# Commands and Scripts

#### The difference between commands and scripts <a href="#the-difference-between-commands-and-scripts" id="the-difference-between-commands-and-scripts"></a>

The command’s tab is indented to be used to execute a single command. Entering multiple commands is possible, but if you want to implement complex logic, it's better to use a script.

**Why not use scripts always?** *Security is the reason.*

Both command and script execution must explicitly be allowed in the rport client configuration. For the commands, you can create a list of allowed commands and a list of disallowed commands. This fine-grained filtering is not possible with scripts.

{% code title="rport.conf" %}

```
[remote-commands]
  ## Enable or disable execution of remote commands sent by server.
  ## Defaults: true
  #enabled = true

  ## Allow commands matching the following regular expressions.
  ## The filter is applied to the command sent. Full path must be used.
  ## See {order} parameter for more details how it's applied together with {deny}.
  ## Defaults: ['^/usr/bin/.*','^/usr/local/bin/.*','^C:\\Windows\\System32\\.*']
  #allow = ['^/usr/bin/.*','^/usr/local/bin/.*','^C:\\Windows\\System32\\.*']
```

{% endcode %}

See [all configuration options](https://github.com/openrport/openrport/blob/master/rport.example.conf#L132-L177) and more [configuration examples](https://oss.openrport.io/get-started/command-execution/).

If you feel it were better not to give full control over the clients to the RPort server, you should script execution of.

{% code title="rport.conf" %}

```
[remote-scripts]
  ## Enable or disable execution of remote scripts sent by server.
  ## Defaults: false
  #enabled = false
```

{% endcode %}

{% hint style="info" %}
If you have installed the client via the pairing script, scripts and commands are either enabled without restictions or fully disabled. To use command filtering you need to change the configuration file manually.
{% endhint %}

The restrictions for command and scripts always apply regardless of whether it's executed for a single client or many clients concurrently.

#### Single run vs. concurrency <a href="#single-run-vs.-concurrency" id="single-run-vs.-concurrency"></a>

Both – command and scripts – can be executed on a single client or on many clients in parallel. Selecting a client on the left side gives you access to the command or scripts tab for a single client.

![Command execution on a single client](https://1142160776-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MekeI9EovpQqbUTQSdM%2F-Mkg4oFF8mfY2i5IaXls%2F-MkgKh3Oy82wIZwtREJX%2Fimage.png?alt=media\&token=b36f11af-b346-4a08-be97-a95949b7a14b)

Selecting `commands` or `scripts` on the top navigation gives you access to the parallel execution.

![parallel command execution](https://1142160776-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MekeI9EovpQqbUTQSdM%2F-Mkg4oFF8mfY2i5IaXls%2F-MkgLE-tQkja7DSZDuV6%2Fimage.png?alt=media\&token=c266c768-4c60-4475-806f-d667335a236c)