LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Non-*NIX Forums > Programming
User Name
Password
Programming This forum is for all programming questions.
The question does not have to be directly related to Linux and any language is fair game.

Notices


Reply
  Search this Thread
Old 06-12-2008, 02:51 PM   #1
Echo Kilo
Member
 
Registered: Jul 2004
Distribution: Ubuntu - Debian Based
Posts: 242

Rep: Reputation: 30
Checking multiple systems on network with command "top" using a Linux Script


I am using the script below to check systems using the command top, but instead of getting the output of top, I get TERM environment variable not set. Can anyone offer some scripting adjustments? See below:



=====================================================================
Host ops1corp at IP 192.168.1.236 is running the following services
=====================================================================
TERM environment variable not set.

=====================================================================
Host ops2corp at IP 192.168.1.237 is running the following services
=====================================================================
TERM environment variable not set.

=====================================================================
Host www1stg at IP 192.168.1.238 is running the following services
=====================================================================
TERM environment variable not set.



#!/bin/bash

# loop that checks each system in iprange specified
for i in $(seq 236 238)
do
ip=192.168.1.$i
host=$(ssh $ip -C hostname 2>&1)
echo " "
echo "====================================================================="
echo "Host $host at IP $ip is running the following services"
echo "====================================================================="
ssh $ip "top -n 1"
done > topcheckfile1 2>&1
 
Old 06-12-2008, 03:04 PM   #2
matthewg42
Senior Member
 
Registered: Oct 2003
Location: UK
Distribution: Kubuntu 12.10 (using awesome wm though)
Posts: 3,530

Rep: Reputation: 63
Use the -b option
 
Old 06-12-2008, 03:08 PM   #3
forrestt
Senior Member
 
Registered: Mar 2004
Location: Cary, NC, USA
Distribution: Fedora, Kubuntu, RedHat, CentOS, SuSe
Posts: 1,288

Rep: Reputation: 99
Try:
Code:
#!/bin/bash

# loop that checks each system in iprange specified
for i in $(seq 236 238)
do
ip=192.168.1.$i
host=$(ssh $ip -C hostname 2>&1)
echo " "
echo "====================================================================="
echo "Host $host at IP $ip is running the following services"
echo "====================================================================="
ssh $ip "top -bn 1"

done > topcheckfile1 2>&1
HTH

Forrest
 
Old 06-12-2008, 04:26 PM   #4
zQUEz
Member
 
Registered: Jun 2007
Distribution: Fedora, RHEL, Centos
Posts: 294

Rep: Reputation: 54
I get around this with:

#!/bin/bash
TERM=linux ; export TERM
.
.
.
.
etc ....
 
Old 06-12-2008, 06:27 PM   #5
Echo Kilo
Member
 
Registered: Jul 2004
Distribution: Ubuntu - Debian Based
Posts: 242

Original Poster
Rep: Reputation: 30
That worked perfectly!!! Just used "top -bn 1"

Thank you!


Now, I would like to do something very similar using sudo apt-get -s upgrade to build a report with available updates. I wrote the script below, but it does not seem to work. Instead, the report just shows that it's looking for a password.

#!/bin/bash

# loop that checks each system in iprange specified
for i in $(seq 236 238)
do
ip=192.168.1.$i
host=$(ssh $ip -C hostname 2>&1)
echo " "
echo "====================================================================="
echo "Host $host at IP $ip has the following updates available"
echo "====================================================================="
ssh $ip "sudo apt-get -s upgrade"
done > updates 2>&1
 
Old 06-12-2008, 06:32 PM   #6
forrestt
Senior Member
 
Registered: Mar 2004
Location: Cary, NC, USA
Distribution: Fedora, Kubuntu, RedHat, CentOS, SuSe
Posts: 1,288

Rep: Reputation: 99
That's because sudo is asking for a password. You can get around this by adding an entry on the systems to allow the user running the script to run apt-get without a password. Or you can use the -S option to sudo to get the password from stdin (but you will need to put the password in the script that way or have it output from a command).

Code:
ssh $ip "genpasswdcmd | sudo -S apt-get -s upgrade"
Note: genpasswdcmd is NOT a real command.

HTH

Forrest

Last edited by forrestt; 06-12-2008 at 06:35 PM. Reason: added alternat option
 
Old 06-12-2008, 06:33 PM   #7
Echo Kilo
Member
 
Registered: Jul 2004
Distribution: Ubuntu - Debian Based
Posts: 242

Original Poster
Rep: Reputation: 30
Here is the output of the second script. You can see that the only change is the "ssh $ip "sudo apt-get -s upgrade".

