VSIDO Community

VSIDO Controls => VSIDO Discussions => Topic started by: superwow on September 28, 2014, 03:28:16 AM

Title: bash vulnerabilities - use zsh
Post by: superwow on September 28, 2014, 03:28:16 AM
There has been a ton of talk on here about systemd and lightdm of late. So i feel like another potentially more critical topic may have been completely missed.

Several days ago Bash was shown to have vulnerabilities. Promptly massive exploits were reported across multiple OS's. Even the Fruit company updated their Bash implementation (which is almost unheard of, as the fruity bash has long gone unnoticed).

There have been updates to bash of late, but the sentiment on security blogs is that they are like tape on a cracked dam.

I switched to zsh and spent the weekend working on my .zshrc.

We had unbelievably beautiful fall weather in my city of residence; but I spent the entire day scouring zsh blogs for configs and info and had a blast. If you are interested in switching to zsh and need configs, here is my .zshrc.

# Set up the prompt

autoload -Uz promptinit
promptinit
#prompt adam1
#"prompt -l" lists available, "prompt -p" previews
#prompt elite2 'yellow'
#prompt fade 'blue'
prompt fire 'blue green yellow white white white'

setopt histignorealldups sharehistory

# Use emacs keybindings even if our EDITOR is set to vi
bindkey -e

# Keep 1000 lines of history within the shell and save it to ~/.zsh_history:
HISTSIZE=1000
SAVEHIST=1000
HISTFILE=~/.zsh_history

# Use modern completion system
autoload -Uz compinit
compinit

zstyle ':completion:*' auto-description 'specify: %d'
zstyle ':completion:*' completer _expand _complete _correct _approximate
zstyle ':completion:*' format 'Completing %d'
zstyle ':completion:*' group-name ''
zstyle ':completion:*' menu select=2
eval "$(dircolors -b)"
zmodload -i zsh/complist
zstyle ':completion:*:default' list-colors ${(s.:.)LS_COLORS}
zstyle ':completion:*' list-colors ''
zstyle ':completion:*' list-prompt %SAt %p: Hit TAB for more, or the character to insert%s
zstyle ':completion:*' matcher-list '' 'm:{a-z}={A-Z}' 'm:{a-zA-Z}={A-Za-z}' 'r:|[._-]=* r:|=* l:|=*'
zstyle ':completion:*' menu select=long
zstyle ':completion:*' select-prompt %SScrolling active: current selection at %p%s
zstyle ':completion:*' use-compctl false
zstyle ':completion:*' verbose true

zstyle ':completion:*:*:kill:*:processes' list-colors '=(#b) #([0-9]#)*=0=01;31'
zstyle ':completion:*:kill:*' command 'ps -u $USER -o pid,%cpu,tty,cputime,cmd'

# color code completion!!!!  Wohoo!
zstyle ':completion:*' list-colors "=(#b) #([0-9]#)*=36=31"

# History search: past commands beginning with the current input would have been shown
# [url]https://wiki.archlinux.org/index.php/Zsh[/url]
[[ -n "${key[PageUp]}"   ]]  && bindkey  "${key[PageUp]}"    history-beginning-search-backward
[[ -n "${key[PageDown]}" ]]  && bindkey  "${key[PageDown]}"  history-beginning-search-forward

# 10 second wait if you do something that will delete everything.  I wish I'd had this before...
# http://stackoverflow.com/questions/171563/whats-in-your-zshrc
setopt RM_STAR_WAIT

# beeps are annoying
setopt NO_BEEP

# Alias definitions.
# You may want to put all your additions into a separate file like
# ~/.zsh_aliases, instead of adding them here directly.
# See /usr/share/doc/bash-doc/examples in the bash-doc package.

if [ -f ~/.zsh_aliases ]; then
    . ~/.zsh_aliases
fi

## ## ## NOTE: shopt may only be a bash command, not zsh
# check the window size after each command and, if necessary,
# update the values of LINES and COLUMNS.
#shopt -s checkwinsize

# If set, the pattern "**" used in a pathname expansion context will
# match all files and zero or more directories and subdirectories.
#shopt -s globstar

# make less more friendly for non-text input files, see lesspipe(1)
#[ -x /usr/bin/lesspipe ] && eval "$(SHELL=/bin/sh lesspipe)"

# set variable identifying the chroot you work in (used in the prompt below)
if [ -z "$debian_chroot" ] && [ -r /etc/debian_chroot ]; then
    debian_chroot=$(cat /etc/debian_chroot)
fi

