Hi Team,

I need some help on writing one script for the following requirements:

There are several servers in the server.txt file, In each of the servers, applications have been deployed and installed.

server.txt looks like this:

lxomp95n.qintra.com
lxomavmap578.qintra.com
lxdnp79d.qintra.com
lxdenvmap466.qintra.com
ch3-ctlhcdelxvmpapa03.centurylink.com
lxomvp33v.corp.intranet


Then I ran this for loop from the command prompt
for i in `cat server.txt|grep -v "All"`; do echo $i ;ssh -q $i grep SSLProtocol /opt/apache/qwest/websites/*/conf/ssl.conf;done


when I see output for an apache instance that shows:
SSLProtocol All -SSLv2 -SSLv3

Now i want the condition like for the apps which are not having SSLProtocol and display them as well...

Use exit value of grep command?

This is the draft of my script, Let me know if i need to explain any line.... Correct me the right script

#!/bin/bash

cd /u/foss

for i in `cat server.txt|grep -v "All"`;
do
echo $i;
ssh -q $i grep SSLProtocol /opt/apache/qwest/websites/*/conf/ssl.conf;

cd /opt/apache/qwest/websites/

ls > /tmp/poodle.txt

for appname in `awk -F: '{print $1}' /tmp/poodle.txt`
do
echo "Application $((i++)) : $appname"
cd $appname/conf/

if [ `grep SSLProtocol ./ssl.conf` ]
then
echo "$appname: Poodle remidated"; >> /tmp/ssl.txt
else
echo "Need to perform the poodle changes"; >> /tmp/ssl.txt
fi
done
done

Hi Team,

Any update?

Hi Team,

Can you please suggest me on my script?

...and....
Do not bump your own thread..especially not twice in less than two hours. This is a VOLUNTEER forum...we answer when we want to or are able to. Bumping your own thread is fairly rude, and is against the LQ Rules and Question Guidelines (which you should read).

Second, we did suggest you try something on your script...did you do it? unSpawn suggested you use the exit value of the grep command. You posted your script, but don't actually tell us if it's working the way you want to or not, or what the output actually is. We can't guess as to what it is you're seeing.

Thanks for posting but next time please add that to your initial post, OK?

The script could do with some improvements because
- you're changing into a directory and using cat|grep where you could just grep /complete/path/file,
- you're using a "for" loop instead of a "while" loop (http://mywiki.wooledge.org/DontReadLinesWithFor),
- you're not looking ('man find') for configuration files but assuming they're just called "ssl.conf",
- you're not using proper temporary file names ('man mktemp') and I think it would be easier to pull a script in, execute it and have your details on stdout...


More importantly: addressing CVE-2014-3566 only now is criminally negligent behaviour, period. If you want to scan for POODLE then use nmap with the POODLE NSE script. That's more efficient because you avoid reinventing the Wheel.

1 members found this post helpful.