Skip to content
Advertisement

How to grep text patterns from remote crontabs using xargs through SSH?

I’m developping a script to search for patterns within scripts executed from CRON on a bunch of remote servers through SSH.

Script on client machine -- SSH --> Remote Servers CRON/Scripts

For now I can’t get the correct output.

Script on client machine

#!/bin/bash
server_list=( '172.x.x.x' '172.x.x.y' '172.x.x.z' )
for s in ${server_list[@]}; do
    ssh -i /home/user/.ssh/my_key.rsa user@${s} crontab -l | grep -v '^#|^[[:space:]]*$' | cut -d ' ' -f 6- | awk '{print $1}' | grep -v '^$|^echo|^find|^PATH|^/usr/bin|^/bin/' | xargs -0 grep -in 'server.tld|10.x.x.x'
done

This only gives me the paths of scripts from crontab, not the matched lines and line number plus the first line is prefixed with “grep:” keyword (example below):

grep: /opt/directory/script1.sh
/opt/directory/script2.sh
/opt/directory/script3.sh
/opt/directory/script4.sh

How to get proper output, meaning the script path plus line number plus line of matching pattern?

Remote CRON examples

OO 6 * * * /opt/directory/script1.sh foo 
30 6 * * * /opt/directory/script2.sh bar

Remote script content examples

1 ) This will match grep pattern

#!/bin/bash
ping -c 4 server.tld && echo "server.tld ($1)"

2 ) This won’t match grep pattern

#!/bin/bash
ping -c 4 8.x.x.x && echo "8.x.x.x ($1)"

Advertisement

Answer

Without example input, it’s really hard to see what your script is attempting to do. But the cron parsing could almost certainly be simplified tremendously by refactoring all of it into a single Awk script. Here is a quick stab, with obviously no way to test.

#!/bin/sh
# No longer using an array for no good reason, so /bin/sh will work
for s in 172.x.x.x 172.x.x.y 172.x.x.z; do
    ssh -i /home/user/.ssh/my_key.rsa "user@${s}" crontab -l |
    awk '! /^#|^[[:space:]]*$/ && $6 !~ /^$|^(echo|find|PATH|/usr/bin|/bin/)/ { print $6 }' |
    # no -0; use grep -E and properly quote literal dot
    xargs grep -Ein 'server.tld|10.x.x.x'
done

Your command would not output null-delimited data to xargs so probably the immediate problem was that xargs -0 would receive all the file names as a single file name which obviously does not exist, and you forgot to include the “: file not found” from the end of the error message.

The use of grep -E is a minor hack to enable a more modern regex syntax which is more similar to that in Awk, where you don’t have to backslash the “or” pipe etc.

This script, like your original, runs grep on the local system where you run the SSH script. If you want to run the commands on the remote server, you will need to refactor to put the entire pipeline in single quotes or a here document:

for s in 172.x.x.x 172.x.x.y 172.x.x.z; do
    ssh -i /home/user/.ssh/my_key.rsa "user@${s}" <<________HERE
        crontab -l |
        awk '! /^#|^[[:space:]]*$/ && $6 !~ /^$|^(echo|find|PATH|/usr/bin|/bin/)/ { print $6 }' |
        xargs grep -Ein 'server.tld|10.x.x.x'
________HERE
done

The refactored script contains enough complexities in the quoting that you probably don’t want to pass it as an argument to ssh, which requires you to figure out how to quote strings both locally and remotely. It’s easier then to pass it as standard input, which obviously just gets transmitted verbatim.

If you get “Pseudo-terminal will not be allocated because stdin is not a terminal.”, try using ssh -t. Sometimes you need to add multiple -t options to completely get rid of this message.

User contributions licensed under: CC BY-SA
10 People found this is helpful
Advertisement