Solved

Shell script

Posted on 2010-08-25
6
453 Views
Last Modified: 2013-12-26
Hi

    I have a script that perform security settings  on Solaris servers
And I need to modify it so that I can import the results to a mysql db
It is a very long script separated into many modual.

What I need to do is echo the output of individual command and log them
To a file with notations.

Here is a example of one loop  (there a several)
echo Enable stack protection
if [ ! "`grep noexec_user_stack /etc/system`" ]; then
cat <<END_CFG >>/etc/system
* Attempt to prevent and log stack-smashing attacks
set noexec_user_stack = 1
set noexec_user_stack_log = 1
cat /etc/system | grep noexec_user_stack >> /var/tmp/`hostname`-security-setup.log
cat /etc/system | grep noexec_user_stack_log >> /var/tmp/`hostname`-security-setup.log
END_CFG set noexec_user_stack=1
fi
and this sends to a log file in thi format
set noexec_user_stack=1
set noexec_user_stack_log=1

But what I need is this
“ test-num“,”set noexec_user_stack =1”,” Setting is noexec_user_stack=1”
0
Comment
Question by:d_asselin
  • 3
  • 2
6 Comments
 

Expert Comment

by:sds9985
ID: 33525366
How about something like:
grep noexec_user_stack /etc/system >/dev/null 2>&1
if [ "$?" != "0" ] ; then
   echo "* Attempt to prevent and log stack-smashing attacks" >>/etc/system
   echo set noexec_user_stack=1 >>/etc/system
   echo set noexec_user_stack_log=1 >>/etc/system
   grep noexec_user_stack=  /etc/system >>/var/tmp/`hostname`-security-setup.log
   grep noexec_user_stack_log=  /etc/system >>/var/tmp/`hostname`-security-setup.log
fi
0
 

Author Comment

by:d_asselin
ID: 33525669
Yes and no

I still need to insert in to the log some fields like so
“ test-num“,”set noexec_user_stack =1”,” Setting is noexec_user_stack=1”
 to break it down

  I still need to insert in to the log some fields like so
“ test-num“,”set noexec_user_stack =1”,” Setting is noexec_user_stack=1”
 
Single quote beginning of line “,” field separator “ end of line
 “ Required setting”,” actual setting"
0
 

Expert Comment

by:sds9985
ID: 33530243
How about something like:
grep noexec_user_stack /etc/system >/dev/null 2>&1
if [ "$?" != "0" ] ; then
   echo "* Attempt to prevent and log stack-smashing attacks" >>/etc/system
   echo set noexec_user_stack=1 >>/etc/system
   echo set noexec_user_stack_log=1 >>/etc/system
   grep noexec_user_stack=  /etc/system >>/var/tmp/`hostname`-security-setup.log
   grep noexec_user_stack_log=  /etc/system >>/var/tmp/`hostname`-security-setup.log
   echo "insert anything else you like into the log here" >>/var/tmp/`hostname`-security-setup.log
fi
0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 

Author Comment

by:d_asselin
ID: 33530531
That will not work

  I think  I’m not explaining myself properly

 It is not a question of inserting something in a log!  But inserting text into a single
 I need the results of a command  plus some text in a single line of text
Beginning with  a quote and fields separated commas
Line like so

“Hostname”,”“Text1 here”,” text2 here”,” result here”
  “  Field1   “,”           Field2   “,”          field3  “,”        field4”
Dan
0
 
LVL 19

Accepted Solution

by:
simon3270 earned 500 total points
ID: 33539901
You can output multiple back-quoted commands on a single line, with something like this (all on one line):

echo \"`hostname`\",\"set noexec_user_stack=1\",\"Setting is `grep noexec_user_stack=  /etc/system`\" >>/var/tmp/`hostname`-security-setup.log

That would write this to the log file (assuming your machine was called testhost!):

"testhost", "set noexec_user_stack=1","Settign is set noexec_user_stack=1"

I have escaped all of the "s so that the shell doesn't interpret them.  You would repeat the above line for all of the vars you are setting (e.g. one more line for noexec_user_stack_log here).

I'd also make a couple of other changes to the script, so that it ends up as the attached.  It simplifies the "grep" line, and does the value check outside the "if" test (that way, you will pick up systems where the noexec_user_stack entry is already defined, so that you can check that the value is indeed 1).  If you only want to write to the log if you actually added the lines in this script, then move the last two lines to before the "fi" line.


if ! grep noexec_user_stack /etc/system >/dev/null
then
cat <<END_CFG >>/etc/system
* Attempt to prevent and log stack-smashing attacks
set noexec_user_stack = 1
set noexec_user_stack_log = 1
END_CFG
fi
echo \"`hostname`\",\"set noexec_user_stack=1\",\"Setting is `grep noexec_user_stack=  /etc/system`\" >>/var/tmp/`hostname`-security-setup.log
echo \"`hostname`\",\"set noexec_user_stack_log=1\",\"Setting is `grep noexec_user_stack_log=  /etc/system`\" >>/var/tmp/`hostname`-security-setup.log

Open in new window

0
 

Author Closing Comment

by:d_asselin
ID: 33541044
This works very well
  Very much very much appreciated
Dan
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Low Disk Space Script to warn logged in User (not via email) 6 80
Sed question 2 68
how to run my script during boot in rhel 7 14 100
Call Shell Script from Perl Script 6 75
Recently, an awarded photographer, Selina De Maeyer (http://www.selinademaeyer.com/), completed a photo shoot of a beautiful event (http://www.sintjacobantwerpen.be/verslag-en-fotoreportage-van-de-sacramentsprocessie-door-antwerpen#thumbnails) in An…
Active Directory replication delay is the cause to many problems.  Here is a super easy script to force Active Directory replication to all sites with by using an elevated PowerShell command prompt, and a tool to verify your changes.
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
I designed this idea while studying technology in the classroom.  This is a semester long project.  Students are asked to take photographs on a specific topic which they find meaningful, it can be a place or situation such as travel or homelessness.…

919 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now