Solved

Shell script

Posted on 2010-08-25
6
448 Views
Last Modified: 2013-12-26
Hi

    I have a script that perform security settings  on Solaris servers
And I need to modify it so that I can import the results to a mysql db
It is a very long script separated into many modual.

What I need to do is echo the output of individual command and log them
To a file with notations.

Here is a example of one loop  (there a several)
echo Enable stack protection
if [ ! "`grep noexec_user_stack /etc/system`" ]; then
cat <<END_CFG >>/etc/system
* Attempt to prevent and log stack-smashing attacks
set noexec_user_stack = 1
set noexec_user_stack_log = 1
cat /etc/system | grep noexec_user_stack >> /var/tmp/`hostname`-security-setup.log
cat /etc/system | grep noexec_user_stack_log >> /var/tmp/`hostname`-security-setup.log
END_CFG set noexec_user_stack=1
fi
and this sends to a log file in thi format
set noexec_user_stack=1
set noexec_user_stack_log=1

But what I need is this
“ test-num“,”set noexec_user_stack =1”,” Setting is noexec_user_stack=1”
0
Comment
Question by:d_asselin
  • 3
  • 2
6 Comments
 

Expert Comment

by:sds9985
ID: 33525366
How about something like:
grep noexec_user_stack /etc/system >/dev/null 2>&1
if [ "$?" != "0" ] ; then
   echo "* Attempt to prevent and log stack-smashing attacks" >>/etc/system
   echo set noexec_user_stack=1 >>/etc/system
   echo set noexec_user_stack_log=1 >>/etc/system
   grep noexec_user_stack=  /etc/system >>/var/tmp/`hostname`-security-setup.log
   grep noexec_user_stack_log=  /etc/system >>/var/tmp/`hostname`-security-setup.log
fi
0
 

Author Comment

by:d_asselin
ID: 33525669
Yes and no

I still need to insert in to the log some fields like so
“ test-num“,”set noexec_user_stack =1”,” Setting is noexec_user_stack=1”
 to break it down

  I still need to insert in to the log some fields like so
“ test-num“,”set noexec_user_stack =1”,” Setting is noexec_user_stack=1”
 
Single quote beginning of line “,” field separator “ end of line
 “ Required setting”,” actual setting"
0
 

Expert Comment

by:sds9985
ID: 33530243
How about something like:
grep noexec_user_stack /etc/system >/dev/null 2>&1
if [ "$?" != "0" ] ; then
   echo "* Attempt to prevent and log stack-smashing attacks" >>/etc/system
   echo set noexec_user_stack=1 >>/etc/system
   echo set noexec_user_stack_log=1 >>/etc/system
   grep noexec_user_stack=  /etc/system >>/var/tmp/`hostname`-security-setup.log
   grep noexec_user_stack_log=  /etc/system >>/var/tmp/`hostname`-security-setup.log
   echo "insert anything else you like into the log here" >>/var/tmp/`hostname`-security-setup.log
fi
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 

Author Comment

by:d_asselin
ID: 33530531
That will not work

  I think  I’m not explaining myself properly

 It is not a question of inserting something in a log!  But inserting text into a single
 I need the results of a command  plus some text in a single line of text
Beginning with  a quote and fields separated commas
Line like so

“Hostname”,”“Text1 here”,” text2 here”,” result here”
  “  Field1   “,”           Field2   “,”          field3  “,”        field4”
Dan
0
 
LVL 19

Accepted Solution

by:
simon3270 earned 500 total points
ID: 33539901
You can output multiple back-quoted commands on a single line, with something like this (all on one line):

echo \"`hostname`\",\"set noexec_user_stack=1\",\"Setting is `grep noexec_user_stack=  /etc/system`\" >>/var/tmp/`hostname`-security-setup.log

That would write this to the log file (assuming your machine was called testhost!):

"testhost", "set noexec_user_stack=1","Settign is set noexec_user_stack=1"

I have escaped all of the "s so that the shell doesn't interpret them.  You would repeat the above line for all of the vars you are setting (e.g. one more line for noexec_user_stack_log here).

I'd also make a couple of other changes to the script, so that it ends up as the attached.  It simplifies the "grep" line, and does the value check outside the "if" test (that way, you will pick up systems where the noexec_user_stack entry is already defined, so that you can check that the value is indeed 1).  If you only want to write to the log if you actually added the lines in this script, then move the last two lines to before the "fi" line.


if ! grep noexec_user_stack /etc/system >/dev/null
then
cat <<END_CFG >>/etc/system
* Attempt to prevent and log stack-smashing attacks
set noexec_user_stack = 1
set noexec_user_stack_log = 1
END_CFG
fi
echo \"`hostname`\",\"set noexec_user_stack=1\",\"Setting is `grep noexec_user_stack=  /etc/system`\" >>/var/tmp/`hostname`-security-setup.log
echo \"`hostname`\",\"set noexec_user_stack_log=1\",\"Setting is `grep noexec_user_stack_log=  /etc/system`\" >>/var/tmp/`hostname`-security-setup.log

Open in new window

0
 

Author Closing Comment

by:d_asselin
ID: 33541044
This works very well
  Very much very much appreciated
Dan
0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

This Windows batch file is useful for organizing image files from a digital camera or other source, but can have many other uses.  It simply renames the file(s) to match their create date.  For example, if you took a picture today at 1:40pm and the …
The following is a collection of cases for strange behaviour when using advanced techniques in DOS batch files. You should have some basic experience in batch "programming", as I'm assuming some knowledge and not further explain the basics. For some…
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now