Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Use command 2 incase command 1 fails
Special Forums Cybersecurity Use command 2 incase command 1 fails Post 303029137 by Neo on Tuesday 22nd of January 2019 08:57:32 AM
Old 01-22-2019
Quote:
Originally Posted by MadeInGermany
There is a common method:
specify a PATH that works on all systems - knowing that non-existing PATH components are skipped.
Code:
sshpass -p mypassword ssh -t user1@mach2 "PATH=/usr/xpg4/bin:/bin grep -e word1 -e word2 /var/out.txt"

The PATH= is a sh construct. If the remote user has a csh login shell, use the external command /usr/bin/env PATH=/usr/xpg4/bin:/bin grep ...
This problem with this method is that it can create a security vulnerability to be searching paths which do not exist on machines. It's dangerous on production systems in high risk environments (like financial services systems).

So, if anyone in his company (which in the case of this poster, is a major investment bank) purposely or accidentally injects a faux grep in the path, it could easily be exploited and cause problems.

So creating solutions passing a PATH which we know is going to traverse non-existant commands "is a kludge" which is not necessary (because there are better solutions) and adds a security vulnerability for the sake of sticking with a poor implementation. It is better to build simple, secure solutions, not kludges when working on "high risk" systems.

The solution is for the poster to stop using sshpass (as we have told him many times), and user password-less SSH (with shared encryption keys) and to build a secure solution and to STOP kludging things together because......

I think the poster is just lazy to set up the keys on 300 servers, and so because of this "laziness" (for a lack of better word or visibility into his workplace) he is making the company he works for more vulnerable to attackers.

The same is true for trying to come up with a one-liner that works for all systems which traverses the filesystem. It just creates vulnerabilities, unnecessarily.

We cannot condone or support creating vulnerabilities here when we know the poster is creating solutions for his employer, a major financial institution.
 

10 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

at command fails

hi, all the user on my machine can't launch at job anymore. they all got the message "error in message send" each time they launch something using the at command. i tried to empty the job queue but the error message is still there. What can I do ? Thanks (1 Reply)
Discussion started by: a329743
1 Replies

2. AIX

AIX: chpath command fails

Hi Guys, i'm having trouble changing the path-priority. Now both priorities are 1 as you can see in the lspath-output. Any ideas why the chpath command fails? # chpath -l hdisk3 -p fscsi1 -a priority=10 Method error (/etc/methods/chgdisk): 0514-080 Invalid routine argument... (4 Replies)
Discussion started by: raba
4 Replies

3. Shell Programming and Scripting

unzip command fails in ssh

I'm trying to run a set of commands on a remote machine using ssh in a shell script. One of the commands is unzip. But when the execution reaches this command, the script fails with an error that unzip is not found. Below is the code and the error snippet. sourceDir=$1 ; filename=$3 ; destDir=$2... (4 Replies)
Discussion started by: farahzaiba
4 Replies

4. Shell Programming and Scripting

How to print error and exit if command fails?

Guys any tips on printing a certain error message to stderr and exiting should a command fail within a ksh script? I'm trying to null some output files. Touch isn't suitable as i need to null them. print "" > file isn't suitable as i need to check elsehere for if they are 0bytes or not. ... (5 Replies)
Discussion started by: lavascript
5 Replies

5. AIX

Find command fails in crontab

Hi , I imported find command I have on my hp-ux server to clean up the /tmp of my new IBM AIX servers. Though, the commands always fails in the cron but if I past it at the prompt, it works find. I tried with at jobs and regular 'find' . Could anyone tell me what I am doing wrong? Many... (4 Replies)
Discussion started by: cforget2810
4 Replies

6. Shell Programming and Scripting

Need help! command working ok when executed in command line, but fails when run inside a script!

Hi everyone, when executing this command in unix: echo "WM7 Fatal Alerts:", $(cat query1.txt) > a.csvIt works fine, but running this command in a shell script gives an error saying that there's a syntax error. here is content of my script: tdbsrvr$ vi hc.sh "hc.sh" 22 lines, 509... (4 Replies)
Discussion started by: 4dirk1
4 Replies

7. Shell Programming and Scripting

SH script, variable built command fails, but works at command line

I am working with a sh script on a solaris 9 zone (sol 10 host) that grabs information to build the configuration command line. the variables Build64, SSLopt, CONFIGopt, and CC are populated in the script. the script includes CC=`which gcc` CONFIGopt=' --prefix=/ --exec-prefix=/usr... (8 Replies)
Discussion started by: oly_r
8 Replies

8. Shell Programming and Scripting

Script to check one command and if it fails moves to other command

Input is list of Server's, script is basically to remove old_rootvg, So it should check first command "alt_rootvg_op -X old_rootvg" if it passes move to next server and starts check and if it fails moves to other command "exportvg old_rootvg" for only that particular server. I came up with below,... (6 Replies)
Discussion started by: aix_admin_007
6 Replies

9. Shell Programming and Scripting

Tar command fails

I am on Oracle Linux: tar -cpzf export.tar.gz /dir/dir1/dir2/* bash: /bin/tar: Argument list too long I tried the workaround from the folder /dir/dir1/dir2: find . -name '*' -print | tar -cpzf export.tar.gz --files-from – My issue is that the command inludes the newly created tar... (16 Replies)
Discussion started by: sumang24
16 Replies

10. Shell Programming and Scripting

Grep command Fails on SunOS Sparc

Hi, This command works ggrep -v -F -x -f app1.txt app2.txt But, I don't have ggrep on SunOS Sparc so I tried using grep instead but it errors out grep: illegal option -- F bash-2.03$ uname -a SunOS mymac 5.8 Generic_Virtual sun4v sparc sun4v Can you help me with a grep command that... (6 Replies)
Discussion started by: mohtashims
6 Replies

LEARN ABOUT ULTRIX

gzexe

GZEXE(1)						      General Commands Manual							  GZEXE(1)

NAME

       gzexe - compress executable files in place

SYNOPSIS

       gzexe name ...

DESCRIPTION

       The  gzexe  utility  allows you to compress executables in place and have them automatically uncompress and execute when you run them (at a
       penalty in performance).  For example if you execute ``gzexe /usr/bin/gdb'' it will create the following two files:
	   -rwxr-xr-x  1 root root 1026675 Jun	7 13:53 /usr/bin/gdb
	   -rwxr-xr-x  1 root root 2304524 May 30 13:02 /usr/bin/gdb~
       /usr/bin/gdb~ is the original file and /usr/bin/gdb is the self-uncompressing executable file.  You can remove /usr/bin/gdb~ once  you  are
       sure that /usr/bin/gdb works properly.

       This utility is most useful on systems with very small disks.

OPTIONS

       -d     Decompress the given executables instead of compressing them.

SEE ALSO

       gzip(1), znew(1), zmore(1), zcmp(1), zforce(1)

CAVEATS

       The  compressed executable is a shell script.  This may create some security holes.  In particular, the compressed executable relies on the
       PATH environment variable to find gzip and some standard utilities (basename, chmod, ln, mkdir, mktemp, rm, sleep, and tail).

BUGS

       gzexe attempts to retain the original file attributes on the compressed executable, but you may have to fix them manually  in  some  cases,
       using chmod or chown.

																	  GZEXE(1)
All times are GMT -4. The time now is 10:23 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy