Span error is coming in Expect script.
Hi
I have created an expect script which used for running health check shell script(UX_health_monitor.sh) saved in remote Linux servers. This expect script is able to run remotely saved health check shell script from my jump Linux server and this same expect script is able to do scp of remotely generated health report to my jump server. But this expect script is not able to send me email. But at the end of execution of this expect script I am getting below error message: spawn ssh -o StrictHostKeychecking=no batman@ ssh: Could not resolve hostname : Name or service not known spawn 'echo "Find the Attached Daily Health Check Report of Backup Servers" | mail -s "Backup Servers Daily Health Check Report `date +%d%b%Y`" cj@delta.com -A /tmp/health_mon/Daily_Health_Report*_`date +%d%b%Y`.txt' couldn't execute "'echo "Find the Attached Daily Health Check Report of Backup Servers" | mail -s "Backup Servers Daily Health Check Report `date +%d%b%Y`" cj@delta.com -A /tmp/health_mon/Daily_Health_Report*_`date +%d%b%Y`.txt'": no such file or directory while executing "spawn '$MAIL'" (file "./expect_health_report" line 78) [root@abc]# Below is the code of my expect script: Code:
#!/usr/bin/expect -f |
you have at least two errors:
hostname is invalid and also something wrong with that SCP_FILE |
The error message is pretty clear. The host cannot be found. You are trying to ssh to batman@. Instead of batman@<hostname>.
Why don't you add some very basic trace or debugging statements to your code so that you know at least what your code is doing? jlinkels |
There are also two very deadly bugs with your code. The first one is using passwords instead of keys. By itself it would be dependent on the strength of the password, but when combined with the second bug it guarantees 100% success of any Man-in-the-Middle attacks. The second one is that you have set StrictHostKeychecking to "no". Again, that guarantees 100% success of any Man-in-the-Middle attacks between your machines. Wherever you copied that script from, you should report them for security violations and promulgating unsound practices.
OpenSSH can't protect you if it is configured in an unsafe manner like you have in your current script. Before progressing, please change StrictHostKeychecking back to "yes" or at least to "accept-new". Then please set up key-based authentication between your client machine and your SSH server so that you can turn off password authentication. |
There is a third unsafe practice in your script, that is the passing of the root password for the remote machine just to run a single script. Remove the stanza entitled "Become sudo". Instead say:
Code:
... Code:
%batman ALL=(root:root) NOPASSWD: /root/health_mon/UX_health_monitor.sh "" |
Thanks for highlighting security vulnearbilty in my script surely I will resolve this as you suggested. But issue with my script is it is not able to send email I have put this below code for sending email by expect:
Code:
sleep 2 As of now I am able to gather health check report from scp that means code is running fine till that below parameters: Code:
#!/usr/bin/expect -f Code:
sleep 2 |
Did you resolve the first problem then? Any feedback to the forum how you solved it and what error it was?
You say Quote:
It did give an error message. Have you read it? What should it mean? And no, this is not the way to send mail. Use the tcl exec command to execute an external command. Capture the output of exec and perform a check on the result. You don't have to connect, enter passwords, wait for reply etc, so it is no use to use an expect command. What upsets me is that your first line in your OP is: Quote:
jlinkels |
Quote:
What kind of feed back did you get from the author of the script when you reported the security violations it causes? |
All times are GMT -5. The time now is 02:11 PM. |