date: “2017-01-12” draft: false title: “Unix Trinkets”

Generic

Replace match with new line in `sed`

# Yep, that is a hard return followed by the end of the expression
sed 's/needle/\
/g'

cat test.sh | sed 's/BREAK/\
/g' > test.sh

Removing control and color characters from a file

cat file.txt | perl -pe 's/\e([^\[\]]|\[.*?[a-zA-Z]|\].*?\a)//g' | col -b > survey-processed.txt

ps -o pid,args -p "$(fuser /home/bubba 2>/dev/null)"
ps -o pid,args -p "$(fuser /usr/bin/slogin 2>/dev/null)"

Solaris

PIDS listening on PORT

On solaris you can display the PIDS listening on PORT with the below command. Found on stack overflow.

Replace PORTNUMBER with a port number you wish to research

pfiles /proc/* 2>/dev/null | nawk '/^[0-9]*:/ { pid=$0 }/port: PORTNUMBER$/ { printf("%s %s\n",pid,$0);}'

# This gives the same information as above but shows the network connection status
# for every process on the box
# Shows
# PID:  /path/to/executable
#   sockname:...
#   sockname:...
for p in $(cd /proc; 
  find * -type d -prune | sort -n ); 
  do pf_out=$(pfiles $p 2> /dev/null); 
  echo -e "$(echo "$pf_out" | head -n 1)\n$(echo "$pf_out" | grep port)"; 
done

File Access Times

truss -v lstat -t lstat ls /etc/passwd

`ptree` with socket table

IFS=$'\n'; for line in $(ptree); 
  do p=$(echo $line | awk '{print $1}'); 
  ports=$(pfiles $p 2> /dev/null | grep port); 
  printf "%s\n%s\n" "$line" "$ports"; 
done

Linux

Getting True Executable Paths

# Made for Linux
# Assumes a PID is in the second column of the PS output
# Uses --forest instead of -H for pretty output
IFS=$'\n'; for line in $(ps -ef --forest); 
  do pid=$(echo $line | awk '{print $2}'); 
  exec_path=$(ls -l /proc/$pid/exe 2> /dev/null | awk -F "-> " '{print $2}'); 
  printf "%-100s%-30s\n" "$line" "'$exec_path'"; 
done