RPort
  • RPort Knowledge Base
  • 👀WHAT IS RPORT
    • Features and benefits of RPort
      • Full feature list
    • Screenshots
    • Release Notes
      • 1.1.2
      • 1.1.0
      • 1.0.5
      • 1.0.4
      • 1.0.3
      • 1.0.2
      • 1.0.1
  • 🚀GETTING STARTED
  • Install the RPort Server
    • Launch RPort in the cloud
    • Install on-premises
    • Install on Vultr
    • Install on Azure
    • Install on AWS EC2
    • Install on Digital Ocean
    • Install on Scaleway
    • Install on Google Compute
    • Install on Hetzner Cloud
    • Install RPort on any virgin cloud VM
    • Change the FQDN of the RPort server
    • Enable two factor authentication
      • Use push on mobile for 2FA
      • Use TOTP
  • Connecting Clients
  • Using the remote access
    • Creating tunnels
      • VNC via browser
      • VNC via VNC® Viewer from RealVNC®
      • RDP via Browser
    • Open SSH from the browser
    • Scp,sftp through a tunnel
  • Renaming and tagging of clients
  • Organize clients with groups
  • Activate the vault
  • Manage users and permissions
  • Video Courses
    • Installation Preparation
    • Install on Prem
    • Install on Cloud
    • Client installation
    • Remote Access
    • Network communication
  • 🗣️ NEED HELP?
    • Troubleshoot common problems
      • RPort Server not starting
      • Restart rport through a tunnel
      • Attributes file path not set
      • Recover lost passwords
      • Client is not connecting
      • Id is already in use
  • 🔦DIGGING DEEPER
    • Using the API
      • Create client credentials
    • RPort Technology Explained
      • RPort Security Model
    • Commands and Scripts
      • Executing commands
      • Executing scripts
      • Tacoscript
    • The scheduler
    • File copy and reception
    • Client Configuration Options
      • Supervision of OS updates
      • Script and command execution
    • Advanced client management
      • Install the RPort client manually
      • Uninstall the RPort client
    • Server Maintenance
      • Monitoring of RPortd
      • Updating RPort
      • Backing up the rport server
      • Renewing certificates
    • FAQ
      • How to use Cloudflare
    • High Availability
    • Install on macOS
Powered by GitBook
On this page
  • Security notice
  • Multiple commands
  • 👺Pitfalls
  • Windows PowerShell

Was this helpful?

Export as PDF
  1. DIGGING DEEPER
  2. Commands and Scripts

Executing commands

Execute command on a single client

PreviousCommands and ScriptsNextExecuting scripts

Last updated 1 year ago

Was this helpful?

Security notice

The execution of commands must be allowed in the rport client configuration file /etc/rport/rport.conf on Linux or C:\Program Files\rport\rport.conf on Windows.

You can create a list of allowed commands and a list of disallowed commands. This allows fine-grained filtering.

rport.conf
[remote-commands]
  ## Enable or disable execution of remote commands sent by server.
  ## Defaults: true
  #enabled = true

  ## Allow commands matching the following regular expressions.
  ## The filter is applied to the command sent. Full path must be used.
  ## See {order} parameter for more details how it's applied together with {deny}.
  ## Defaults: ['^/usr/bin/.*','^/usr/local/bin/.*','^C:\\Windows\\System32\\.*']
  #allow = ['^/usr/bin/.*','^/usr/local/bin/.*','^C:\\Windows\\System32\\.*']

See and more .

Allowing remote command without restrictions makes the RPort server very powerful. Persons who have access to the RPort server API or the webinterface can take full control of connected clients. 👉 It's highly recommended to use .

Multiple commands

It is possible to execute multiple commands. On Windows, you must concatenate the commands with a single ampersand &. On Linux, you can use line breaks or the semicolon.

Bear in mind that the concatenation signs &, ; , \n must be allowed by the regular expression on the command restrictions.

👺Pitfalls

If you only want to allow a limited set of commands, pay special attention to the deny rules. Look at the following example.

rport.conf
allow = ['^systemctl (status|restart).*']
deny = []
order = ['allow','deny']

These rules are leading to an unrestricted command execution because systemctl (status|restart) can be followed by any character. For example, systemctl status cron;poweroff is possible. If you want to allow just single command but with parameters, you must deny all characters that allow command concatenation.

rport.conf
deny = ['(\||<|>|;|,|\n|&)']

Windows PowerShell

Command are always executed on the cmd.exe shell of Windows. To execute a PowerShell command, you must prefix the command with powershell, for example, powershell "Get-Service spooler".

If you only want to allow restarting any service via PowerShell change your configuration as follows.

allow = ['^powershell \"(Get|Restart)-Service .*\"']
deny = ['(\||<|>|;|,|\n|&)']
order = ['allow','deny']

While the PowerShell is case insentive, the regular expression for the filtering are not. They are case sensitive and the commands must by typed in with the correct capitalization.

🔦
all configuration options
configuration examples
two-factor authentication
Execution of two command in a single run.
Command concatenation rejected.
Executing powershell commands