; $ javap -c EncodedPW.class } Compiled from "EncodedPW.java" public class EncodedPW { public EncodedPW(); Code: 0: aload_0 1: invokespecial #1 // Method java/lang/Object."<init>":()V 4: aload_0 5: ldc #2 // String pepe 7: putfield #3 // Field user:Ljava/lang/String; 10: aload_0 11: ldc #4 // String my key 13: putfield #5 // Field pw:Ljava/lang/String; 16: return } software security 35 dit secrets in code $ cat EncodedPW.java public class EncodedPW { private String user= "pepe"; private String pw= “my key"; } http://www.javadecompilers.com/ software security 36 dit secrets in code $ cat check_admin.c #include <stdio.h> #include <string.h> $ strings check_admin.exe int main(int argc, char* argv[]) { … … … char* password= argv[0]; @B/70 if (strcmp(password, "Mew!")) { B/81 printf("Incorrect Password!\n"); B/92 return(0); tgr5 } cyggcj-16.dll printf("Entering Diagnostic Mode...\n");_Jv_RegisterClasses return(1); Mew! } Incorrect Password! Entering Diagnostic Mode... GCC: (GNU) 5.4.0 20160603 (Fedora Cygwin 5.4.0-2) GCC: (GNU) 5.4.0
Load more

Recommended publications
  • Shell Scripting with Bash
    Introduction to Shell Scripting with Bash Charles Jahnke Research Computing Services Information Services & Technology Topics for Today ● Introductions ● Basic Terminology ● How to get help ● Command-line vs. Scripting ● Variables ● Handling Arguments ● Standard I/O, Pipes, and Redirection ● Control Structures (loops and If statements) ● SCC Job Submission Example Research Computing Services Research Computing Services (RCS) A group within Information Services & Technology at Boston University provides computing, storage, and visualization resources and services to support research that has specialized or highly intensive computation, storage, bandwidth, or graphics requirements. Three Primary Services: ● Research Computation ● Research Visualization ● Research Consulting and Training Breadth of Research on the Shared Computing Cluster (SCC) Me ● Research Facilitator and Administrator ● Background in biomedical engineering, bioinformatics, and IT systems ● Offices on both CRC and BUMC ○ Most of our staff on the Charles River Campus, some dedicated to BUMC ● Contact: [email protected] You ● Who has experience programming? ● Using Linux? ● Using the Shared Computing Cluster (SCC)? Basic Terminology The Command-line The line on which commands are typed and passed to the shell. Username Hostname Current Directory [username@scc1 ~]$ Prompt Command Line (input) The Shell ● The interface between the user and the operating system ● Program that interprets and executes input ● Provides: ○ Built-in commands ○ Programming control structures ○ Environment
    [Show full text]
  • Windows Command Prompt Cheatsheet
    Windows Command Prompt Cheatsheet - Command line interface (as opposed to a GUI - graphical user interface) - Used to execute programs - Commands are small programs that do something useful - There are many commands already included with Windows, but we will use a few. - A filepath is where you are in the filesystem • C: is the C drive • C:\user\Documents is the Documents folder • C:\user\Documents\hello.c is a file in the Documents folder Command What it Does Usage dir Displays a list of a folder’s files dir (shows current folder) and subfolders dir myfolder cd Displays the name of the current cd filepath chdir directory or changes the current chdir filepath folder. cd .. (goes one directory up) md Creates a folder (directory) md folder-name mkdir mkdir folder-name rm Deletes a folder (directory) rm folder-name rmdir rmdir folder-name rm /s folder-name rmdir /s folder-name Note: if the folder isn’t empty, you must add the /s. copy Copies a file from one location to copy filepath-from filepath-to another move Moves file from one folder to move folder1\file.txt folder2\ another ren Changes the name of a file ren file1 file2 rename del Deletes one or more files del filename exit Exits batch script or current exit command control echo Used to display a message or to echo message turn off/on messages in batch scripts type Displays contents of a text file type myfile.txt fc Compares two files and displays fc file1 file2 the difference between them cls Clears the screen cls help Provides more details about help (lists all commands) DOS/Command Prompt help command commands Source: https://technet.microsoft.com/en-us/library/cc754340.aspx.
