pipelines. xargs. Lets you work w/ a whole slew of input in useful ways. For instance - script kiddies trying to find php holes on our web server (no php in use there) - this is one line:
grep php /var/log/httpd/access_log | cut -d" " -f1 | sort | uniq | xargs -i dig -x {} | grep -A1 ANSWER.SECTION
;; ANSWER SECTION:
134.81.142.14.in-addr.arpa. 86400 IN PTR 14.142.81.134.static-Mumbai.vsnl.net.in.
--
;; ANSWER SECTION:
200.123.225.192.in-addr.arpa. 300 IN PTR unknown.SanDiegoBroadband.com.
An interesting note to "ZZ" I just learned is it won't save if your disk copy has been deleted, while :wq will. I was (foolishly) working on a test script in /tmp and the next day I'd left it open. /tmp had been cleaned but I assumed ZZ would write it out - nope. I'd not made a change since the last save (now deleted) and viola! the file was gone.
pipelines. xargs. Lets you work w/ a whole slew of input in useful ways. For instance - script kiddies trying to find php holes on our web server (no php in use there) - this is one line:
grep php /var/log/httpd/access_log | cut -d" " -f1 | sort | uniq | xargs -i dig -x {} | grep -A1 ANSWER.SECTION
;; ANSWER SECTION:
134.81.142.14.in-addr.arpa. 86400 IN PTR 14.142.81.134.static-Mumbai.vsnl.net.in.
--
;; ANSWER SECTION:
200.123.225.192.in-addr.arpa. 300 IN PTR unknown.SanDiegoBroadband.com.