script questions - does not appear to work corretly

Latest response

I have a question regarding a few scripts that appear to connect to all my clients successfully using ssh. Background on this I have a network of 69 clients. I would like to for example tweak the auditd.conf file and push the file across the network. I did create a new template file and was able to transfer to all the clients and when I attempted to copy or move the file to auditd.conf it never performed the action. The template scp copied to each client but did not do the above stated. Here is my script as is.

! /bin/bash

export SSHPASS="";
ssh-keygen && for host in $(cat hosts.txt)
do
sshpass -e ssh-copy-id -o StrictHostKeyChecking=no $host
done;
#
#
for host in $(cat hosts.txt); do ssh "$host" ifconfig | grep -A 30 eth0 | grep -v "lo" | grep -v virbr0 >> /home/user/logrotate/out.$hostoutput.$host;
scp /home/user/logrotate/out.$hostnewaudit.txt ${host}:/etc/audit/;
cd /etc/audit;
cp auditd.conf auditd.conf.back;
cp newaudit.txt auditd.conf;
rm newaudit.txt;
ls -l >> /home/user/logrotate/out.$hostoutput.$host;
systemd-analyze set-log-level notice;
echo $host;
echo "";
echo "";
echo "Audit updated."
cd /home/user/logrotate
done;
exit;

My passsword was not included in the script.
My hosts.txt files contains all the ip's of the clients in the network.
I would also do that same for updating the logrotate.conf files.

Any help would be appreciated as I am a newbie and would like to get my network more contained and streamlined as far as maintenance is concerned.

Thanks Jon

Responses

At first look it appears to me that it could be due to permission bit which is not allowing any users other than root to edit/change /etc/audit/auditd.conf file:

[root@rhel77 ~]# ls -l /etc/audit/auditd.conf
-rw-r-----. 1 root root 784 Aug 10  2016 /etc/audit/auditd.conf

Thank you I will look into this issue..

Jon.

I looked into the permission on this and am not sure what is going on...will this help yes | cp -rf newaudit.txt auditd.con

Please surround your code with lines containing three tilde (~) characters for better readability (refer to "Formatting Help"). I have done some indentation also:

! /bin/bash
export SSHPASS="";
ssh-keygen && for host in $(cat hosts.txt)
do
    sshpass -e ssh-copy-id -o StrictHostKeyChecking=no $host
done;
#
#
for host in $(cat hosts.txt)
do
    ssh "$host" ifconfig | grep -A 30 eth0 | grep -v "lo" | grep -v virbr0 >> /home/user/logrotate/out.$hostoutput.$host;
    scp /home/user/logrotate/out.$hostnewaudit.txt ${host}:/etc/audit/;
    cd /etc/audit;
    cp auditd.conf auditd.conf.back;
    cp newaudit.txt auditd.conf;
    rm newaudit.txt;
    ls -l >> /home/user/logrotate/out.$hostoutput.$host;
    systemd-analyze set-log-level notice;
    echo $host;
    echo "";
    echo "";
    echo "Audit updated."
    cd /home/user/logrotate
done;
exit;

Please start your script with "#!/bin/bash" instead of "! /bin/bash".

Each invocation of this script will generate new ssh keys and distribute them. Why would you do this more than once?

When you add argument "eth0" to the ifconfig command, the output will be restricted to this interface and you can do without the three additional grep commands.

In the second loop of your script, the first two commands use ssh and scp. The remainder of the commands all run on the system on which the command is invoked, which does not fit the purpose of the script.

The scp command does not specify the remote file name and thus it will be the same as the source filename while the remainder of the loop expects filename "newaudit.txt".

Please use curly brackets to delimit the names of variables. Your script now contains unknown/empty variables $hostoutput and $hostnewaudit.

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.