Background:
when run on a unix box Tenable.io (nessus) will try to create a tag file in /etc/ with a unique string. Presumably so it can identify the machine if the hostname or IP changes.
It does this by
"sh -c \"echo 35374e09cc444b058c65267613804fa4 > /etc/tenable_tag && echo OK\""
The problem is that it needs root privilege to do this. The standard way of allowing tenable to elevate privilege is to use sudo and add the handful of commands that it needs to an sudoer file. Whitelisting sh is equivalent to whitelisting everything something we would rather not do!
So I am trying to figure out some simple way of dumping text into a file that does not involve a shell "builtin"
The crucial thing is that the whole command will be executed with sudo so things that pipe something to sudo won't work.
in this post someone suggested
sudo ex +'$put =\"some string\"' -cwq foo.txt
which works but prepends a blank line (at least on my ubuntu box)
i.e. removing the $ which is actually a regular expression that matches the end of the buffer which is what causes the blank line to be inserted.