At work on a Linux server, I try to find a way to execute a script by crontab(in root) for:
Log into a local user by ssh with the command ssh -X user#localhost
answer at the password question for the user
execute a command
wait the end
exit ssh session
I make the process because it works when I do this manually.
I can't use crontab Otherwise than in root.
I try to add a public key for avoid the password step but I don't succeed into.
I must execute my command log into a specific user.
And finally I find a way to get environnement variables with the options -X ... if I log into the specific user with the command su -l user ... my command won't works.
I don't know if I am clear, I am sorry because my knowledge in Linux environments are limited and I try my best to explain to you in an approximate English (I'm French)
Best regards
Sorry I may not enough explicit I will try differently
First of all my first message is not too specific because I don't know if my way to deal with my issue is the best way that why I had explain it in a general way
Like I said I must configure crontab with root user, but the command (specific command of an application installed on my Linux server) that I try to execute automatically must be execute with a specific server user.
With all those constraints I try to develop an except script
[code]
!/usr/bin/expect
spawn ssh -X specific-user#localhost
expect "assword :"
send "PASSWORD\r"
sleep 10
SpecificUtility + some parameters
Expect "localhost #"
Send "exit\r"
interact [/code]
If I execute this script manually it is ok but in crontab the sequence if not respected
I do something wrong but I have no clue
I hope explain it better
Best regards
Related
I am developing a script that will automatically keep a folder on two workstations synchronized using rsync. So far, I have gotten everything to work but I have one small thing I haven't figured out. Once, the rsync command is executed, it prompts for the password of the other workstation. However, I haven't been able to find a way to automatically enter that password once prompted in the terminal. I tried using the expect command, but that didn't work as the command didn't execute until after I enter the password.
Is there a solution to this?
Here is my script. I have two instances of the same VM, hence the same usernames
#!/bin/bash
LOCAL="/home/rams/Documents/"
RSYNC_OPTIONS="-avh --progress /home/rams/Documents/ rams#192.168.1.39:/home/rams/Downloads/"
PASSWORD="rams2020"
while true
do
inotifywait -e modify $LOCAL
rsync $RSYNC_OPTIONS
done
Solution shown here:
https://stackoverflow.com/a/3299970/8860865
TL;DR - Use an SSH keygen to generate a keyfile that will authenticate upon using the rsync command and the password is prompted. https://www.thegeekstuff.com/2008/11/3-steps-to-perform-ssh-login-without-password-using-ssh-keygen-ssh-copy-id/
I am trying to find a way to record every single command that is executed by any user on the system.
Things that I have came across earlier.
It is possible to view shell commands executed from the terminal using ~/.bashrc_history file.
There is a catch here, It logs only those commands which were executed interactively from bash shell/terminal.
This solves one of my problems. But in addition to it, I would like to log those commands also which were executed as a part of the shell script.
Note: I don't have control over shell script. Therefore, adding verbose mode like #!/bin/bash -xe is not possible.
However, this can be assumed that I have root access as a system administrator.
Eg: I have another user that has access to the system. And he runs the following shell script using from his account.
#!/bin/sh
nmap google.com
and run as "$ sh script.sh"
Now, What I want is "nmap google.com" command should be logged somewhere once this file is executed.
Thanks in advance. Even a small help is appreciated.
Edit: I would like to clarify that users are unaware that they are being monitored. So I need a solution something at system level(may be agent running with root). I cannot depend on user to log suspicious activity. Of-course everyone will avoid such tricks to put blame on someone else if they do something fishy or wrong
I am aware that you were asking for Bash and Shell scripting and tagged your question accordingly, but in respect to your requirements
Record every single command that is executed by any user on the system
Users are unaware that they are being monitored
A solution something at system level
I am under the assumption that you are looking for Audit Logging.
So you may take advantage from articles like
Log all commands run by Admins on production servers
Log every command executed by a User
You can run the script in this way:
execute bash (it will override the shebang)
ts to prefix every lines
logs both in terminal and files
bash -x script.sh |& ts | tee -a /tmp/$(date +%F).log
You may ask the other user to create an alias.