#Zsh can be configured to remember the DIRSTACKSIZE last visited folders.
#This can then be used to cd them very quickl
# USE "dirs -v" to print the dirstack
# USE "cd -<NUM>" to go back to a visited folder
# [url]https://wiki.archlinux.org/index.php/Zsh[/url]

DIRSTACKFILE="$HOME/.cache/zsh/dirs"
if [[ -f $DIRSTACKFILE ]] && [[ $#dirstack -eq 0 ]]; then
  dirstack=( ${(f)"$(< $DIRSTACKFILE)"} )
  [[ -d $dirstack[1] ]] && cd $dirstack[1]
fi
chpwd() {
  print -l $PWD ${(u)dirstack} >$DIRSTACKFILE
}

DIRSTACKSIZE=20

setopt autopushd pushdsilent pushdtohome

## Remove duplicate entries
setopt pushdignoredups

## This reverts the +/- operators.
setopt pushdminus

#Unlike bash, zsh does not enable a built in help command.
#But this below gives it to you
# [url]https://wiki.archlinux.org/index.php/Zsh[/url]
autoload -U run-help
autoload run-help-git
autoload run-help-svn
autoload run-help-svk
#unalias run-help
alias help=run-help

#Put working directory in titlebar of terminal emulator
# http://www.tuxradar.com/content/z-shell-made-easy
precmd() {
  [[ -t 1 ]] || return
  case $TERM in
    (sun-cmd) print -Pn "\e]l%~\e\\"
      ;;
    (*xterm*|rxvt|(dt|k|E)term) print -Pn "\e]2;%~\a"
      ;;
  esac
}

# Save the time and how long a command ran
setopt EXTENDED_HISTORY

setopt HIST_SAVE_NO_DUPS
setopt HIST_EXPIRE_DUPS_FIRST
setopt HIST_FIND_NO_DUPS

#}}}

#{{{ Prompt!

host_color=cyan
history_color=yellow
user_color=green
root_color=red
directory_color=magenta
error_color=red
jobs_color=green

host_prompt="%{$fg_bold[$host_color]%}%m%{$reset_color%}"
jobs_prompt1="%{$fg_bold[$jobs_color]%}(%{$reset_color%}"
jobs_prompt2="%{$fg[$jobs_color]%}%j%{$reset_color%}"
jobs_prompt3="%{$fg_bold[$jobs_color]%})%{$reset_color%}"
jobs_total="%(1j.${jobs_prompt1}${jobs_prompt2}${jobs_prompt3} .)"
history_prompt1="%{$fg_bold[$history_color]%}[%{$reset_color%}"
history_prompt2="%{$fg[$history_color]%}%h%{$reset_color%}"
history_prompt3="%{$fg_bold[$history_color]%}]%{$reset_color%}"
history_total="${history_prompt1}${history_prompt2}${history_prompt3}"
error_prompt1="%{$fg_bold[$error_color]%}<%{$reset_color%}"
error_prompt2="%{$fg[$error_color]%}%?%{$reset_color%}"
error_prompt3="%{$fg_bold[$error_color]%}>%{$reset_color%}"
error_total="%(?..${error_prompt1}${error_prompt2}${error_prompt3} )"

#ALT+S inserts "sudo " at the beginning of the line
insert_sudo () { zle beginning-of-line; zle -U "sudo " }
zle -N insert-sudo insert_sudo
bindkey "^[s" insert-sudo

#on slow infrastructure where tab-completion takes a while, show "waiting dots"
#while something tab-completes. (found on zsh-users)
# http://stackoverflow.com/questions/171563/whats-in-your-zshrc
expand-or-complete-with-dots() {
  echo -n "\e[31m......\e[0m"
  zle expand-or-complete
  zle redisplay
}
zle -N expand-or-complete-with-dots
bindkey "^I" expand-or-complete-with-dots

#fix all terminal bugs
# http://stackoverflow.com/questions/171563/whats-in-your-zshrc
export TERM=rxvt

