Skip to content
/ bashRPC Public

Simple HTTP server that executes configured commands remotely

1 star 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

binarymason/bashRPC

1 Branch7 Tags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

binarymasonbinarymason
reimplement nohup; combined with daemon (#12)
Aug 1, 2019
a8f08ba · Aug 1, 2019

History

20 Commits
dist
dist
Aug 1, 2019
internal/testhelpers
internal/testhelpers
Jul 16, 2019
script
script
Jul 17, 2019
test
test
Jul 17, 2019
.gitignore
.gitignore
Jul 17, 2019
README.md
README.md
Jul 24, 2019
command.go
command.go
Jul 17, 2019
command_test.go
command_test.go
Jul 17, 2019
config.go
config.go
Jul 18, 2019
config_test.go
config_test.go
Jul 18, 2019
logging.go
logging.go
Jul 18, 2019
main.go
main.go
Jul 18, 2019
main_test.go
main_test.go
Jul 18, 2019
nfpm.yaml
nfpm.yaml
Jul 18, 2019
router.go
router.go
Jul 18, 2019
ssl.go
ssl.go
Jul 18, 2019
ssl_test.go
ssl_test.go
Jul 18, 2019

Repository files navigation

bashRPC

Simple HTTP server that executes configured commands remotely.

Why use bashRPC instead of chef/ansible/saltstack/etc?

Use bashRPC when you don't want to give complete super user privileges. That prevents situations like:

salt "*" cmd.run "rm -rf /"
# - or -
ansible -i production all -a "rm -rf /"

Instead, you can configure an endpoint that does only a select few super user tasks, such as restarting a system service, etc.

Installation

Grab the latest binary and put it in somewhere in your path. Check the releases page. Alternatively, you can download a package.

Example for Debian systems:

# Note: this link may be out of date.  Be sure to check releases page to get latest version
wget https://github.com/binarymason/bashRPC/releases/download/v19.07.16-1002/bashrpc-v19.07.16-1002.deb
sudo apt install bashrpc-v19.07.16-1002.deb

Example Usage

  1. Create a config file. If you are using bashRPC as a system service, the config is located at /etc/bashrpc/bashrpc.yml
---

port: 8675
secret: supersecret

whitelisted_clients:
  - 127.0.0.1

routes:
  - path: /uptime
    cmd: uptime

  - path: /tail/systemd
    cmd: grep systemd /var/log/syslog | tail -n 50

  - path: /deploy
    cmd: |
      cd /srv/webapp
      git pull
      ./script/start-app
  1. start server
bashrpc -c /path/to/config

If you installed bashRPC with your package manager, you can alternatively start bashRPC as a system service:

Example for systemd:

sudo systemctl daemon-reload
sudo systemctl enable bashrpc
sudo systemctl start bashrpc
  1. ping server
$ curl -k -H "Authorization: supersecret" https://localhost:8675/uptime

Security

There are few security measures implemented in bashRPC:

  • No HTTP traffic. HTTPS is required.
  • User can specify their own SSL certificate, if desired.
  • Restricted to whitelist of IP addresses.
  • Authorization header is required for authentication on every request.
  • No parameterized inputs. Every command must be pre-configured in bashrpc.yml.

Output

bashRPC returns plain text responses, very similar if you were to be executing a command over SSH. This makes it easy to save responses to a variable, check for status code, etc. Both STDOUT and STDERR are combined in the output.

$ curl -k -H "Authorization: supersecret" https://localhost:8675/uptime
14:31:29 up 1 day,  1:16,  2 users,  load average: 1.77, 1.47, 1.43

If you care about whether or not your command fails, you can check the response. Using curl, for example, you can exit non-zero if a command fails using the --fail argument:

$ curl -k -H --fail "Authorization: supersecret" https://localhost:8675/iwillfail
iwillfail: command not found

$ echo "$?"
1

About

Simple HTTP server that executes configured commands remotely

Resources

Readme
Activity

Stars

1 star

Watchers

0 watching

Forks

1 fork
Report repository

Releases 5

Init.d System Service Fixes Latest
Aug 1, 2019
+ 4 releases

Packages

No packages published

Languages