Any thoughts on why this one doesn't work?


Here is the output from the script:

=====================================================================
Host ops1corp at IP 192.168.1.236 has the following updates available
=====================================================================
The following packages have been kept back:
ssl-cert
The following packages will be upgraded:
apache2 apache2-mpm-worker apache2-utils apache2.2-common bsdutils bzip2
e2fslibs e2fsprogs libblkid1 libbz2-1.0 libcomerr2 libgnutls13 libkrb53
libopenssl-ruby1.8 libpcre3 libpq5 libsnmp-base libsnmp9 libss2 libuuid1
libwrap0 libxml2 linux-libc-dev mount mysql-client-5.0 mysql-server
mysql-server-5.0 nagios-plugins nagios-plugins-basic nagios-plugins-standard
python2.5 python2.5-minimal samba-common smbclient snmp ssh tar util-linux
util-linux-locales
39 upgraded, 0 newly installed, 0 to remove and 1 not upgraded.

=====================================================================
Host ops2corp at IP 192.168.1.237 has the following updates available
=====================================================================
Password:

=====================================================================
www1stg at IP 192.168.1.238 has the following updates available
=====================================================================
Password:
 
Old 06-12-2008, 06:37 PM   #8
Echo Kilo
Member
 
Registered: Jul 2004
Distribution: Ubuntu - Debian Based
Posts: 242

Original Poster
Rep: Reputation: 30
Right (and thank you), but it prompts me for the password 2x and I enter it. I'm okay with doing that manually for now.

Any thoughts to get it to work without changing each system?

Or thoughts on getting the updates list without using sudo?

Or what entries do I need to add if there are no other ways?
 
Old 06-12-2008, 06:46 PM   #9
forrestt
Senior Member
 
Registered: Mar 2004
Location: Cary, NC, USA
Distribution: Fedora, Kubuntu, RedHat, CentOS, SuSe
Posts: 1,288

Rep: Reputation: 99
I guess you didn't see the edit to my last post. The genpasswdcmd could be something like "echo pa$$w0rD".

HTH

Forrest

p.s. A better way would be to find a C program that outputs "Hello World" to stdout and change it to output your password, making it executable only by the user who is running the command (chmod 500) and run it like:

Code:
helloworld | ssh $ip "sudo -S apt-get -s upgrade"

Last edited by forrestt; 06-12-2008 at 06:57 PM.
 
Old 06-12-2008, 06:56 PM   #10
matthewg42
Senior Member
 
Registered: Oct 2003
Location: UK
Distribution: Kubuntu 12.10 (using awesome wm though)
Posts: 3,530

Rep: Reputation: 63
If you want to give a command root permissions without requiring a password for one command (e.g. apt-get), you'd be better off using sudo to say that the command can be executed by that user without requiring a password.

i.e. edit the sudoers config file using the visudo and add a line something like this:

Code:
userename ALL= NOPASSWD: /usr/bin/apt-get

Last edited by matthewg42; 06-12-2008 at 07:00 PM.
 
Old 06-12-2008, 06:59 PM   #11
forrestt
Senior Member
 
Registered: Mar 2004
Location: Cary, NC, USA
Distribution: Fedora, Kubuntu, RedHat, CentOS, SuSe
Posts: 1,288

Rep: Reputation: 99
Yes, I agree with Matthew. But, that will require modifying sudoers on all your systems.

Forrest
 
Old 06-12-2008, 08:26 PM   #12
matthewg42
Senior Member
 
Registered: Oct 2003
Location: UK
Distribution: Kubuntu 12.10 (using awesome wm though)
Posts: 3,530

Rep: Reputation: 63
Well, you should have different passwords on all systems, so if you are going to do it by piping a password into apt-get, then you'll have to do something different per system any how.

Piping passwords into a program is really not a good way to do it. If you absolutely must use the password method, you should use expect to do it, not a pipe.

