I’m developping a script to search for patterns within scripts executed from CRON on a bunch of remote servers through SSH.
Script on client machine -- SSH --> Remote Servers CRON/Scripts
For now I can’t get the correct output.
Script on client machine
#!/bin/bash server_list=( '172.x.x.x' '172.x.x.y' '172.x.x.z' ) for s in ${server_list[@]}; do ssh -i /home/user/.ssh/my_key.rsa user@${s} crontab -l | grep -v '^#|^[[:space:]]*$' | cut -d ' ' -f 6- | awk '{print $1}' | grep -v '^$|^echo|^find|^PATH|^/usr/bin|^/bin/' | xargs -0 grep -in 'server.tld|10.x.x.x' done
This only gives me the paths of scripts from crontab, not the matched lines and line number plus the first line is prefixed with “grep:” keyword (example below):
grep: /opt/directory/script1.sh /opt/directory/script2.sh /opt/directory/script3.sh /opt/directory/script4.sh
How to get proper output, meaning the script path plus line number plus line of matching pattern?
Remote CRON examples
OO 6 * * * /opt/directory/script1.sh foo 30 6 * * * /opt/directory/script2.sh bar
Remote script content examples
1 ) This will match grep pattern
#!/bin/bash ping -c 4 server.tld && echo "server.tld ($1)"
2 ) This won’t match grep pattern
#!/bin/bash ping -c 4 8.x.x.x && echo "8.x.x.x ($1)"
Advertisement
Answer
Without example input, it’s really hard to see what your script is attempting to do. But the cron
parsing could almost certainly be simplified tremendously by refactoring all of it into a single Awk script. Here is a quick stab, with obviously no way to test.
#!/bin/sh # No longer using an array for no good reason, so /bin/sh will work for s in 172.x.x.x 172.x.x.y 172.x.x.z; do ssh -i /home/user/.ssh/my_key.rsa "user@${s}" crontab -l | awk '! /^#|^[[:space:]]*$/ && $6 !~ /^$|^(echo|find|PATH|/usr/bin|/bin/)/ { print $6 }' | # no -0; use grep -E and properly quote literal dot xargs grep -Ein 'server.tld|10.x.x.x' done
Your command would not output null-delimited data to xargs
so probably the immediate problem was that xargs -0
would receive all the file names as a single file name which obviously does not exist, and you forgot to include the “: file not found” from the end of the error message.
The use of grep -E
is a minor hack to enable a more modern regex syntax which is more similar to that in Awk, where you don’t have to backslash the “or” pipe etc.
This script, like your original, runs grep
on the local system where you run the SSH script. If you want to run the commands on the remote server, you will need to refactor to put the entire pipeline in single quotes or a here document:
for s in 172.x.x.x 172.x.x.y 172.x.x.z; do ssh -i /home/user/.ssh/my_key.rsa "user@${s}" <<________HERE crontab -l | awk '! /^#|^[[:space:]]*$/ && $6 !~ /^$|^(echo|find|PATH|/usr/bin|/bin/)/ { print $6 }' | xargs grep -Ein 'server.tld|10.x.x.x' ________HERE done
The refactored script contains enough complexities in the quoting that you probably don’t want to pass it as an argument to ssh
, which requires you to figure out how to quote strings both locally and remotely. It’s easier then to pass it as standard input, which obviously just gets transmitted verbatim.
If you get “Pseudo-terminal will not be allocated because stdin is not a terminal.”, try using ssh -t
. Sometimes you need to add multiple -t
options to completely get rid of this message.