I am using the script below to check systems using the command top, but instead of getting the output of top, I get TERM environment variable not set. Can anyone offer some scripting adjustments? See below:



=====================================================================
Host ops1corp at IP 192.168.1.236 is running the following services
=====================================================================
TERM environment variable not set.

=====================================================================
Host ops2corp at IP 192.168.1.237 is running the following services
=====================================================================
TERM environment variable not set.

=====================================================================
Host www1stg at IP 192.168.1.238 is running the following services
=====================================================================
TERM environment variable not set.



#!/bin/bash

# loop that checks each system in iprange specified
for i in $(seq 236 238)
do
ip=192.168.1.$i
host=$(ssh $ip -C hostname 2>&1)
echo " "
echo "====================================================================="
echo "Host $host at IP $ip is running the following services"
echo "====================================================================="
ssh $ip "top -n 1"
done > topcheckfile1 2>&1

Use the -b option

Try:
HTH

Forrest

I get around this with:

#!/bin/bash
TERM=linux ; export TERM
.
.
.
.
etc ....

That worked perfectly!!! Just used "top -bn 1"

Thank you!


Now, I would like to do something very similar using sudo apt-get -s upgrade to build a report with available updates. I wrote the script below, but it does not seem to work. Instead, the report just shows that it's looking for a password.

#!/bin/bash

# loop that checks each system in iprange specified
for i in $(seq 236 238)
do
ip=192.168.1.$i
host=$(ssh $ip -C hostname 2>&1)
echo " "
echo "====================================================================="
echo "Host $host at IP $ip has the following updates available"
echo "====================================================================="
ssh $ip "sudo apt-get -s upgrade"
done > updates 2>&1

That's because sudo is asking for a password. You can get around this by adding an entry on the systems to allow the user running the script to run apt-get without a password. Or you can use the -S option to sudo to get the password from stdin (but you will need to put the password in the script that way or have it output from a command).

Note: genpasswdcmd is NOT a real command.

HTH

Forrest

Here is the output of the second script. You can see that the only change is the "ssh $ip "sudo apt-get -s upgrade".

Any thoughts on why this one doesn't work?


Here is the output from the script:

=====================================================================
Host ops1corp at IP 192.168.1.236 has the following updates available
=====================================================================
The following packages have been kept back:
ssl-cert
The following packages will be upgraded:
apache2 apache2-mpm-worker apache2-utils apache2.2-common bsdutils bzip2
e2fslibs e2fsprogs libblkid1 libbz2-1.0 libcomerr2 libgnutls13 libkrb53
libopenssl-ruby1.8 libpcre3 libpq5 libsnmp-base libsnmp9 libss2 libuuid1
libwrap0 libxml2 linux-libc-dev mount mysql-client-5.0 mysql-server
mysql-server-5.0 nagios-plugins nagios-plugins-basic nagios-plugins-standard
python2.5 python2.5-minimal samba-common smbclient snmp ssh tar util-linux
util-linux-locales
39 upgraded, 0 newly installed, 0 to remove and 1 not upgraded.

=====================================================================
Host ops2corp at IP 192.168.1.237 has the following updates available
=====================================================================
Password:

=====================================================================
www1stg at IP 192.168.1.238 has the following updates available
=====================================================================
Password:

Right (and thank you), but it prompts me for the password 2x and I enter it. I'm okay with doing that manually for now.

Any thoughts to get it to work without changing each system?

Or thoughts on getting the updates list without using sudo?

Or what entries do I need to add if there are no other ways?

I guess you didn't see the edit to my last post. The genpasswdcmd could be something like "echo pa$$w0rD".

HTH

Forrest

p.s. A better way would be to find a C program that outputs "Hello World" to stdout and change it to output your password, making it executable only by the user who is running the command (chmod 500) and run it like:

If you want to give a command root permissions without requiring a password for one command (e.g. apt-get), you'd be better off using sudo to say that the command can be executed by that user without requiring a password.

i.e. edit the sudoers config file using the visudo and add a line something like this:

Yes, I agree with Matthew. But, that will require modifying sudoers on all your systems.

Forrest

Well, you should have different passwords on all systems, so if you are going to do it by piping a password into apt-get, then you'll have to do something different per system any how.

Piping passwords into a program is really not a good way to do it. If you absolutely must use the password method, you should use expect to do it, not a pipe.

However, as I said before, that's really the wrong way to do it. The reasons are many:

• Having a command on your system with outputs the root password (or sudo password) is just plain daft for security reasons which should be obvious.
• How would this command work? You can't retrieve the password from the password hash, so somehow it must be getting the password either from a file (either in plaintext or which some poor form of obfuscation), or from some authentication server which readily gives out your root password. Security nightmare. Your company will also fail all sorts of security audits for this sort of behavior, and you'll have to re-code it all anyway.
• Maintainability. However you get your password will have to be updated when you update your password (which you should do frequently). Editing sudoers is a one-time change.
• Error prone. What if apt-get prints out some message you are not expecting, and prompts for an answer instead of the password. e.g.
  
  Code:

  Error - dpkg database seems corrupt, shall I nuke your whole system (y/n)

  Imagine that if your password starts with a 'y'. I'm not saying apt-get will prompt you like that, but do you really know everything it might do?

I'm sure with a bit of head scratching people can extend the list quite a bit. Not that sudo is a perfect solution by any means, but it's streets ahead of the idea proposed above.

I'm really a beginner - thank you for your wisdom.

I will take the advice and not change each system or sudoers file for security.

How can I rewrite this second script so that it prompts me for the password on the screen (instead of printing it in the report) and continues down the line for each system?

But I'm telling you sudoers is ok, if you must have it automatically. Of course, interactive is probably more secure.

Just don't pipe anything, and the prompt will be connected to whatever terminal you run the command from. This won't work if you are running from cron, or other automated mechanisms because there is no terminal attached to a cron job. In this case ssh with public key authentication for login, and then sudo to make apt-get password-less is a good approach.

Hmm, I apologize for my ignorance, but since I'm not using any pipes, I don't know what you mean by "don't pipe anything"

I'm okay with entering the password each time, but with the current script, it prompts me for the password 2x and then seems to stall out during run until I hit enter. Then, it goes to the next one. Here's what it'd doing when I run it:

echokilo@ops1corp:~$ ./script

echokilo@192.168.1.236's password:
echokilo@192.168.1.236's password:

echokilo@192.168.1.237's password:
echokilo@192.168.1.237's password:

echokilo@192.168.1.238's password:
echokilo@192.168.1.238's password:

echokilo@ops1corp:~$ cat avail_updates

===============================================================
ops1corp at IP 192.168.1.236 has the following updates available
===============================================================
Password:

===============================================================
ops2corp at IP 192.168.1.237 has the following updates available
===============================================================
Password:

===============================================================
www1stg at IP 192.168.1.238 has the following updates available
===============================================================
Password:




<The Current Script>



#!/bin/bash

# loop that checks each system in iprange specified
for i in $(seq 236 238)
do
ip=192.168.1.$i
host=$(ssh $ip -C hostname 2>&1)
echo " "
echo "==============================================================="
echo "$host at IP $ip has the following updates available"
echo "==============================================================="
ssh $ip "sudo apt-get -s upgrade"
done > updates 2>&1

# ssh $ip "sudo apt-get update"


It ran just fine on redhat, but I didn't have to sudo because I was using yum. There must be a way...