I need to execute this command on Linux server.
string command = $"sudo iptables -I INPUT -m state --state NEW -m tcp -p tcp --dport {port} -j ACCEPT";
When I run the app in VirtulBox, the terminal asks me for a password.
Will this also happen on the server? I can't login to the server and don't know the password.
How can I run the command so that it does not ask for password?
Login to the terminal as root. Make a backup of your /etc/sudoers file.
# cp /etc/sudoers /root/sudoers.bak
Then edit this file by using the visudo command:
# visudo
Edit or append this line, replacing username with the user that will be running your script:
username ALL = NOPASSWD: /usr/sbin/iptables
Save and exit the file.
Test it by executing sudo, from your user account:
$ sudo iptables -V
Now your user can use sudo to execute the iptables command.
If you whant to do this from Linux machine:
You can writ a script with:
sshpass -p "PASSWORD" user#server
and give only execute premition.
Related
When we issue a sudo request via ansible, ansible using the –p option of sudo to display a customized message (which is generated dynamically with each ansible run ) using the command
sudo -H -S -p "[sudo via ansible, key=vrioenmynjfokqgzjxywtayyaivnxspy] password: " <command Name>
This has been observed via -vvv mode.
The problem is we have a situation where the default custom sudo prompt is fixed and cannot be overriden using sudo -p option (beause sudo access is verified via third-party tool Active directory).
Say for example:
sudo ls -l:
use Window's password:
If I use sudo -p
sudo -p 'Enter your password:' ls -l
use Window's password:
When ansible tries to do sudo , it expects the custom prompt and then if the expected custom prompt matched with the thrown custom prompt ansible sends the password, otherwise not and results in error (timeout)
My question is is there any way
sudo -H -S -p "[sudo via ansible, key=vrioenmynjfokqgzjxywtayyaivnxspy]
the custom prompt using -p option in ansible can be made fixed for every ansible run using some configuration
Set the ansible_become_exe parameter for a task, play, or in the inventory.
For example:
- name: Check escalation
vars:
ansible_become: true
ansible_become_exe: 'sudo -p "[sudo via ansible, key=vrioenmynjfokqgzjxywtayyaivnxspy]"'
command: whoami
I am running a docker image of Linux and trying to achieve following:
Run a docker
Create a user test
Stop the user test from internet access
1 and 2 work but I am stuck at #3.
What I tried?
Run iptables -t mangle -A OUTPUT -o eth0 -m owner --uid-owner 501 -j DROP. This command failed with error message "getsockopt failed strangely: Operation not permitted". I was unable to find the root cause
Change the sudoer file and add an entry test ALL=!/bin/ping. This was to see if I am able to stop user test from running ping command. However, this change in sudoer file had no affect and user test was able to run ping command. Assuming this would work, my intent was to play around with sudoer to achieve my goal
Is there a recommendation or suggestion to solve this problem?
To block all internet access for a certain users using iptables command.
sudo iptables -A OUTPUT -m owner --uid-owner {USERNAME} -j REJECT
If you want this command to run when the system starts up, you should add it to the end of your /etc/rc.local file.
command to reverse above:
sudo iptables -D OUTPUT -m owner --uid-owner {USERNAME} -j REJECT
or you can reboot. Unless you've added the line to /etc/rc.local, it's not persistent, and if you have, then you can just remove that line.
you can read more
I have been making some custom shell scripts for my nagios machine. I was able to make them run just fine but for some reason some commands in the script don't seem to be working.
For instance commands like echo, cut , ps , grep work fine but commands like touch, useradd dont seem to work, even with sudo. If I run the script from the terminal, all the commands in the script work.
How can I give nagios permissions to run these commands?
I'm running nagios3 on ubuntu 14.04.5 lts
Edit: Added a few lines of code which aren't being run
sudo useradd -m $USERNAME
(echo $PASSWORD; echo $PASSWORD) | sudo smbpasswd -s -a $USERNAME
Standard way is setup permission for Nagios user on monitored server, for instance NRPE, in /etc/sudoers file.
1. method
Try add something like this in your sudoers file.
Defaults:nrpe !requiretty
nrpe ALL= NOPASSWD: useradd -m
nrpe ALL= NOPASSWD: smbpasswd -s -a
PS: For easy editing sudoers file you can use visudo command ;-)
2. method
Or you can try add Nagios user to sudo group via sudo usermod -aG sudo <username>
-a stands for add
G is for group
Tell nagios to run the script as sudo in your .cfg file...
Assuming its permissions problem.
Edit /etc/sudoers file using visudo, this allows automatic file check for errors.
Defaults:nrpe !requiretty
nrpe ALL=(root) NOPASSWD: /path/to/your/command/or/script
Verify sudo has assigned the above permissions to the user in this case nrpe
sudo -U nrpe -l
you should see the command you added listed within the outpul
Edit /etc/nagios/nrpe.cfg
Add your command to the end of the file
e.g.
command[your_command]=/usr/bin/sudo /path/to/your/command/or/script
Restart nrpe
Centos: systemctl restart nrpe (use the command available based on your Operating system)
I'm trying to run some commands on a remote CentOS machine using PuTTY. I'm using the following command:
putty.exe -ssh [IP] -l [user] -pw [password] -m [Script]
Where [Script] is a .txt file containing the commands I want to run. The issue is that one of the commands requires sudo, and when PuTTY tries to run it I get an error:
sudo requires a tty
The thing that's confusing me is that if I start the session without giving a script, then run the commands from the script manually, it works fine. I've tried using -load instead of -ssh, and it made no difference.
I can't change the requiretty setting in my sudoers file for security reasons, which is the only solution I've been able to find. Is there another option?
The sudo requires TTY/interactive session.
On the contrary the PuTTY/Plink -m switch uses non-interactive session by default.
Use the -t switch to override that.
putty.exe -ssh [IP] -l [user] -pw [password] -t -m [Script]
Read the error: sudo requires a tty. That is, an interactive shell. You have to find an other way of doing those privileged instructions. For example, you could login as root with a key-based authentication.
I'm having a problem where I try and run a command in Plink with the -ssh flag and -t flag (i'm using sudo) but when the service (dmf) is started and the tty is killed (obviously because it is when plink finishes), then the service dies as well. I need a way to detach the command but also be able to enter the password for sudo as well...
So far I have this which starts the service then the service dies after plink detaches after execution.
D:\bin\x64\Debug>plink.exe -ssh -t -pw Password1 admin#10.12.12.42 "echo -e Password1\n | sudo -S service dmf start"
Any help would be appreciated.
NOTE: I am not allowed to change any file on the box i.e. sudoers file, or sudo visudo etc.
Use this to restart service:
plink.exe -pw yourpassword -t login#example.com sudo **-b** service karaf start
Instead of -t try -tt to "force tty allocation, even if ssh has no local tty".
Maybe you can use nohub and add a & in the part of your command that gets executed on the server, like this: D:\bin\x64\Debug>plink.exe -ssh -t -pw Password1 admin#10.12.12.42 "echo -e Password1\n | sudo -S nohub service dmf start &"
That should make it start in the background and ignore you logging out.