Use command 2 incase command 1 fails


 
Thread Tools Search this Thread
Special Forums Cybersecurity Use command 2 incase command 1 fails
# 1  
Old 01-22-2019
Use command 2 incase command 1 fails

I try to fire grep command on remote servers using ssh like below:

Code:
sshpass -p mypassword ssh -t user1@mach2 "grep -e word1 -e word2 /var/out.txt"

The issue is that i wish to run the same grep command which searches for multiple strings in a file on remote servers with different Operating Systems as below.

Code:
Linux mach1 2.6.18-436.el5 #1 SMP Thu Nov 22 06:38:01 EST 2018 x86_64 x86_64 x86_64 GNU/Linux

SunOS mach2 5.10 Generic_150400-63 sun4u sparc SUNW,SPARC-Enterprise

On SunOS grep fails however /usr/xpg4/bin/grep works fine.

How can i tweak my ssh command to switch between grep and /usr/xpg4/bin/grep so it works without failing on both flavors of OS ?
# 2  
Old 01-22-2019
Just use the full path of grep in your script.

Code:
sshpass -p mypassword ssh -t user1@mach2 "/full/path/to/grep -e word1 -e word2 /var/out.txt"

Run a different script for different classes of servers.

You really like to make very complex solutions to very easy problems. If I worked like you, I would never get anything done because you always try to create some overly complex solution to a very easy to solve problem.

You have been working on this for weeks, but if you built a simple solution, you could finish in a few hours !!! !!!

You have nothing else to do at work but make things more complex than they need to be??
# 3  
Old 01-22-2019
Quote:
Originally Posted by Neo
Just use the full path of grep in your script.

Code:
sshpass -p mypassword ssh -t user1@mach2 "/full/path/to/grep -e word1 -e word2 /var/out.txt"

Run a different script for different classes of servers.
This would fail on Linux servers where only grep works and not the one with the full path.

Hence, i would need to use the full path only if grep command fails & if my memory helps me I guess there should be a way to achieve this.
# 4  
Old 01-22-2019
Quote:
Originally Posted by mohtashims
This would fail on Linux servers where only grep works and not the one with the full path.

Hence, i would need to use the full path only if grep command fails & if my memory helps me I guess there should be a way to achieve this.
It does not fail if you use a different script for each major class of server like I said in my reply.

Moderator's Comments:
Mod Comment I am going to give you a WARNING to listen and follow the experts here, or else receive infractions (and maybe banned if you continue not to listen and build insecure solutions at your work). You are just wasting our time with your poor, insecure, over-complex solutions. I have told you MANY times. Consider this your first warning from the site admin. We are not going to help helping you build insecure, overly complex solutions at your work. First warning.
# 5  
Old 01-22-2019
There is a common method:
specify a PATH that works on all systems - knowing that non-existing PATH components are skipped.
Code:
sshpass -p mypassword ssh -t user1@mach2 "PATH=/usr/xpg4/bin:/bin grep -e word1 -e word2 /var/out.txt"

The PATH= is a sh construct. If the remote user has a csh login shell, use the external command /usr/bin/env PATH=/usr/xpg4/bin:/bin grep ...
# 6  
Old 01-22-2019
Quote:
Originally Posted by MadeInGermany
There is a common method:
specify a PATH that works on all systems - knowing that non-existing PATH components are skipped.
Code:
sshpass -p mypassword ssh -t user1@mach2 "PATH=/usr/xpg4/bin:/bin grep -e word1 -e word2 /var/out.txt"

The PATH= is a sh construct. If the remote user has a csh login shell, use the external command /usr/bin/env PATH=/usr/xpg4/bin:/bin grep ...
This problem with this method is that it can create a security vulnerability to be searching paths which do not exist on machines. It's dangerous on production systems in high risk environments (like financial services systems).

So, if anyone in his company (which in the case of this poster, is a major investment bank) purposely or accidentally injects a faux grep in the path, it could easily be exploited and cause problems.

So creating solutions passing a PATH which we know is going to traverse non-existant commands "is a kludge" which is not necessary (because there are better solutions) and adds a security vulnerability for the sake of sticking with a poor implementation. It is better to build simple, secure solutions, not kludges when working on "high risk" systems.

The solution is for the poster to stop using sshpass (as we have told him many times), and user password-less SSH (with shared encryption keys) and to build a secure solution and to STOP kludging things together because......

I think the poster is just lazy to set up the keys on 300 servers, and so because of this "laziness" (for a lack of better word or visibility into his workplace) he is making the company he works for more vulnerable to attackers.

