[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [hobbit] How to run an arbitary script on the client end?

To: hobbit (at) hswn.dk
Subject: Re: [hobbit] How to run an arbitary script on the client end?
From: Charles Jones <jonescr (at) cisco.com>
Date: Mon, 11 Jun 2007 14:44:12 -0700
Authentication-results: sj-dkim-3; header.From=jonescr (at) cisco.com; dkim=pass ( sig from cisco.com/sjdkim3002 verified; );
Dkim-signature: v=0.5; a=rsa-sha256; q=dns/txt; l=7155; t=1181598256; x=1182462256; c=relaxed/simple; s=sjdkim3002; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=jonescr (at) cisco.com; z=From:=20Charles=20Jones=20<jonescr (at) cisco.com> |Subject:=20Re=3A=20[hobbit]=20How=20to=20run=20an=20arbitary=20script=20 on=20the=20client=20end? |Sender:=20; bh=9VDSHJey6n+huBqPv7aDNylqZkglcKHEloKJpvupTMc=; b=s++9pC/80NgKSXlUKO49RlUQ/M+nOT6uSkHQhjGfaF9u0ciqUw6/QtTAEHfJE4ZY8GWbB2Zq Vj7jTd3Mr/pwRO7VYEiSsIJghne0+n2vaWRwYDJPHoznX/zmrYgy+m+j;
Organization: Cisco Systems
References: <4669C0BB.8060708 (at) cisco.com> <9836EA7D7FDAE34099AED87A2D9C3A8D222FE2 (at) 306181ANEX2.global.avaya.com> <9836EA7D7FDAE34099AED87A2D9C3A8D223016 (at) 306181ANEX2.global.avaya.com> <4669CDD5.1010604 (at) cisco.com> <9836EA7D7FDAE34099AED87A2D9C3A8D2230F1 (at) 306181ANEX2.global.avaya.com> <9836EA7D7FDAE34099AED87A2D9C3A8D2231AA (at) 306181ANEX2.global.avaya.com> <466CE62E.5060608 (at) rz.uni-frankfurt.de> <9836EA7D7FDAE34099AED87A2D9C3A8D22331C (at) 306181ANEX2.global.avaya.com> <20070611201331.GA31690 (at) hswn.dk> <87C763EA83D0234E9BEF12A8C6C8BB73027687F1 (at) HQGTNEX5.doe.local> <20070611204803.GB31817 (at) hswn.dk> <9836EA7D7FDAE34099AED87A2D9C3A8D257BB0 (at) 306181ANEX2.global.avaya.com>
User-agent: Thunderbird 2.0.0.0 (X11/20070419)

I had a similar idea to this once: seehttp://www.hswn.dk/hobbiton/2006/09/msg00537.htmlIt could be handy to be able to specify running an external command, theinterval to run it at, and a tag name for it in client-data (and/orperhaps option for the output to be added to a specified column on theHobbit display).

As for executing remote commands being a security risk, other monitoringprograms like Nagios do this (over ssh), and as pointed out it isalready possible via using backticks in the log directive. Honestly ifsomeone roots your hobbit server they wouldn't need much help gettinginto everything else. You should be running the hobbit clients as anon-privledged user, and could even put them in a chroot jail if youwant to sleep better at night :)


-Charles

Haertig, David F (Dave) wrote:

It doesn't matter to me if you add this new feature or not.  It might be
nice, but it's not a deal-breaker.

However, the ability to run arbitrary commands on the client as directed
from the server end is already there.  Via the backticks in the log
directive.  A new "addon" directive might make this easier to access an
dgive it more visibility, but the ability to do remote damage already

exists.

-----Original Message-----

From: Henrik Stoerner [mailto:henrik (at) hswn.dk]Sent: Monday, June 11, 2007 2:48 PM

To: hobbit (at) hswn.dk
Subject: Re: [hobbit] How to run an arbitary script on the client end?

On Mon, Jun 11, 2007 at 04:22:08PM -0400, Kern, Thomas wrote:

Would this new ADDON feature be configured at the server side or oneach client?


Server-side, in the client-local.cfg file.

I have a gut reaction against some other server being able toarbitrarily execute commands on my systems


I agree. When I wrote the client, I actually did think about doing
something like this, but decided against it for that very reason.

And if you're the only one who wants it, then I'll probably NOT
implement it.

but I know who runs our
hobbit server. I am also against having to modify each hobbit clientthat I run if I come up with a new nifty ADDON. I have not looked into

the update/upgrade mechanism since I know the hobbit-server admin, but

is there some authentication of the updates/upgrades/new_ADDONs thatcan be done so that they only come from a trusted source?


Updates are only downloaded from the Hobbit server. But apart from that,
there's no authentication of the new client code.


Regards,
Henrik


To unsubscribe from the hobbit list, send an e-mail to
hobbit-unsubscribe (at) hswn.dk

To unsubscribe from the hobbit list, send an e-mail to
hobbit-unsubscribe (at) hswn.dk

References:
- Re: [hobbit] How to run an arbitary script on the client end?
  - From: Charles Jones
- RE: [hobbit] How to run an arbitary script on the client end?
  - From: Haertig, David F (Dave)
- RE: [hobbit] How to run an arbitary script on the client end?
  - From: Haertig, David F (Dave)
- Re: [hobbit] How to run an arbitary script on the client end?
  - From: Charles Jones
- RE: [hobbit] How to run an arbitary script on the client end?
  - From: Haertig, David F (Dave)
- RE: [hobbit] How to run an arbitary script on the client end?
  - From: Haertig, David F (Dave)
- Re: [hobbit] How to run an arbitary script on the client end?
  - From: Rolf Schrittenlocher
- RE: [hobbit] How to run an arbitary script on the client end?
  - From: Haertig, David F (Dave)
- Re: [hobbit] How to run an arbitary script on the client end?
  - From: Henrik Stoerner
- RE: [hobbit] How to run an arbitary script on the client end?
  - From: Kern, Thomas
- Re: [hobbit] How to run an arbitary script on the client end?
  - From: Henrik Stoerner
- RE: [hobbit] How to run an arbitary script on the client end?
  - From: Haertig, David F (Dave)

Prev by Date: ssh on one onterface and ping on other interface
Next by Date: Error 500 when viewing Critical Systems page
Previous by thread: RE: [hobbit] How to run an arbitary script on the client end?
Next by thread: RE: [hobbit] How to run an arbitary script on the client end?
Index(es):
- Date
- Thread