Edit:
You may also add this into /etc/profile (sourced when users login)
exec > >(tee -a /tmp/$(date +%F).log)
Do it also for error output if needed. Keep it splited.
Scenario
I am working on a code to execute pmrep command. I cannot execute this from Unix box as the Code pages are different ( Unix server where I am executing the pmrep command and where the Power centre is installed), and I dont have any other option to exceute it from the Unix Box, because we dont have sudo login and we are connecting from citrix and Informatica is not installed locally.
So we have come up with an option of putting the pmrep commands in .sh script and passing username, password,environment and path variables from an env file. Then executing the above script from a command task in a workflow.
I am able to execute all the pmrep commands (connect, deploy DG etc) using the above process.
Now comes the problem.
I am saving my username and password in the .env file. I would like to remove this.
For pmrep connect command,
I am passing -x $password, I would like to pass the Encrypted password in place of original password.
I have used pmpasswd utility to get encrypted password and stored it in a variable (encrypted_password)
used that variable in place of orginal. -x $encrytped_password
used that variable with -X $encrypted_password.
where -x is used with general password and -X is used with Environmental Password
Both the methods were unsuccessful. with the first one its saying invalid password and with the second one its saying
"The environment variable xteyeZk9BYn91bb4Om7xKg== is undefined."
Please help me with the solution on this. Any help is really appreciated. Please let me know if you need more inputs.
Informatica(r) PMREP, version [9.1.0 HotFix6], build [496.0111], LINUX 64-bit
Rakesh
It should be -X encrypted_password without the $.
I'm trying to do an rsync backup from dreamhost to another host, here's the command i'd like to use:
nohup rsync -e "/usr/bin/ssh" --bwlimit=2000 -av username#server.dreamhost.com:remote_directory local_directory&
I'd like the process to keep running in the background and even when I disconnect. Problem is, I don't know how to put in the password when it's a background process. How do I do this?
Usually this is done by not requiring a password at all. Instead, consider configuring SSH to use a public key. There are several resources online (such as this one from dreamhost) that can help you do that.
I would use a key. If you need to protect the key with a password or you cannot use a key for whatever reason, then use expect to pass the password:
rsync_auto.sh:
#/bin/bash
expect <<<EOF
spawn nohup rsync -e "/usr/bin/ssh" --bwlimit=2000 -av username#server.dreamhost.com:remote_directory
expect "password:"
send "your_password\r"
expect eof
EOF
!!!Make sure that nobody except you can access the file!!!:
chmod 500 rsync_auto.sh
A little bit more elaborated way might be to store the password in a keyring application, like gnome-keyring instead of storing them in a plain file. I've found this article if you are interested.
I am fully aware that this question has been asked many times but I cant able to find any solution which satisy my requirement.
Task -> I need to transfer files from machine A to machineB and remotely execute scripts on Machine B. Due to my limitation I cant able to use keygen, expect utility or any other utility which requires to install packages. To Transfer the file I need to give password and I want to give password in Url. as this will run inside bash script and requires no user interference .
My investigation- I thought of using scp but realise, its not possible to give password at command prompt. So i wondering , if there is any other alternative from rsync .
below is the small attempt
#!/bin/bash
PATH=/usr/bin:/usr/sbin:/bin:/sbin
USER="bob"
RSYNC_PASSWORD="blue"
MACHINE_B="192.168.200.2"
if ping -c 1 -W 1 $MACHINE_B
then
echo "There is machine b as well"
echo " cheking to transfer file to machine b"
rsync lol.sh 192.168.200.2:/home/bob/
fi
Thanks and regards,
Sam
I have tried various option mentioned above ,, but unfortunately none of them works in my case. But I would like to thanks everyone for helping me and surely I have learned few new things specially rsync.
In my case, I have to rely on ssh keys to make it work.
From the rsync man page:
Some modules on the remote daemon may require authentication. If so, you will receive a password prompt when you connect. You can avoid the password
prompt by setting the environment variable RSYNC_PASSWORD to the password you want to use or using the --password-file option. This may be useful
when scripting rsync.