
Security News
Follow-up and Clarification on Recent Malicious Ruby Gems Campaign
A clarification on our recent research investigating 60 malicious Ruby gems.
[]: {{{1
File : README.md
Maintainer : Felix C. Stegerman <flx@obfusk.net>
Date : 2014-03-03
Copyright : Copyright (C) 2014 Felix C. Stegerman
Version : v0.4.1
[]: }}}1
[]: {{{1
eftcmdr - yaml + ruby + whiptail
EftCmdr is a yaml dsl that wraps whiptail
[1] to display dialog
boxes. It provides a yaml dsl on top of eft
[2]. See examples/
for examples.
ask: ask_name
text: What is your name?
then:
eval: eval_hello
code: |
puts "Hello, #{ctx[:ask_name]}!"
$ eftcmdr examples/hello.yml
[]: {{{2
You can use eftcmdr-ssh-setup
to generate a
~/.ssh/authorized_keys
from ~/.eftcmdr.d/*.{pub,yml}
(see
examples/
). This allows you to use eftcmdr
to provide a menu
over ssh -t
that allows selected users to perform selected
actions.
NB: be careful what you allow -- access to e.g. rails console
or less
makes it trivial to get complete shell access.
You may need to load e.g. ~/.profile
(e.g. when eftcmdr
is not
in the default $PATH
). To make this easier, you can pass a third
argument to eftcmdr-ssh-setup
(or set $EFTCMDR_SSH_COMMAND
) to
choose the command to be put in the authorized_keys
file. You can
use e.g. $( which eftcmdr-ssh-wrapper )
to wrap eftcmdr
in a
shell script that sources ~/.eftcmdr_env
(which can e.g. be a
symlink to ~/.profile
).
[]: }}}2
→ blog post (with pictures!)
→ more complicated example yml file
[]: }}}1
$ rake spec # TODO
$ rake docs
LGPLv3+ [3].
[1] Newt (and whiptail) --- http://en.wikipedia.org/wiki/Newt_(programming_library)
[2] eft --- https://github.com/obfusk/eft
[3] GNU Lesser General Public License, version 3 --- http://www.gnu.org/licenses/lgpl-3.0.html
[]: ! ( vim: set tw=70 sw=2 sts=2 et fdm=marker : )
FAQs
Unknown package
We found that eftcmdr demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
A clarification on our recent research investigating 60 malicious Ruby gems.
Security News
ESLint now supports parallel linting with a new --concurrency flag, delivering major speed gains and closing a 10-year-old feature request.
Research
/Security News
A malicious Go module posing as an SSH brute forcer exfiltrates stolen credentials to a Telegram bot controlled by a Russian-speaking threat actor.