The same is true for trying to come up with a one-liner that works for all systems which traverses the filesystem. It just creates vulnerabilities, unnecessarily.

We cannot condone or support creating vulnerabilities here when we know the poster is creating solutions for his employer, a major financial institution.
# 7  
Old 01-22-2019
I do not agree regarding the PATH setting.
A given PATH with /usr/... or /bin/... components can be trusted more than a PATH that might come from the remote user's .bashrc.
For the same reason a script should set PATH at the beginning.
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

Grep command Fails on SunOS Sparc

Hi, This command works ggrep -v -F -x -f app1.txt app2.txt But, I don't have ggrep on SunOS Sparc so I tried using grep instead but it errors out grep: illegal option -- F bash-2.03$ uname -a SunOS mymac 5.8 Generic_Virtual sun4v sparc sun4v Can you help me with a grep command that... (6 Replies)
Discussion started by: mohtashims
6 Replies

2. Shell Programming and Scripting

Tar command fails

I am on Oracle Linux: tar -cpzf export.tar.gz /dir/dir1/dir2/* bash: /bin/tar: Argument list too long I tried the workaround from the folder /dir/dir1/dir2: find . -name '*' -print | tar -cpzf export.tar.gz --files-from – My issue is that the command inludes the newly created tar... (16 Replies)
Discussion started by: sumang24
16 Replies

3. Shell Programming and Scripting

Script to check one command and if it fails moves to other command

Input is list of Server's, script is basically to remove old_rootvg, So it should check first command "alt_rootvg_op -X old_rootvg" if it passes move to next server and starts check and if it fails moves to other command "exportvg old_rootvg" for only that particular server. I came up with below,... (6 Replies)
Discussion started by: aix_admin_007
6 Replies

4. Shell Programming and Scripting

SH script, variable built command fails, but works at command line

I am working with a sh script on a solaris 9 zone (sol 10 host) that grabs information to build the configuration command line. the variables Build64, SSLopt, CONFIGopt, and CC are populated in the script. the script includes CC=`which gcc` CONFIGopt=' --prefix=/ --exec-prefix=/usr... (8 Replies)
Discussion started by: oly_r
8 Replies

5. Shell Programming and Scripting

Need help! command working ok when executed in command line, but fails when run inside a script!

Hi everyone, when executing this command in unix: echo "WM7 Fatal Alerts:", $(cat query1.txt) > a.csvIt works fine, but running this command in a shell script gives an error saying that there's a syntax error. here is content of my script: tdbsrvr$ vi hc.sh "hc.sh" 22 lines, 509... (4 Replies)
Discussion started by: 4dirk1
4 Replies

6. AIX

Find command fails in crontab

Hi , I imported find command I have on my hp-ux server to clean up the /tmp of my new IBM AIX servers. Though, the commands always fails in the cron but if I past it at the prompt, it works find. I tried with at jobs and regular 'find' . Could anyone tell me what I am doing wrong? Many... (4 Replies)
Discussion started by: cforget2810
4 Replies

7. Shell Programming and Scripting

How to print error and exit if command fails?

Guys any tips on printing a certain error message to stderr and exiting should a command fail within a ksh script? I'm trying to null some output files. Touch isn't suitable as i need to null them. print "" > file isn't suitable as i need to check elsehere for if they are 0bytes or not. ... (5 Replies)
Discussion started by: lavascript
5 Replies

8. Shell Programming and Scripting

unzip command fails in ssh

I'm trying to run a set of commands on a remote machine using ssh in a shell script. One of the commands is unzip. But when the execution reaches this command, the script fails with an error that unzip is not found. Below is the code and the error snippet. sourceDir=$1 ; filename=$3 ; destDir=$2... (4 Replies)
Discussion started by: farahzaiba
4 Replies

9. AIX

AIX: chpath command fails

Hi Guys, i'm having trouble changing the path-priority. Now both priorities are 1 as you can see in the lspath-output. Any ideas why the chpath command fails? # chpath -l hdisk3 -p fscsi1 -a priority=10 Method error (/etc/methods/chgdisk): 0514-080 Invalid routine argument... (4 Replies)
Discussion started by: raba
4 Replies

10. UNIX for Advanced & Expert Users

at command fails

hi, all the user on my machine can't launch at job anymore. they all got the message "error in message send" each time they launch something using the at command. i tried to empty the job queue but the error message is still there. What can I do ? Thanks (1 Reply)
Discussion started by: a329743
1 Replies
Login or Register to Ask a Question