#Set VIEW to your browser, e.g. export VIEW=/usr/bin/elinks or whatever
# you want to use for a quick google search
# URL encode something and print it.
function url-encode; {
        setopt extendedglob
        echo "${${(j: :)@}//(#b)(?)/%$[[##16]##${match[1]}]}"
}
# Search google for the given keywords.
function google; {
        $VIEW=/usr/bin/w3m -no-cookie "http://www.google.com/search?q=`url-encode "${(j: :)@}"`"
}


and created a .zsh_aliases with rejiggering from bash_aliases, which are slightly different

alias up='sudo apt-get update && sudo apt-get dist-upgrade'
alias get='sudo apt-get install'
#alias rem='sudo apt-get autoremove'
#alias cl='sudo apt-get autoclean'
alias prg='sudo apt-get purge'
alias dupgrd='sudo apt-get update && sudo apt-get dist-upgrade -d'
alias acs='apt-cache search'
alias se='apt-cache policy'
alias deps='apt-cache show' #with app will give you depends info etc.
alias upg='sudo update-grub'
alias grc='ps aux | grep'
#alias cd..='cd ..'
alias md=mkdir
alias sdn='sudo shutdown -h now'
alias sdr='sudo shutdown -r now'
alias ls='ls -F --color --group-directories-first'
alias l='ls -lha'
alias c='clear'
alias q='exit'
alias s='sudo'
alias reload='source ~/.zshrc'
alias al='cat ~/.zsh_aliases'
alias alr='ls -R'

alias gpoud='gpo update && gpo download'

alias hmr='mplayer http://hotmixradio-dance.ice.infomaniak.ch/hotmixradio-dance-128.mp3'

### from greywolf on VSIDO forums
## Colorize the grep command output for ease of use (good for log files)##
alias grep='grep --color=auto'
alias egrep='egrep --color=auto'
alias fgrep='fgrep --color=auto'

# install  colordiff package :)
alias diff='colordiff'

alias mount='mount |column -t'

## pass options to free ##
alias meminfo='free -m -l -t'

## get top process eating memory
alias psmem='ps auxf | sort -nr -k 4'
alias psmem10='ps auxf | sort -nr -k 4 | head -10'

## get top process eating cpu ##
alias pscpu='ps auxf | sort -nr -k 3'
alias pscpu10='ps auxf | sort -nr -k 3 | head -10'

## Get server cpu info ##
alias cpuinfo='lscpu'

## older system use /proc/cpuinfo ##
##alias cpuinfo='less /proc/cpuinfo' ##

## get GPU ram on desktop / laptop##
alias gpumeminfo='grep -i --color memory /var/log/Xorg.0.log'

# some more ls aliases
alias ls='ls --group-directories-first --time-style=+"%d.%m.%Y %H:%M" --color=auto -F'
alias ll='ls -l --group-directories-first --time-style=+"%d.%m.%Y %H:%M" --color=auto -F'
alias la='ls -la --group-directories-first --time-style=+"%d.%m.%Y %H:%M" --color=auto -F'
alias lx='ls -lXB'        # sort by extension
alias lk='ls -lSr'        # sort by size
alias lr='ls -lR'        # recursice ls
alias lt='ls -ltr'        # sort by date
alias lm='ls -al |more'        # pipe through 'more'
alias tree='tree -Cs'        # nice alternative to 'ls'
alias l='ls -hF --color'    # quick listing
alias lsize='ls --sort=size -lhr' # list by size
alias lsd='ls -l | grep "^d"'   #list only directories

# copy with a progress bar.
alias cpv="rsync -poghb --backup-dir=/tmp/rsync -e /dev/null --progress --"

#Command substitution
alias ff='sudo find / -name $1'
alias df='df -h -x tmpfs -x usbfs'
alias psg='ps -ef | grep $1'
alias h='history | grep $1'
#alias rm='rm -i'
#alias cp='cp -i'
#alias mv='mv -i'
alias mkdir='mkdir -p -v'
alias which='type -all'
alias path='echo -e ${PATH//:/\\n}'
alias vi='vim'
alias du='du -h -c --max-depth=1'
alias c='clear'

#Personal Help
#alias dn='OPTIONS=$(\ls -F | grep /$); select s in $OPTIONS; do cd $PWD/$s; break;done'
#alias help='OPTIONS=$(\ls ~/.tips -F);select s in $OPTIONS; do less ~/.tips/$s; break;done'

#show most popular commands
alias top-commands='history | awk "{print $2}" | awk "BEGIN {FS="|"} {print $1}" |sort|uniq -c | sort -rn | head -10'

# empty trash
alias trash="rm -fr ~/.Trash"

## Moving around & all that jazz
# http://www.tuxradar.com/content/z-shell-made-easy
alias -g back='cd "$OLDPWD"'
alias -g ..="cd .."
alias -g ...="cd ../.."
alias -g ....="cd ../../.."
alias -g .....="cd ../../../.."
alias -g ......="cd ../../../../.."

