lua script

LeemaSingh · 07-30-2018, 07:20 AM

Quote:

Originally Posted by Turbocapitalist

The ssh client quits after it has launched the remote process under nohup into the background using the ampersand & there. The file t5.pcap should continue to grow. Log into the remote machine and verify that t5.pcap is there and growing. You should use a full path for that file though so you can put it somewhere useful.

Again I will nag you to set up SSH keys, that will allow you to eliminate several unnecessary steps. If you have root (sudo) then there is no reason not to be able to use keys.

But i can't see the process t5.pcap running in the remote machine

dugan · 07-30-2018, 07:57 AM

Quote:

Originally Posted by LeemaSingh

As the remote servers may not allow to do that.

Then set up the remote servers to allow that.

If you can't, explain why not.

LeemaSingh · 07-31-2018, 04:31 AM

os.execute('ssh -t -i /root/.ssh/id_rsa necs@192.168.14.81 "sudo tcpdump -i wlan0 -w t5.pcap &"') now if i use the above mentioned command then also i cannot see tcpdump process running on the remote machine.Also i need to provide the password for login and sudo.

Turbocapitalist · 07-31-2018, 04:49 AM

It looks like you may be running the SSH client as root on your local machine. There's probably not a good reason to do that. It violates the principle of least privilege.

As for running tcpdump on the remote machine, you can craft specific permissions in /etc/sudoers.

Code:

%necs ALL=(root:root) NOPASSWD: /usr/sbin/tcpdump -i wlan0 -w /home/necs/data/t5.pcap

Be careful.

For background, read "man sudoers" and see also "sudo: You're Doing It Wrong" video or slides or the book sudo Mastery by Michael W Lucas.

Then to check on the remote machine whether tcpdump is running there:

Code:

ssh -i /home/necs/.ssh/id_rsa necs@192.168.14.81 "pgrep tcpdump > /dev/null" \
        && echo "Running" || echo "Not Running"

Or interactively in an SSH session on the remote machine

Code:

ps -o 'uid,pid,ppid,stime,time,cmd' -p $(pgrep tcpdump)