[hobbit] monitoring ssh

Larry Barber lebarber at gmail.com
Thu Aug 23 20:21:04 CEST 2007


Just to give you an idea, here's the script:

#!/usr/bin/python

import os
import sys
import pexpect
import getopt

import ConfigFile

def changeUserPw(host, user, cur_pw, new_pw):

        log_file.write('Changing password of user ' + user + ' on host ' +
host + '\n')
        child=pexpect.spawn('slogin ' + user + '@' + host)

        child.expect('[Pp]assword:')
        child.send(cur_pw + '\n')
        child.expect('[#\$] ')
        child.send('passwd\n')
        child.expect('[Cc]urrent.*[pP]assword:')
        child.send(cur_pw + '\n')
        child.expect('[Nn]ew [Pp]assword:')
        child.send(new_pw + '\n')
        child.expect('[Nn]ew [Pp]assword:')
        child.send(new_pw + '\n')
        child.expect('[#\$] ')
        log_file.write('password change successful\n')
        child.send('exit\n');
        child.expect(pexpect.EOF)

def changeRootPw(host, user, cur_pw, cur_root_pw, new_root_pw):

        log_file.write('Changing password of user root on host ' + host +
'\n')
        child=pexpect.spawn('slogin ' + user + '@' + host)

        child.expect('[Pp]assword:')
        child.send(cur_pw + '\n')
        child.expect('[#\$] ')

        child.send('su -\n')
        child.expect('[Pp]assword:')
        child.send(cur_root_pw + '\n')
        child.expect('[#\$] ')

        child.send('passwd\n')
        child.expect('[Nn]ew [Pp]assword:')
        child.send(new_root_pw + '\n')
        child.expect('[Nn]ew [Pp]assword:')
        child.send(new_root_pw + '\n')
        child.expect('[#\$] ')

        log_file.write('password change successful\n')
        child.send('exit\n');           # exit from root shell
        child.expect('[#\$] ')
        child.send('exit\n');           # exit from user shell
        child.expect(pexpect.EOF)

opts, args = getopt.getopt(sys.argv[1:], "c:")
cfg_file_name = None
for o,a in opts:
        if o == '-c':
                cfg_file_name = a

if cfg_file_name == None:
        print 'PwChange.py -c <config file name>'
        sys.exit(0)

cfg_file=ConfigFile.ConfigFile(cfg_file_name, ':')

log_file_name = cfg_file.getVal('log_file')
if log_file_name == None or log_file_name == '':
        log_file = sys.stderr
else:
        log_file = open(log_file_name, 'w');

groups = cfg_file.getVal('groups');
for group in groups.split():
        pw_file_name = cfg_file.getVal(group + '.pw_file')
        if pw_file_name == None:
                print "No " + group + ".pw_file parameter in config file,
exiting"
                sys.exit(0)
        pw_file = open(pw_file_name, 'r');

        default_cur_pw = cfg_file.getVal(group + '.default_cur_pw');
        default_new_pw = cfg_file.getVal(group + '.default_new_pw');
        default_cur_root_pw = cfg_file.getVal(group +
'.default_cur_root_pw');
        default_new_root_pw = cfg_file.getVal(group +
'.default_new_root_pw');

        for ln in pw_file:
                if ln[0] == '#':
                        continue
                if ln.strip() == '' or ln.strip() == None:
                        continue
                fields = ln[0:-1].split(':')
                if len(fields) == 4:
                        if fields[2] == 'default':
                                if default_cur_pw != None:
                                        fields[2] = default_cur_pw
                                else:
                                        print "default specified in password
file, but no default_cur_pw specified in config file, bye!"
                                        sys.exit(0)
                        if fields[3] == 'default':
                                if fields[3] != None:
                                        fields[3] = default_new_pw
                                else:
                                        print "default specified in password
file, but no default_new_pw specified in config file, bye!"
                                        sys.exit(0)
                        changeUserPw(fields[0], fields[1], fields[2],
fields[3])
                elif len(fields) == 5:
                        if fields[2] == 'default':
                                if default_cur_pw != None:
                                        fields[2] = default_cur_pw
                                else:
                                        print "default specified in password
file, but no default_cur_pw specified in config file, bye!"
                                        sys.exit(0)
                        if fields[3] == 'default':
                                if default_cur_root_pw != None:
                                        fields[3] = default_cur_root_pw
                                else:
                                        print "default specified in password
file, but no default_cur_root_pw specified in config file, bye!"
                                        sys.exit(0)
                        if fields[4] == 'default':
                                if default_new_root_pw != None:
                                        fields[4] = default_new_root_pw
                                else:
                                        print "default specified in password
file, but no default_new_root_pw specified in config file, bye!"
                                        sys.exit(0)
                        changeRootPw(fields[0], fields[1], fields[2],
fields[3], fields[4])
        pw_file.close()

What you're trying to do should be considerably shorter.

Thanks,
Larry Barber


On 8/23/07, Larry Barber <lebarber at gmail.com> wrote:
>
> I used Python and pexpect to write a script that changed the passwords on
> all my machines. A script to do what you are asking for should be quite
> straight forward using those tools.
>
> Thanks,
> Larry Barber
>
> On 8/23/07, Dan Simoes <dan.simoes at gmail.com> wrote:
> >
> > I know how to monitor the service availablity on port 22.
> > I'm wondering if anyone has actually made a script that connects, logs
> > in, writes a file (say with scp) and only then returns a green status.
> > We got burned with an ssh keys problem so I have to deploy something
> > like this.
> >
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.xymon.com/pipermail/xymon/attachments/20070823/4dfa422e/attachment.html>


More information about the Xymon mailing list