    [Show full text]
  • “Linux at the Command Line” Don Johnson of BU IS&T  We’Ll Start with a Sign in Sheet
    “Linux at the Command Line” Don Johnson of BU IS&T We’ll start with a sign in sheet. We’ll end with a class evaluation. We’ll cover as much as we can in the time allowed; if we don’t cover everything, you’ll pick it up as you continue working with Linux. This is a hands-on, lab class; ask questions at any time. Commands for you to type are in BOLD The Most Common O/S Used By BU Researchers When Working on a Server or Computer Cluster Linux is a Unix clone begun in 1991 and written from scratch by Linus Torvalds with assistance from a loosely-knit team of hackers across the Net. 64% of the world’s servers run some variant of Unix or Linux. The Android phone and the Kindle run Linux. a set of small Linux is an O/S core programs written by written by Linus Richard Stallman and Torvalds and others others. They are the AND GNU utilities. http://www.gnu.org/ Network: ssh, scp Shells: BASH, TCSH, clear, history, chsh, echo, set, setenv, xargs System Information: w, whoami, man, info, which, free, echo, date, cal, df, free Command Information: man, info Symbols: |, >, >>, <, ;, ~, ., .. Filters: grep, egrep, more, less, head, tail Hotkeys: <ctrl><c>, <ctrl><d> File System: ls, mkdir, cd, pwd, mv, touch, file, find, diff, cmp, du, chmod, find File Editors: gedit, nedit You need a “xterm” emulation – software that emulates an “X” terminal and that connects using the “SSH” Secure Shell protocol. ◦ Windows Use StarNet “X-Win32:” http://www.bu.edu/tech/support/desktop/ distribution/xwindows/xwin32/ ◦ Mac OS X “Terminal” is already installed Why? Darwin, the system on which Apple's Mac OS X is built, is a derivative of 4.4BSD-Lite2 and FreeBSD.
    [Show full text]
  • UNIX X Command Tips and Tricks David B
    SESUG Paper 122-2019 UNIX X Command Tips and Tricks David B. Horvath, MS, CCP ABSTRACT SAS® provides the ability to execute operating system level commands from within your SAS code – generically known as the “X Command”. This session explores the various commands, the advantages and disadvantages of each, and their alternatives. The focus is on UNIX/Linux but much of the same applies to Windows as well. Under SAS EG, any issued commands execute on the SAS engine, not necessarily on the PC. X %sysexec Call system Systask command Filename pipe &SYSRC Waitfor Alternatives will also be addressed – how to handle when NOXCMD is the default for your installation, saving results, and error checking. INTRODUCTION In this paper I will be covering some of the basics of the functionality within SAS that allows you to execute operating system commands from within your program. There are multiple ways you can do so – external to data steps, within data steps, and within macros. All of these, along with error checking, will be covered. RELEVANT OPTIONS Execution of any of the SAS System command execution commands depends on one option's setting: XCMD Enables the X command in SAS. Which can only be set at startup: options xcmd; ____ 30 WARNING 30-12: SAS option XCMD is valid only at startup of the SAS System. The SAS option is ignored. Unfortunately, ff NOXCMD is set at startup time, you're out of luck. Sorry! You might want to have a conversation with your system administrators to determine why and if you can get it changed.
    [Show full text]
  • Chapter 10 SHELL Substitution and I/O Operations
    Chapter 10 SHELL Substitution and I/O Operations 10.1 Command Substitution Command substitution is the mechanism by which the shell performs a given set of commands and then substitutes their output in the place of the commands. Syntax: The command substitution is performed when a command is given as: `command` When performing command substitution make sure that you are using the backquote, not the single quote character. Example: Command substitution is generally used to assign the output of a command to a variable. Each of the following examples demonstrate command substitution: #!/bin/bash DATE=`date` echo "Date is $DATE" USERS=`who | wc -l` echo "Logged in user are $USERS" UP=`date ; uptime` echo "Uptime is $UP" This will produce following result: Date is Thu Jul 2 03:59:57 MST 2009 Logged in user are 1 Uptime is Thu Jul 2 03:59:57 MST 2009 03:59:57 up 20 days, 14:03, 1 user, load avg: 0.13, 0.07, 0.15 10.2 Shell Input/Output Redirections Most Unix system commands take input from your terminal and send the resulting output back to your terminal. A command normally reads its input from a place called standard input, which happens to be your terminal by default. Similarly, a command normally writes its output to standard output, which is also your terminal by default. Output Redirection: The output from a command normally intended for standard output can be easily diverted to a file instead. This capability is known as output redirection: If the notation > file is appended to any command that normally writes its output to standard output, the output of that command will be written to file instead of your terminal: Check following who command which would redirect complete output of the command in users file.
