Linux Menu issue
So let me start this off as I have no control over how we do things. The systems are configured to be as functional and secure as possible. So things that would work on a home system may not work here. such as keys.
So here is my question:
I have 831 systems that I audit on a weekly basis. These systems are broken down into networks. But they all can be reached via a netapps/security server.
I have, over the past few months, been able to write a main menu and many sub-menus to achieve all my goals for automating the audits with the exception of one network that is a bit more complex because it doesn't have a direct path to the NetApps/Security Server, It has to hop from one server to the next to the NetApps/Security Server.
The path looks something like this:
Security --> Network 1 --> Network 2 -->Host
User1 is an Active Directory account
User2 is an LDAP Account
I am writing the menu option to do the audits and move the audit findings to the security server.
So the current way I do it is I run a single script each time. For this particular network/host it looks like this:
sshpass -p $pw ssh -q -t $user1@Network1 "ssh -q -t $user1@Network2 "ssh -q -t $user2@Host sudo su -; ./audit.sh"
Then I have to do this:
sshpass -p $pw ssh -q -t $user1@Network1 "ssh -q -t $user1@Network1 'sudo chmod 664 /tmp/audit-backup*; sudo scp -q /tmp/audit-backup* $user1@Network1:/tmp; sudo rm -f /tmp/audit-backup*'"
And lastly I need to do this:
sshpass -p $pw ssh -q -t $user1@Network1 "sudo chmod 664 /tmp/audit-backup*; sudo scp -q /tmp/audit-backup* $user1@Security:/mnt/audit
I was hoping these was an easier way to do this. I can get all this to work in it's own script, but I would really like to have it as a menu option where they aren't calling another script to run. I am sure there is an easier way I and I will continue to look and try things. But thought I would ask the experts.
Thanks
John
So here is my question:
I have 831 systems that I audit on a weekly basis. These systems are broken down into networks. But they all can be reached via a netapps/security server.
I have, over the past few months, been able to write a main menu and many sub-menus to achieve all my goals for automating the audits with the exception of one network that is a bit more complex because it doesn't have a direct path to the NetApps/Security Server, It has to hop from one server to the next to the NetApps/Security Server.
The path looks something like this:
Security --> Network 1 --> Network 2 -->Host
User1 is an Active Directory account
User2 is an LDAP Account
I am writing the menu option to do the audits and move the audit findings to the security server.
So the current way I do it is I run a single script each time. For this particular network/host it looks like this:
sshpass -p $pw ssh -q -t $user1@Network1 "ssh -q -t $user1@Network2 "ssh -q -t $user2@Host sudo su -; ./audit.sh"
Then I have to do this:
sshpass -p $pw ssh -q -t $user1@Network1 "ssh -q -t $user1@Network1 'sudo chmod 664 /tmp/audit-backup*; sudo scp -q /tmp/audit-backup* $user1@Network1:/tmp; sudo rm -f /tmp/audit-backup*'"
And lastly I need to do this:
sshpass -p $pw ssh -q -t $user1@Network1 "sudo chmod 664 /tmp/audit-backup*; sudo scp -q /tmp/audit-backup* $user1@Security:/mnt/audit
I was hoping these was an easier way to do this. I can get all this to work in it's own script, but I would really like to have it as a menu option where they aren't calling another script to run. I am sure there is an easier way I and I will continue to look and try things. But thought I would ask the experts.
Thanks
John
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
David Favor
https://www.cyberciti.biz/
Even better, just setup your audit.sh script to run in CRON on each machine + arrange rsyslog on each machine to dump to one common system.
This will likely make things much easier.
This will likely make things much easier.
ASKER
David,
Thank for the inputs. We are not authorized to install any external packages like PSSH. Wish we could.
The Audit.sh file goes out to all the systems attached to that one host and pulls the auditd file and runs other commands to parse through for certain information that we look for. So running it as a CRON is not possible now.
I will modify the lines a bit to include && vs ; to ensure each command runs so it doesn't continue on and adversely affect things we are doing.
John
Thank for the inputs. We are not authorized to install any external packages like PSSH. Wish we could.
The Audit.sh file goes out to all the systems attached to that one host and pulls the auditd file and runs other commands to parse through for certain information that we look for. So running it as a CRON is not possible now.
I will modify the lines a bit to include && vs ; to ensure each command runs so it doesn't continue on and adversely affect things we are doing.
John
ASKER
So as it turn out the menu option for running all the commands in order would not work. The systems are not built the same and they have two different version of Linux as well as the way they talk to each other. But I did find another way to do it, but in a sequence of steps that the user chooses from the menu.
ASKER
The advice pointed me in the right direction to find a fix for it.