|
|
|
google unix.com
|
|||||||
| Forums | Register | Forum Rules | Links | Albums | FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
| Security Discuss UNIX and Linux computer and network security, cybersecurity, cyberattacks, IT security, CISSP, OWASP and more. |
More UNIX and Linux Forum Topics You Might Find Helpful
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Remote command execution | uunniixx | Shell Programming and Scripting | 4 | 04-03-2009 12:26 AM |
| Execution of awk command in a variable | patelamit009 | Shell Programming and Scripting | 2 | 08-07-2008 12:04 PM |
| command execution time | hashin_p | Shell Programming and Scripting | 5 | 07-06-2008 08:28 PM |
| command execution ?? | zedex | UNIX for Advanced & Expert Users | 1 | 11-06-2007 05:26 PM |
| VI questions : mass changes, mass delete and external insert | Browser_ice | AIX | 1 | 12-13-2006 04:20 AM |
 |
Powered by 
|
|
|
LinkBack | Thread Tools | Search this Thread | Rate Thread | Display Modes |
|
|
06-30-2009
|
||||
|
||||
|
Recommended Solutions for Mass Command Execution
What methods/programs do folks use or recommend for a large mixed environment?
We have a mix of OS's from HPUX, Tru-64 (ya still), AIX, and Linux flavors. I'm looking at ~300 nodes to manage and would like a means to securely, but effectively manage these hosts. Right now, we're using an expect script w/ a ksh wrapper that will run commands w/ a su -c root, but that requires you to stick user and root password in plain text files which isn't choice, even if temporary. Root login isn't permitted via SSH of course, as that's a SOX violation. Just looking for some direction or recommendations of what other folks are using when faced w/ this task. Thanks for any advice you can offer! |
|
06-30-2009
|
||||
|
||||
|
SOX, uggh! best describes it. We have the following for jobs that are repeated periodically: a job in root cron on each remote node that runs once per (U pick it) minute interval. It reads a command file. The file format is something like this: Code:
1 -a -b arg1 23 The file lives in a protected sftp only folder. The 1 refers to #1 in a list of commands known to the cron script. The cron script decodes the one, adds the arguments. It then goes thru submitting (at now) each job request in the file. The command file is then zeroed. The cron job keeps a log of when & what was submitted. The 'control panel' is on a single box. It's job is to build the command request files and scp them to the remote box(es) using the protected account. It keeps track of pending requests so that an unprocessed request file on a remote node does not get overwritten. There is also an 'adhoc' request screen. In practice the command file sent to remote boxes is encrypted. On a per remote box basis. And there are validation fields as well. This is to prevent spoofing. We have 400+ Linux servers, 20+ HP-UX boxes and some oddballs. |
|
07-29-2009
|
||||
|
||||
|
it's really great here so much to learn....nice post thanks....
demande carte de credit - Carte de credit, credit en ligne. La notation des maison de credit rejaillit sur le client ! |
|
| Bookmarks |
| Thread Tools | Search this Thread |
| Display Modes | Rate This Thread |
|
|
Hybrid Mode
