On 4/23/13 3:34 PM, techno curmudgeon wrote:
> Greets all.
>
> I need a 'basics-202' question answered; it's been a while.
>
> From a cronjob, how do I automatically ssh to a remote box to retrieve
> information that normally requires root equivalence to see?
[...]
>
> All well and good (and probably incomplete, but that's another post).
>
> But...
>
> There are things that apparently require root equivalence to do, such as
> 'netstat -patn' to look at -all- tcp connections.
This can be done, but it *will* be a pain.
Mo'bettah solution (as well as one that reduces the security risk
inherent in automatic root login): just have those commands dump into
known files readable by another user, then pull them on a regular basis.
If you dump them with a time index (seconds since the Epoch), you have
a convenient way to organize them and order them.
Ex:
On host A:
[root's crontab]
*/1 * * * * umask 022; /bin/netstat -patn 2>&1
>/home/dummyuser/stats/netstat-patn.`date +'%s'`
* * * * * find /tmp/stats -type f -mtime +7 -exec rm -f {} \;
On host B:
[can be root's crontab, or somebody else's; doesn't matter]
*/1 * * * * /usr/bin/rsync -aHv dummyuser@host-a:/home/dummyuser/stats/
/log/stats/hosta
This will give you a nice directory full of historical information,
which you can poll constantly (picking up missed transfers
automatically), and most importantly, doesn't require anything except
"dummyuser" on host A to transfer. No root privs. If you give
dummyuser a restricted-mode shell (rbash, rksh), so much the better.
There are probably better solutions. This is the one I, personally,
would pick.
-- "the involution solution" -SD --------- To unsubscribe, send email to <aklug-request@aklug.org> with 'unsubscribe' in the message body.Received on Mon Apr 29 02:25:46 2013
This archive was generated by hypermail 2.1.8 : Mon Apr 29 2013 - 02:25:46 AKDT