tounan/cap.sh

## cap.sh
#!/bin/bash

# https://raw.githubusercontent.com/torvalds/linux/master/include/uapi/linux/capability.h
declare -A capnum=(
	["chown"]=0
	["dac_override"]=1
	["dac_read_search"]=2
	["fowner"]=3
	["fsetid"]=4
	["kill"]=5
	["setgid"]=6
	["setuid"]=7
	["setpcap"]=8
	["linux_immutable"]=9
	["net_bind_service"]=10
	["net_broadcast"]=11
	["net_admin"]=12
	["net_raw"]=13
	["ipc_lock"]=14
	["ipc_owner"]=15
	["sys_module"]=16
	["sys_rawio"]=17
	["sys_chroot"]=18
	["sys_ptrace"]=19
	["sys_pacct"]=20
	["sys_admin"]=21
	["sys_boot"]=22
	["sys_nice"]=23
	["sys_resource"]=24
	["sys_time"]=25
	["sys_tty_config"]=26
	["mknod"]=27
	["lease"]=28
	["audit_write"]=29
	["audit_control"]=30
	["setfcap"]=31
	["mac_override"]=32
	["mac_admin"]=33
	["syslog"]=34
	["wake_alarm"]=35
	["block_suspend"]=36
	["audit_read"]=37
	["perfmon"]=38
	["bpf"]=39
	["checkpoint_restore"]=40
)

declare -A capbit bitcap
for name in ${!capnum[@]}
do
	bits=$((1 << ${capnum[$name]}))
	capbit[$name]=$bits
	bitcap[$bits]=$name
done

decode() {
	caps=""
	for bits in ${!bitcap[@]}
	do
		if [ $(($1 & $bits)) -ne 0 ]
		then
			caps="$caps\n${bitcap[$bits]}"
		fi
	done
	echo -e "$caps" | sort | xargs
}

highlight() {
	sed "s/\(sys_admin\|sys_module\|sys_rawio\|sys_ptrace\)/\x1b[1;31m\1\x1b[0m/g"
}

decodeproc() {
	grep "^Cap" "/proc/$1/status" | while read name value
	do
		echo -n "$name "
		decode "16#$value" | highlight
	done
}

process=${1:-self}
if [[ "$1" =~ --decode=.* ]]
then
	bits=$(cut -d= -f2 <<< "$1")
	echo -n "0x$bits = "
	decode "16#$bits" | highlight
else
	decodeproc "$process"
fi
	#!/bin/bash

	# https://raw.githubusercontent.com/torvalds/linux/master/include/uapi/linux/capability.h
	declare -A capnum=(
	["chown"]=0
	["dac_override"]=1
	["dac_read_search"]=2
	["fowner"]=3
	["fsetid"]=4
	["kill"]=5
	["setgid"]=6
	["setuid"]=7
	["setpcap"]=8
	["linux_immutable"]=9
	["net_bind_service"]=10
	["net_broadcast"]=11
	["net_admin"]=12
	["net_raw"]=13
	["ipc_lock"]=14
	["ipc_owner"]=15
	["sys_module"]=16
	["sys_rawio"]=17
	["sys_chroot"]=18
	["sys_ptrace"]=19
	["sys_pacct"]=20
	["sys_admin"]=21
	["sys_boot"]=22
	["sys_nice"]=23
	["sys_resource"]=24
	["sys_time"]=25
	["sys_tty_config"]=26
	["mknod"]=27
	["lease"]=28
	["audit_write"]=29
	["audit_control"]=30
	["setfcap"]=31
	["mac_override"]=32
	["mac_admin"]=33
	["syslog"]=34
	["wake_alarm"]=35
	["block_suspend"]=36
	["audit_read"]=37
	["perfmon"]=38
	["bpf"]=39
	["checkpoint_restore"]=40
	)

	declare -A capbit bitcap
	for name in ${!capnum[@]}
	do
	bits=$((1 << ${capnum[$name]}))
	capbit[$name]=$bits
	bitcap[$bits]=$name
	done

	decode() {
	caps=""
	for bits in ${!bitcap[@]}
	do
	if [ $(($1 & $bits)) -ne 0 ]
	then
	caps="$caps\n${bitcap[$bits]}"
	fi
	done
	echo -e "$caps" \| sort \| xargs
	}

	highlight() {
	sed "s/\(sys_admin\\|sys_module\\|sys_rawio\\|sys_ptrace\)/\x1b[1;31m\1\x1b[0m/g"
	}

	decodeproc() {
	grep "^Cap" "/proc/$1/status" \| while read name value
	do
	echo -n "$name "
	decode "16#$value" \| highlight
	done
	}

	process=${1:-self}
	if [[ "$1" =~ --decode=.* ]]
	then
	bits=$(cut -d= -f2 <<< "$1")
	echo -n "0x$bits = "
	decode "16#$bits" \| highlight
	else
	decodeproc "$process"
	fi