    [Show full text]
  • ANSWERS ΤΟ EVEN-Numbered
    8 Answers to Even-numbered Exercises 2.1. WhatExplain the following unexpected are result: two ways you can execute a shell script when you do not have execute permission for the file containing the script? Can you execute a shell script if you do not have read permission for the file containing the script? You can give the name of the file containing the script as an argument to the shell (for example, bash scriptfile or tcsh scriptfile, where scriptfile is the name of the file containing the script). Under bash you can give the following command: $ . scriptfile Under both bash and tcsh you can use this command: $ source scriptfile Because the shell must read the commands from the file containing a shell script before it can execute the commands, you must have read permission for the file to execute a shell script. 4.3. AssumeWhat is the purpose ble? you have made the following assignment: $ person=zach Give the output of each of the following commands. a. echo $person zach b. echo '$person' $person c. echo "$person" zach 1 2 6.5. Assumengs. the /home/zach/grants/biblios and /home/zach/biblios directories exist. Specify Zach’s working directory after he executes each sequence of commands. Explain what happens in each case. a. $ pwd /home/zach/grants $ CDPATH=$(pwd) $ cd $ cd biblios After executing the preceding commands, Zach’s working directory is /home/zach/grants/biblios. When CDPATH is set and the working directory is not specified in CDPATH, cd searches the working directory only after it searches the directories specified by CDPATH.
    [Show full text]
  • Learning Objectives ECHO Commands. Command. 10. Explain
    . SA Learning Objectives After completing this chapter you will be able to: 1. List commands used in batch files. 2. List and explain batch file rules. 3. Use a batch file with a shortcut. 3. Explore the function of the REM, 4. Use the SHIFT command to move param- ECHO commands. eters. 4. Explain the use of batch files with shortcuts. 5. Use the IF command with strings for condi- 5. Explain the purpose and function of the tional processing. GOTO command. 6. Test for null values in a batch file. 6. Explain the purpose and function of the 7. Use the IF EXIST /IF SHIFT command. test for the existence of a file or a 7. Explain the purpose and function of the IF subdirectory. command. 8. Use the SET command. 8. Explain the purpose and function of the IF 9. Use the environment and environmental EXIST /IF variables in batch files. 9. Explain the purpose and function of the IF 10. Use the IF ERRORLEVEL command ERRORLEVEL command. XCOpy to write a batch file for testing exit 10. Explain the purpose and function of writing codes. programs. 11. Use the FOR...IN...OO command for repeti- 11. Explain the purpose and function of the tive processing. environment and environmental variables. 12. Use the CALL command in a batch file. 12. Explain the use of the SET command. 13. Explain the purpose and function of the Chapter Overview FOR...IN...OO command. You learned in Chapter 10 how to write simple 14. Explain the purpose and function of the batch files and use replaceable parameters.
    [Show full text]
  • Command Reference Guide for Cisco Prime Infrastructure 3.9
    Command Reference Guide for Cisco Prime Infrastructure 3.9 First Published: 2020-12-17 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883 THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS. THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY. The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB's public domain version of the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California. NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS" WITH ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE. IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
    [Show full text]
  • Configuring Your Login Session
    SSCC Pub.# 7-9 Last revised: 5/18/99 Configuring Your Login Session When you log into UNIX, you are running a program called a shell. The shell is the program that provides you with the prompt and that submits to the computer commands that you type on the command line. This shell is highly configurable. It has already been partially configured for you, but it is possible to change the way that the shell runs. Many shells run under UNIX. The shell that SSCC users use by default is called the tcsh, pronounced "Tee-Cee-shell", or more simply, the C shell. The C shell can be configured using three files called .login, .cshrc, and .logout, which reside in your home directory. Also, many other programs can be configured using the C shell's configuration files. Below are sample configuration files for the C shell and explanations of the commands contained within these files. As you find commands that you would like to include in your configuration files, use an editor (such as EMACS or nuTPU) to add the lines to your own configuration files. Since the first character of configuration files is a dot ("."), the files are called "dot files". They are also called "hidden files" because you cannot see them when you type the ls command. They can only be listed when using the -a option with the ls command. Other commands may have their own setup files. These files almost always begin with a dot and often end with the letters "rc", which stands for "run commands".
    [Show full text]
  • Bash Tutorial
    Bash Shell Lecturer: Prof. Andrzej (AJ) Bieszczad Email: [email protected] Phone: 818-677-4954 Bash Shell The shell of Linux • Linux has a variety of different shells: – Bourne shell (sh), C shell (csh), Korn shell (ksh), TC shell (tcsh), Bour ne Again shell (bash). • Certainly the most popular shell is “bash”. Bash is an sh- compatible shell that incorporates useful features from the Korn shell (ksh) and C shell (csh). • It is intended to conform to the IEEE POSIX P1003.2/ISO 9945.2 Shell and Tools standard. • It offers functional improvements over sh for both programming and interactive use. Bash Shell Programming or Scripting ? • bash is not only an excellent command line shell, but a scripting language in itself. Shell scripting allows us to use the shell's abilities and to automate a lot of tasks that would otherwise require a lot of commands. • Difference between programming and scripting languages: – Programming languages are generally a lot more powerful and a lot faster than scriptin g languages. Programming languages generally start from source code and are compil ed into an executable. This executable is not easily ported into different operating syste ms. – A scripting language also starts from source code, but is not compiled into an executabl e. Rather, an interpreter reads the instructions in the source file and executes each inst ruction. Interpreted programs are generally slower than compiled programs. The main a dvantage is that you can easily port the source file to any operating system. bash is a s cripting language. Other examples of scripting languages are Perl, Lisp, and Tcl.
    [Show full text]
  • System Analysis and Tuning Guide System Analysis and Tuning Guide SUSE Linux Enterprise Server 15 SP1
    SUSE Linux Enterprise Server 15 SP1 System Analysis and Tuning Guide System Analysis and Tuning Guide SUSE Linux Enterprise Server 15 SP1 An administrator's guide for problem detection, resolution and optimization. Find how to inspect and optimize your system by means of monitoring tools and how to eciently manage resources. Also contains an overview of common problems and solutions and of additional help and documentation resources. Publication Date: September 24, 2021 SUSE LLC 1800 South Novell Place Provo, UT 84606 USA https://documentation.suse.com Copyright © 2006– 2021 SUSE LLC and contributors. All rights reserved. Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or (at your option) version 1.3; with the Invariant Section being this copyright notice and license. A copy of the license version 1.2 is included in the section entitled “GNU Free Documentation License”. For SUSE trademarks, see https://www.suse.com/company/legal/ . All other third-party trademarks are the property of their respective owners. Trademark symbols (®, ™ etc.) denote trademarks of SUSE and its aliates. Asterisks (*) denote third-party trademarks. All information found in this book has been compiled with utmost attention to detail. However, this does not guarantee complete accuracy. Neither SUSE LLC, its aliates, the authors nor the translators shall be held liable for possible errors or the consequences thereof. Contents About This Guide xii 1 Available Documentation xiii
    [Show full text]
  • Linux Commands Arp -A Display the Content of the ARP Cache
    Linux Commands arp -a Display the content of the ARP cache. arp –d IPaddress Deletes the entry with the IP address IPaddress. arp –s IPaddress MACAddress Adds a static entry to the ARP cache that is never overwritten by network events. The MAC address is entered as 6 hexadecimal bytes separated by colons. Example: arp –s 10.0.1.12 00:02:2D:0D:68:C1 ip –s –s neigh flush all command to clear the arp cache ip address add IPAddr/xx dev interface Adds IPAddr with prefix xx to interface. E.g., ip address add 128.10.1.10/24 dev eth0 ip address del IPAddr/xx dev interface Deletes IPAddr with prefix xx on interface. E.g., ip address del 128.10.1.10/24 dev eth0 ip address flush dev interface Deletes all statically assigned IP addresses for dev interface. ip address show dev interface Shows all assigned IP addresses for dev interface. netstat –i Displays a table with statistics of the currently configured network interfaces. netstat –rn Displays the kernel routing table. The –n option forces netstat to print the IP addresses. Without this option, netstat attempts to display the host names. netstat –an netstat –tan netstat -uan Displays the active network connections. The –a option display all active network connections, the –ta option displays only information on TCP connections, and the –tu option displays only information on UDP traffic. Omitting the –n option prints host names, instead of IP addresses. netstat –s Displays summary statistics for each protocol that is currently running on the host.
    [Show full text]