Register
It is currently Mon Nov 24, 2014 4:38 pm

take iplist.txt and ssh one by one, do iptables


All times are UTC - 6 hours


Post new topic Reply to topic  [ 5 posts ] 
Author Message
 PostPosted: Thu Dec 10, 2009 3:53 pm   

Joined: Thu Dec 10, 2009 3:48 pm
Posts: 1
hello...

i need a script to save a big time!

it should take a list of ips/hosts for example iplist.txt and a list of usernames.txt passes.txt and do ssh one by one, when logged in do ifconfig eth0 take the ip and put it in iptables rules and run it, then exit to the other host...


Top
 Profile  
 PostPosted: Fri Dec 11, 2009 8:26 am   

Joined: Mon Nov 17, 2008 7:25 am
Posts: 221
Well I'm not very good at iptables, I'm guessing you know how so I'll leave that for you.

If i understand you correctly you have a list of usernames and password that should somehow be related to the host address?
In that case you can build a list looking like this:
Code:
# cat iplist.txt
10.0.0.1:username:pass
10.0.0.2:username:pass
10.0.0.3:username:pass
10.0.0.4:username:pass
10.0.0.5:username:pass


Code:
#!/bin/bash
# This is just to split strings, it's pretty dumb and just splits by 1 character and no real regexp splitting.
function split {
   delim=$1
   len=${2//[^$delim]/}
   len=${#len}
   ((len += 1))
   for ((b=0;$b < $len; b++)); do
      ((pos = b + 1));
      key=$(echo $2|cut -d$delim -f$pos)
      split[$b]=$key
   done
}
# Temporary file.
expfile=/tmp/$$.tmp
list=$1
delimiter=$2
[ -z $delimiter ] && delimiter=":"
x=0
# Run throu the list specified above
for i in $(cat $list); do
   # Everything splitted ends up in an array named $split
   split "$delimiter" $i
   host=${split[0]}
   user=${split[1]}
   pass=${split[2]}
   # Use expect to send password :)
   echo "
       #!/usr/bin/expect
       spawn ssh \$argv ifconfig eth0
       expect \"$user@$host's password:\"
       send \"$pass\\r\"
       interact
   " > $expfile
   result=$(expect $expfile $user@$host | grep -i "inet addr")

   # Chopping out the IP from ifconfig output
   split ":" "$result"
   ip=$(echo "${split[1]}" | cut -d' ' -f1)

   # INSERT CODE FOR IPTABLES HERE!

   ((x++))
done
rm $expfile


This is not fool proof, but afaik SSH does not change it's behaviour when giving you the password prompt.
This also requires Expect software which i believe is standard for most linux distro's :)

If there is a kolon in any of the password you'll have bit of a problem, you'll have to change the delimeter to something which isn't in any of the strings for host, user or password.
In that case you'll have to add the new delimiter as argument 2 on the shellscript.

Usage: ./script.sh <list-of-ip-user-pass.txt> [<delimiter>]

ps. It's semi tested, not sure how it would do with alot of machines but it works when I try it 2 times against my machine :P ds.

Best regards
Fredrik Eriksson


Top
 Profile  
 PostPosted: Fri Dec 11, 2009 9:38 am   

Joined: Mon Mar 02, 2009 3:03 am
Posts: 568
Hi Fredrik,

why not simply
Code:
while IFS=':' read host user pass
do
#...
done < iplist.txt


Top
 Profile  
 PostPosted: Mon Dec 14, 2009 2:37 am   

Joined: Mon Nov 17, 2008 7:25 am
Posts: 221
Just not the way I do it :)
split is a habit that I have from using alot of perl :P

All roads leads to rome, if you have any other suggestions on how to do it then be my guest :)

Best regards
Fredrik Eriksson


Top
 Profile  
 PostPosted: Fri Dec 25, 2009 5:43 am   

Joined: Thu Oct 16, 2008 3:05 pm
Posts: 13
xNinja - The first thing you have to do is setup ssh-keys instead of plan-text password files(much safer). The next thing is you haven't described what you want to do with the ip once you have it (do you want to put the ip at the top or somewhere in the iptables rule(use insert or insert#),bottom(append, not recommended because the last rule should be a deny all policy))

If you follow those rules and modify this script to fit your needs you could have it done in 1 - 3 lines 8-} !

if you set the file ip.list like:
10.0.0.1
10.0.2.1
10.2.3.5

Then you could run:
for i in $(cat ip.list | awk -F : '{print $1}');do ssh $i 'echo;echo $HOSTNAME;df -h'; done

and get some results that could put you on the right path.

Good Luck!!!


Top
 Profile  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 5 posts ] 

All times are UTC - 6 hours


Who is online

Users browsing this forum: Exabot [Bot] and 6 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Jump to:  
cron


BashScripts | Promote Your Page Too
Powered by phpBB © 2011 phpBB Group
© 2003 - 2011 USA LINUX USERS GROUP