However, as I said before, that's really the wrong way to do it. The reasons are many:
  • Having a command on your system with outputs the root password (or sudo password) is just plain daft for security reasons which should be obvious.
  • How would this command work? You can't retrieve the password from the password hash, so somehow it must be getting the password either from a file (either in plaintext or which some poor form of obfuscation), or from some authentication server which readily gives out your root password. Security nightmare. Your company will also fail all sorts of security audits for this sort of behavior, and you'll have to re-code it all anyway.
  • Maintainability. However you get your password will have to be updated when you update your password (which you should do frequently). Editing sudoers is a one-time change.
  • Error prone. What if apt-get prints out some message you are not expecting, and prompts for an answer instead of the password. e.g.
    Code:
    Error - dpkg database seems corrupt, shall I nuke your whole system (y/n)
    Imagine that if your password starts with a 'y'. I'm not saying apt-get will prompt you like that, but do you really know everything it might do?
I'm sure with a bit of head scratching people can extend the list quite a bit. Not that sudo is a perfect solution by any means, but it's streets ahead of the idea proposed above.
 
Old 06-13-2008, 12:22 PM   #13
Echo Kilo
Member
 
Registered: Jul 2004
Distribution: Ubuntu - Debian Based
Posts: 242

Original Poster
Rep: Reputation: 30
I'm really a beginner - thank you for your wisdom.

I will take the advice and not change each system or sudoers file for security.

How can I rewrite this second script so that it prompts me for the password on the screen (instead of printing it in the report) and continues down the line for each system?
 
Old 06-13-2008, 12:28 PM   #14
matthewg42
Senior Member
 
Registered: Oct 2003
Location: UK
Distribution: Kubuntu 12.10 (using awesome wm though)
Posts: 3,530

Rep: Reputation: 63
Quote:
Originally Posted by Echo Kilo View Post
I will take the advice and not change each system or sudoers file for security.
But I'm telling you sudoers is ok, if you must have it automatically. Of course, interactive is probably more secure.

Quote:
How can I rewrite this second script so that it prompts me for the password on the screen (instead of printing it in the report) and continues down the line for each system?
Just don't pipe anything, and the prompt will be connected to whatever terminal you run the command from. This won't work if you are running from cron, or other automated mechanisms because there is no terminal attached to a cron job. In this case ssh with public key authentication for login, and then sudo to make apt-get password-less is a good approach.
 
Old 06-13-2008, 01:20 PM   #15
Echo Kilo
Member
 
Registered: Jul 2004
Distribution: Ubuntu - Debian Based
Posts: 242

Original Poster
Rep: Reputation: 30
Hmm, I apologize for my ignorance, but since I'm not using any pipes, I don't know what you mean by "don't pipe anything"

I'm okay with entering the password each time, but with the current script, it prompts me for the password 2x and then seems to stall out during run until I hit enter. Then, it goes to the next one. Here's what it'd doing when I run it:

echokilo@ops1corp:~$ ./script

echokilo@192.168.1.236's password:
echokilo@192.168.1.236's password:

echokilo@192.168.1.237's password:
echokilo@192.168.1.237's password:

echokilo@192.168.1.238's password:
echokilo@192.168.1.238's password:

echokilo@ops1corp:~$ cat avail_updates

===============================================================
ops1corp at IP 192.168.1.236 has the following updates available
===============================================================
Password:

===============================================================
ops2corp at IP 192.168.1.237 has the following updates available
===============================================================
Password:

===============================================================
www1stg at IP 192.168.1.238 has the following updates available
===============================================================
Password:




<The Current Script>



#!/bin/bash

# loop that checks each system in iprange specified
for i in $(seq 236 238)
do
ip=192.168.1.$i
host=$(ssh $ip -C hostname 2>&1)
echo " "
echo "==============================================================="
echo "$host at IP $ip has the following updates available"
echo "==============================================================="
ssh $ip "sudo apt-get -s upgrade"
done > updates 2>&1

# ssh $ip "sudo apt-get update"


It ran just fine on redhat, but I didn't have to sudo because I was using yum. There must be a way...
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
./configure script hangs at "checking for ICMP ping syntax..."l khilari Linux - Software 4 11-12-2011 11:27 AM
how do i wright a script called "checking" dale504 Linux - Newbie 6 02-11-2008 03:29 PM
Shell Script: Find "Word" Run "Command" granatica Linux - Software 5 07-25-2007 08:42 AM
Starting an xterm window that is "always on top" on command line azilkie Fedora 1 10-07-2005 10:17 PM
"Doubt in Implementing top command " manikantha Programming 1 09-24-2004 08:20 AM

LinuxQuestions.org > Forums > Non-*NIX Forums > Programming

All times are GMT -5. The time now is 07:00 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration