LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Non-*NIX Forums > Programming
User Name
Password
Programming This forum is for all programming questions.
The question does not have to be directly related to Linux and any language is fair game.

Notices


Reply
  Search this Thread
Old 07-12-2018, 10:51 PM   #1
cj_cheema
Member
 
Registered: Mar 2006
Location: INDIA
Distribution: RedHat, SuSE, Debian
Posts: 166

Rep: Reputation: 15
Span error is coming in Expect script.


Hi

I have created an expect script which used for running health check shell script(UX_health_monitor.sh) saved in remote Linux servers. This expect script is able to run remotely saved health check shell script from my jump Linux server and this same expect script is able to do scp of remotely generated health report to my jump server.
But this expect script is not able to send me email.

But at the end of execution of this expect script I am getting below error message:

spawn ssh -o StrictHostKeychecking=no batman@
ssh: Could not resolve hostname : Name or service not known
spawn 'echo "Find the Attached Daily Health Check Report of Backup Servers" | mail -s "Backup Servers Daily Health Check Report `date +%d%b%Y`" cj@delta.com -A /tmp/health_mon/Daily_Health_Report*_`date +%d%b%Y`.txt'
couldn't execute "'echo "Find the Attached Daily Health Check Report of Backup Servers" | mail -s "Backup Servers Daily Health Check Report `date +%d%b%Y`" cj@delta.com -A /tmp/health_mon/Daily_Health_Report*_`date +%d%b%Y`.txt'": no such file or directory
while executing
"spawn '$MAIL'"
(file "./expect_health_report" line 78)
[root@abc]#


Below is the code of my expect script:
Code:
#!/usr/bin/expect -f

# Set timout for script

set timeout 5

# Defining Login user and password
set user "batman"
set password "robin"

# Get the list of hosts, one per line
set fh [open "hosts.txt"]
set hosts [split [read $fh] "\n"]
close $fh

# commands to run, one per line
set HCR {/root/health_mon/UX_health_monitor.sh 1> /tmp/Daily_Health_Report_`hostname`_`date +%d%b%Y`.txt 2> /dev/null}
set MAIL {echo "Find the Attached Daily Health Check Report of Backup Servers" | mail -s "Backup Servers Daily Health Check Report `date +%d%b%Y`" cj@delta.com -A /tmp/health_mon/Daily_Health_Report*_`date +%d%b%Y`.txt}

# Generated health report file path and Jump server path is defined for scp.
set SCP_FILE "/tmp/Daily_Health_Report_`hostname`_`date +%d%b%Y`.txt"
set SCP_REMOTE "$user@abc:/tmp/health_mon"


# Let the script play..

# Login to the remote Linux hosts

foreach host $hosts {
    spawn ssh -o StrictHostKeychecking=no $user@$host
    expect {
      timeout { continue; }
      eof { continue; }
      "password:"
    }

    send "$password\r"

    # Become sudo
    expect "$"
    send "sudo su -\r"
    expect "password:"
    send "$password\r"


   # Run the health Check command
    expect "# " { send "$HCR\r" }


# Gather the generated Health Check report from Remote Linux hosts and send it to central jump Linux Server.
   expect "#"
   send "scp -o StrictHostKeyChecking=no $SCP_FILE $SCP_REMOTE\r"
   expect "password:"
   send "$password\r"
   expect "100%"
   sleep 1

   # Exit from Remote Linux hosts
     expect "# "
     send "exit\r"
     expect "$"
     send "exit\r"
     expect eof
}

#   Send Report on email.
    sleep 2  
    spawn '$MAIL'
    expect eof

Last edited by cj_cheema; 07-12-2018 at 10:53 PM.
 
Old 07-13-2018, 02:03 AM   #2
pan64
LQ Guru
 
Registered: Mar 2012
Location: Hungary
Distribution: debian/ubuntu/suse ...
Posts: 11,512

Rep: Reputation: 3457Reputation: 3457Reputation: 3457Reputation: 3457Reputation: 3457Reputation: 3457Reputation: 3457Reputation: 3457Reputation: 3457Reputation: 3457Reputation: 3457
you have at least two errors:
hostname is invalid and also something wrong with that SCP_FILE
 
Old 07-13-2018, 05:42 AM   #3
jlinkels
LQ Guru
 
Registered: Oct 2003
Location: Bonaire, Leeuwarden
Distribution: Debian /Jessie/Stretch/Sid, Linux Mint DE
Posts: 5,187

Rep: Reputation: 1037Reputation: 1037Reputation: 1037Reputation: 1037Reputation: 1037Reputation: 1037Reputation: 1037Reputation: 1037
The error message is pretty clear. The host cannot be found. You are trying to ssh to batman@. Instead of batman@<hostname>.

Why don't you add some very basic trace or debugging statements to your code so that you know at least what your code is doing?

jlinkels

Last edited by jlinkels; 07-13-2018 at 05:44 AM.
 
Old 07-13-2018, 06:24 AM   #4
Turbocapitalist
Senior Member
 
Registered: Apr 2005
Distribution: Linux Mint, Devuan, OpenBSD
Posts: 3,521
Blog Entries: 3

Rep: Reputation: 1567Reputation: 1567Reputation: 1567Reputation: 1567Reputation: 1567Reputation: 1567Reputation: 1567Reputation: 1567Reputation: 1567Reputation: 1567Reputation: 1567
There are also two very deadly bugs with your code. The first one is using passwords instead of keys. By itself it would be dependent on the strength of the password, but when combined with the second bug it guarantees 100% success of any Man-in-the-Middle attacks. The second one is that you have set StrictHostKeychecking to "no". Again, that guarantees 100% success of any Man-in-the-Middle attacks between your machines. Wherever you copied that script from, you should report them for security violations and promulgating unsound practices.

OpenSSH can't protect you if it is configured in an unsafe manner like you have in your current script.

Before progressing, please change StrictHostKeychecking back to "yes" or at least to "accept-new". Then please set up key-based authentication between your client machine and your SSH server so that you can turn off password authentication.
 
2 members found this post helpful.
Old 07-13-2018, 06:33 AM   #5
Turbocapitalist
Senior Member
 
Registered: Apr 2005
Distribution: Linux Mint, Devuan, OpenBSD
Posts: 3,521
Blog Entries: 3

Rep: Reputation: 1567Reputation: 1567Reputation: 1567Reputation: 1567Reputation: 1567Reputation: 1567Reputation: 1567Reputation: 1567Reputation: 1567Reputation: 1567Reputation: 1567
There is a third unsafe practice in your script, that is the passing of the root password for the remote machine just to run a single script. Remove the stanza entitled "Become sudo". Instead say:

Code:
...
set HCR {/root/health_mon/UX_health_monitor.sh}

...

    expect "# " { send "sudo $HCR > /tmp/Daily_Health_Report_$(hostname)_$(date +%d%b%Y).txt 2>/dev/null \r" }
...
And in order for that to run on the remote machine, have /etc/sudoers configured correctly there:

Code:
%batman ALL=(root:root) NOPASSWD: /root/health_mon/UX_health_monitor.sh ""
That way you do not need to have the password nor is there a way to escape from the script since no parameters may be passed. In fact, it might be possible then to do away with expect entirely and just SSH with the shell. Less complicated.
 
Old 07-16-2018, 06:36 PM   #6
cj_cheema
Member
 
Registered: Mar 2006
Location: INDIA
Distribution: RedHat, SuSE, Debian
Posts: 166

Original Poster
Rep: Reputation: 15
Thanks for highlighting security vulnearbilty in my script surely I will resolve this as you suggested. But issue with my script is it is not able to send email I have put this below code for sending email by expect:

Code:
sleep 2  
    spawn '$MAIL'
    expect eof
Let me know if there is alternate way for sending email through expect script my motive is post generating of health check report expect should exit from remote machine and from jump server it send email to me with the attached report which is gathered from scp from remote machine.

As of now I am able to gather health check report from scp that means code is running fine till that below parameters:

Code:
#!/usr/bin/expect -f

# Set timout for script

set timeout 5

# Defining Login user and password
set user "batman"
set password "robin"

# Get the list of hosts, one per line
set fh [open "hosts.txt"]
set hosts [split [read $fh] "\n"]
close $fh

# commands to run, one per line
set HCR {/root/health_mon/UX_health_monitor.sh 1> /tmp/Daily_Health_Report_`hostname`_`date +%d%b%Y`.txt 2> /dev/null}
set MAIL {echo "Find the Attached Daily Health Check Report of Backup Servers" | mail -s "Backup Servers Daily Health Check Report `date +%d%b%Y`" cj@delta.com -A /tmp/health_mon/Daily_Health_Report*_`date +%d%b%Y`.txt}

# Generated health report file path and Jump server path is defined for scp.
set SCP_FILE "/tmp/Daily_Health_Report_`hostname`_`date +%d%b%Y`.txt"
set SCP_REMOTE "$user@abc:/tmp/health_mon"


# Let the script play..

# Login to the remote Linux hosts

foreach host $hosts {
    spawn ssh -o StrictHostKeychecking=no $user@$host
    expect {
      timeout { continue; }
      eof { continue; }
      "password:"
    }

    send "$password\r"

    # Become sudo
    expect "$"
    send "sudo su -\r"
    expect "password:"
    send "$password\r"


   # Run the health Check command
    expect "# " { send "$HCR\r" }


# Gather the generated Health Check report from Remote Linux hosts and send it to central jump Linux Server.
   expect "#"
   send "scp -o StrictHostKeyChecking=no $SCP_FILE $SCP_REMOTE\r"
   expect "password:"
   send "$password\r"
   expect "100%"
   sleep 1

   # Exit from Remote Linux hosts
     expect "# "
     send "exit\r"
     expect "$"
     send "exit\r"
     expect eof
}
But it is failing in below code:

Code:
sleep 2  
    spawn '$MAIL'
    expect eof

Last edited by cj_cheema; 07-16-2018 at 06:39 PM.
 
Old 07-16-2018, 07:31 PM   #7
jlinkels
LQ Guru
 
Registered: Oct 2003
Location: Bonaire, Leeuwarden
Distribution: Debian /Jessie/Stretch/Sid, Linux Mint DE
Posts: 5,187

Rep: Reputation: 1037Reputation: 1037Reputation: 1037Reputation: 1037Reputation: 1037Reputation: 1037Reputation: 1037Reputation: 1037
Did you resolve the first problem then? Any feedback to the forum how you solved it and what error it was?

You say
Quote:
Code:
sleep 2  
    spawn '$MAIL'
    expect eof
How is it failing? Error message?
It did give an error message. Have you read it? What should it mean?

And no, this is not the way to send mail. Use the tcl exec command to execute an external command. Capture the output of exec and perform a check on the result. You don't have to connect, enter passwords, wait for reply etc, so it is no use to use an expect command.

What upsets me is that your first line in your OP is:
Quote:
I have created an expect script which used for running health check shell
You did not create it. You copied it and you don't have a clue what you are doing. Copying as such is not a problem, we all do. But it is annoying if you claim you created it.

jlinkels
 
Old 07-17-2018, 02:31 AM   #8
Turbocapitalist
Senior Member
 
Registered: Apr 2005
Distribution: Linux Mint, Devuan, OpenBSD
Posts: 3,521
Blog Entries: 3

Rep: Reputation: 1567Reputation: 1567Reputation: 1567Reputation: 1567Reputation: 1567Reputation: 1567Reputation: 1567Reputation: 1567Reputation: 1567Reputation: 1567Reputation: 1567
Quote:
Originally Posted by cj_cheema View Post
Thanks for highlighting security vulnearbilty in my script surely I will resolve this as you suggested.
Ok. Great. We await the updated, safer script (minus the multiple severe vulnerabilities) for review and can help you then once once you post it.

What kind of feed back did you get from the author of the script when you reported the security violations it causes?
 
  


Reply

Tags
expect, tcl


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Expect script: how do i send function key F12 in an expect script alix123 Programming 4 09-01-2013 10:06 PM
[SOLVED] Autoreset pureftp password with expect script, no error but not working. angel115 Programming 4 02-28-2012 03:58 AM
[SOLVED] /usr/bin/expect : Script to check server load using both expect and bash Soji Antony Programming 1 07-28-2010 12:27 AM
Expect Scripting:- script not coming out of telnet session. nik1984 Programming 2 09-11-2008 09:14 AM
need help urgently!!! display not coming and error mesage coming when user is logging rddreamz Linux - Newbie 0 08-14-2003 12:11 PM

LinuxQuestions.org > Forums > Non-*NIX Forums > Programming

All times are GMT -5. The time now is 05:20 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration