[hobbit] monitoring ssh
Larry Barber
lebarber at gmail.com
Thu Aug 23 20:21:04 CEST 2007
Just to give you an idea, here's the script:
#!/usr/bin/python
import os
import sys
import pexpect
import getopt
import ConfigFile
def changeUserPw(host, user, cur_pw, new_pw):
log_file.write('Changing password of user ' + user + ' on host ' +
host + '\n')
child=pexpect.spawn('slogin ' + user + '@' + host)
child.expect('[Pp]assword:')
child.send(cur_pw + '\n')
child.expect('[#\$] ')
child.send('passwd\n')
child.expect('[Cc]urrent.*[pP]assword:')
child.send(cur_pw + '\n')
child.expect('[Nn]ew [Pp]assword:')
child.send(new_pw + '\n')
child.expect('[Nn]ew [Pp]assword:')
child.send(new_pw + '\n')
child.expect('[#\$] ')
log_file.write('password change successful\n')
child.send('exit\n');
child.expect(pexpect.EOF)
def changeRootPw(host, user, cur_pw, cur_root_pw, new_root_pw):
log_file.write('Changing password of user root on host ' + host +
'\n')
child=pexpect.spawn('slogin ' + user + '@' + host)
child.expect('[Pp]assword:')
child.send(cur_pw + '\n')
child.expect('[#\$] ')
child.send('su -\n')
child.expect('[Pp]assword:')
child.send(cur_root_pw + '\n')
child.expect('[#\$] ')
child.send('passwd\n')
child.expect('[Nn]ew [Pp]assword:')
child.send(new_root_pw + '\n')
child.expect('[Nn]ew [Pp]assword:')
child.send(new_root_pw + '\n')
child.expect('[#\$] ')
log_file.write('password change successful\n')
child.send('exit\n'); # exit from root shell
child.expect('[#\$] ')
child.send('exit\n'); # exit from user shell
child.expect(pexpect.EOF)
opts, args = getopt.getopt(sys.argv[1:], "c:")
cfg_file_name = None
for o,a in opts:
if o == '-c':
cfg_file_name = a
if cfg_file_name == None:
print 'PwChange.py -c <config file name>'
sys.exit(0)
cfg_file=ConfigFile.ConfigFile(cfg_file_name, ':')
log_file_name = cfg_file.getVal('log_file')
if log_file_name == None or log_file_name == '':
log_file = sys.stderr
else:
log_file = open(log_file_name, 'w');
groups = cfg_file.getVal('groups');
for group in groups.split():
pw_file_name = cfg_file.getVal(group + '.pw_file')
if pw_file_name == None:
print "No " + group + ".pw_file parameter in config file,
exiting"
sys.exit(0)
pw_file = open(pw_file_name, 'r');
default_cur_pw = cfg_file.getVal(group + '.default_cur_pw');
default_new_pw = cfg_file.getVal(group + '.default_new_pw');
default_cur_root_pw = cfg_file.getVal(group +
'.default_cur_root_pw');
default_new_root_pw = cfg_file.getVal(group +
'.default_new_root_pw');
for ln in pw_file:
if ln[0] == '#':
continue
if ln.strip() == '' or ln.strip() == None:
continue
fields = ln[0:-1].split(':')
if len(fields) == 4:
if fields[2] == 'default':
if default_cur_pw != None:
fields[2] = default_cur_pw
else:
print "default specified in password
file, but no default_cur_pw specified in config file, bye!"
sys.exit(0)
if fields[3] == 'default':
if fields[3] != None:
fields[3] = default_new_pw
else:
print "default specified in password
file, but no default_new_pw specified in config file, bye!"
sys.exit(0)
changeUserPw(fields[0], fields[1], fields[2],
fields[3])
elif len(fields) == 5:
if fields[2] == 'default':
if default_cur_pw != None:
fields[2] = default_cur_pw
else:
print "default specified in password
file, but no default_cur_pw specified in config file, bye!"
sys.exit(0)
if fields[3] == 'default':
if default_cur_root_pw != None:
fields[3] = default_cur_root_pw
else:
print "default specified in password
file, but no default_cur_root_pw specified in config file, bye!"
sys.exit(0)
if fields[4] == 'default':
if default_new_root_pw != None:
fields[4] = default_new_root_pw
else:
print "default specified in password
file, but no default_new_root_pw specified in config file, bye!"
sys.exit(0)
changeRootPw(fields[0], fields[1], fields[2],
fields[3], fields[4])
pw_file.close()
What you're trying to do should be considerably shorter.
Thanks,
Larry Barber
On 8/23/07, Larry Barber <lebarber at gmail.com> wrote:
>
> I used Python and pexpect to write a script that changed the passwords on
> all my machines. A script to do what you are asking for should be quite
> straight forward using those tools.
>
> Thanks,
> Larry Barber
>
> On 8/23/07, Dan Simoes <dan.simoes at gmail.com> wrote:
> >
> > I know how to monitor the service availablity on port 22.
> > I'm wondering if anyone has actually made a script that connects, logs
> > in, writes a file (say with scp) and only then returns a green status.
> > We got burned with an ssh keys problem so I have to deploy something
> > like this.
> >
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.xymon.com/pipermail/xymon/attachments/20070823/4dfa422e/attachment.html>
More information about the Xymon
mailing list