bedtime question : xargs
David A. Bandel
david.bandel at gmail.com
Thu Apr 23 05:39:41 PDT 2009
On Thu, Apr 23, 2009 at 6:27 AM, Roger Oberholtzer <roger at opq.se> wrote:
[snip]
>
> That was going to be my first response. But that would do the command
> for each file, one at a time. xargs will collect all of then and send
> them out as one list in {}, so the command happens once. If there is a
> password for the command, this could save a lot of typing...
>
True. However:
1. If anyone is running a publicly accessible ssh server today that
allows password authentication, they are insane (or have been living
under a rock). I can testify to a recently released Security Focus
note regarding the number and intensity of attacks on ssh servers with
password authentication enabled. One honeypot will attract thousands
of attacks per day, and it recently suddenly increased -- several
thousand attacks per day, and the password list could be used to write
an unabridged dictionary (the kind that also has "'1337" (leet for
elite letter/number and passwords beginning and ending with numbers)
substitution. I will also tell you I don't believe changing ports
(security through obscurity) is worth the trouble it takes to change
the one line in sshd_config. SSH packets can still be recognized by a
sniffer.
2. The one at a time method using find's -exec option overcomes one
small problem: having a list of files too long to handle via one
command. Even `rm *` will choke if you have thousands of small files
and the list becomes too long.
Ciao,
David A. Bandel
--
Focus on the dream, not the competition.
- Nemesis Air Racing Team motto
More information about the Linux-users
mailing list