## Dir shortcuts (slightly diff from bash
# http://www.tuxradar.com/content/z-shell-made-easy
hash -d home=~/
hash -d docs=~/Documents
hash -d dls=~/downloads
hash -d imgs=~/images
hash -d vids=~/videos
hash -d muz=~/music
#hash -d news=~/gPodder/Downloads/NBC Nightly News '(video')')

## App-specific

## Sudo fixes
alias orphand='sudo deborphan | xargs sudo apt-get -y remove --purge'
alias cleanup='sudo apt-get autoclean && sudo apt-get autoremove && sudo apt-get clean && sudo apt-get remove && orphand'
alias upddb='sudo updatedb'
alias swapclear='sudo swapoff -a && sleep 2s && sudo swapon -a'

#find sorted list of biggest files under current directory:
# http://stackoverflow.com/questions/171563/whats-in-your-zshrc
alias biggest='find -type f -printf '\''%s %p\n'\'' | sort -nr | head -n 40 | gawk "{ print \$1/1000000 \" \" \$2 \" \" \$3 \" \" \$4 \" \" \$5 \" \" \$6 \" \" \$7 \" \" \$8 \" \" \$9 }"'

### /from grewolf

### from digit on VSIDO forums

alias big='ls -laSh | head'
alias cdls='cd $1 && ls'
alias dit='emacsclient'
alias fehb='feh --bg-scale'
alias fehbc='feh --bg-center'
alias fehbf='feh --bg-fill'
alias fehbs='feh --bg-scale'
alias ls='ls --color=auto'
alias running='PS_FORMAT="user,pid,pcpu,pmem,start,args" ps axf'

### /from digit on VSIDO forums
#digit's flite aliases
alias fime='flite_time `date +%H:%M`'

### from me
alias weathIL='inxi -W60089'
alias weathSD='inxi -W92116'
alias weathAT='inxi -W30064'
alias weathHO='inxi -W70002'

## a few from http://zsh.sourceforge.net/Contrib/startup/std/zshrc
# List only directories and symbolic
# links that point to directories
alias lsd='ls -ld *(-/DN)'
# List only file beginning with "."
alias lsa='ls -ld .*'

## ## ## ## FUNCTIONS
### /from statmonkey @ vsido.org/forums

# This is just a simple function to take notes.  You can just enter note (whatever you want)
# and it will append it to notes in home/documents but you can set it to go anywhere
note () {
    # if file doesn't exist, create it
    if [[ ! -f $HOME/documents/notes ]]; then
        touch $HOME/documents/notes
    fi

    if [[ $# -eq 0 ]]; then
        # no arguments, print file
        cat $HOME/documents/notes
    elif [[ "$1" == "-c" ]]; then
        # clear file
        echo "" > $HOME/documents/notes
    elif [[ "$1" == "-e" ]]; then
        nano $HOME/documents/notes
    else
        # add all arguments to file
        echo "$@" >> $HOME/documents/notes
    fi
}



Title: Re: bash vulnerabilities - use zsh
Post by: PackRat on September 28, 2014, 11:17:04 AM
Nice;

I like the zsh prompt you came up with.

zsh is still 90+% compatible with bash isn't it; so most, if not all, pre-existing bash scripts will still work?
Title: Re: bash vulnerabilities - use zsh
Post by: superwow on September 28, 2014, 02:15:08 PM
Yep, most things are the same. My alias file was nearly identical escept for aliases to directories, which are 'hashes' not 'aliases' in zsh.

Configuration of the prompt is totally different, but you can figure it out in like 5 min or less. One cool thing about zsh is you can get a prompt on the left AND right at the same time, and put different stuff there. I'm working on a battery indicator I found on the webz but had to go to sleep last night so wasn't done.

Some bash scripting works out of the box. Some needs rejiggering. Like that 'help' bit which I have commented out. Zsh doesn't have a help function like bash. You have to code it. Our Arch cousins provided that nifty bit, but I can't get it to work.

Also, I would like to figure out how to keep the prompt always visible as the top line of the terminal emulator. I think that bit is different.
Title: Re: bash vulnerabilities - use zsh
Post by: VastOne on September 28, 2014, 02:32:16 PM
Incredible work superwow... I am very interested and looking at zsh as well

Thank you for this How To   8)