Solved

Shell script

Posted on 2010-08-25
6
459 Views
Last Modified: 2013-12-26
Hi

    I have a script that perform security settings  on Solaris servers
And I need to modify it so that I can import the results to a mysql db
It is a very long script separated into many modual.

What I need to do is echo the output of individual command and log them
To a file with notations.

Here is a example of one loop  (there a several)
echo Enable stack protection
if [ ! "`grep noexec_user_stack /etc/system`" ]; then
cat <<END_CFG >>/etc/system
* Attempt to prevent and log stack-smashing attacks
set noexec_user_stack = 1
set noexec_user_stack_log = 1
cat /etc/system | grep noexec_user_stack >> /var/tmp/`hostname`-security-setup.log
cat /etc/system | grep noexec_user_stack_log >> /var/tmp/`hostname`-security-setup.log
END_CFG set noexec_user_stack=1
fi
and this sends to a log file in thi format
set noexec_user_stack=1
set noexec_user_stack_log=1

But what I need is this
“ test-num“,”set noexec_user_stack =1”,” Setting is noexec_user_stack=1”
0
Comment
Question by:d_asselin
  • 3
  • 2
6 Comments
 

Expert Comment

by:sds9985
ID: 33525366
How about something like:
grep noexec_user_stack /etc/system >/dev/null 2>&1
if [ "$?" != "0" ] ; then
   echo "* Attempt to prevent and log stack-smashing attacks" >>/etc/system
   echo set noexec_user_stack=1 >>/etc/system
   echo set noexec_user_stack_log=1 >>/etc/system
   grep noexec_user_stack=  /etc/system >>/var/tmp/`hostname`-security-setup.log
   grep noexec_user_stack_log=  /etc/system >>/var/tmp/`hostname`-security-setup.log
fi
0
 

Author Comment

by:d_asselin
ID: 33525669
Yes and no

I still need to insert in to the log some fields like so
“ test-num“,”set noexec_user_stack =1”,” Setting is noexec_user_stack=1”
 to break it down

  I still need to insert in to the log some fields like so
“ test-num“,”set noexec_user_stack =1”,” Setting is noexec_user_stack=1”
 
Single quote beginning of line “,” field separator “ end of line
 “ Required setting”,” actual setting"
0
 

Expert Comment

by:sds9985
ID: 33530243
How about something like:
grep noexec_user_stack /etc/system >/dev/null 2>&1
if [ "$?" != "0" ] ; then
   echo "* Attempt to prevent and log stack-smashing attacks" >>/etc/system
   echo set noexec_user_stack=1 >>/etc/system
   echo set noexec_user_stack_log=1 >>/etc/system
   grep noexec_user_stack=  /etc/system >>/var/tmp/`hostname`-security-setup.log
   grep noexec_user_stack_log=  /etc/system >>/var/tmp/`hostname`-security-setup.log
   echo "insert anything else you like into the log here" >>/var/tmp/`hostname`-security-setup.log
fi
0
Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 

Author Comment

by:d_asselin
ID: 33530531
That will not work

  I think  I’m not explaining myself properly

 It is not a question of inserting something in a log!  But inserting text into a single
 I need the results of a command  plus some text in a single line of text
Beginning with  a quote and fields separated commas
Line like so

“Hostname”,”“Text1 here”,” text2 here”,” result here”
  “  Field1   “,”           Field2   “,”          field3  “,”        field4”
Dan
0
 
LVL 19

Accepted Solution

by:
simon3270 earned 500 total points
ID: 33539901
You can output multiple back-quoted commands on a single line, with something like this (all on one line):

echo \"`hostname`\",\"set noexec_user_stack=1\",\"Setting is `grep noexec_user_stack=  /etc/system`\" >>/var/tmp/`hostname`-security-setup.log

That would write this to the log file (assuming your machine was called testhost!):

"testhost", "set noexec_user_stack=1","Settign is set noexec_user_stack=1"

I have escaped all of the "s so that the shell doesn't interpret them.  You would repeat the above line for all of the vars you are setting (e.g. one more line for noexec_user_stack_log here).

I'd also make a couple of other changes to the script, so that it ends up as the attached.  It simplifies the "grep" line, and does the value check outside the "if" test (that way, you will pick up systems where the noexec_user_stack entry is already defined, so that you can check that the value is indeed 1).  If you only want to write to the log if you actually added the lines in this script, then move the last two lines to before the "fi" line.


if ! grep noexec_user_stack /etc/system >/dev/null
then
cat <<END_CFG >>/etc/system
* Attempt to prevent and log stack-smashing attacks
set noexec_user_stack = 1
set noexec_user_stack_log = 1
END_CFG
fi
echo \"`hostname`\",\"set noexec_user_stack=1\",\"Setting is `grep noexec_user_stack=  /etc/system`\" >>/var/tmp/`hostname`-security-setup.log
echo \"`hostname`\",\"set noexec_user_stack_log=1\",\"Setting is `grep noexec_user_stack_log=  /etc/system`\" >>/var/tmp/`hostname`-security-setup.log

Open in new window

0
 

Author Closing Comment

by:d_asselin
ID: 33541044
This works very well
  Very much very much appreciated
Dan
0

Featured Post

Free Tool: Postgres Monitoring System

A PHP and Perl based system to collect and display usage statistics from PostgreSQL databases.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Need to roll back kernel via script 4 85
AWK:  END { statements } 2 18
Shell script issue 4 36
Interactive Powershell script to reset password age in AD 4 27
How to remove superseded packages in windows w60 or w61 installation media (.wim) or online system to prevent unnecessary space. w60 means Windows Vista or Windows Server 2008. w61 means Windows 7 or Windows Server 2008 R2. There are various …
Active Directory replication delay is the cause to many problems.  Here is a super easy script to force Active Directory replication to all sites with by using an elevated PowerShell command prompt, and a tool to verify your changes.
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
In a recent question (https://www.experts-exchange.com/questions/29004105/Run-AutoHotkey-script-directly-from-Notepad.html) here at Experts Exchange, a member asked how to run an AutoHotkey script (.AHK) directly from Notepad++ (aka NPP). This video…

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question