Interactive Bash Script - bash

I have an interactive bash script which first asks for user name and THEN ask for password and then confirm password again. (It creates users in our ERP system NOT in Ubuntu)
I have an CSV of 1000+ users and randomly generated passwords so I have to create all these users. I want to write a script which picks users from the CSV and then when asked for password it passes passwords from the CSV to create users. Following is what I have done but it didn't work as intended:
while IFS=,
read -a csv_line; do
createusr ${csv_line[0]}:${csv_line[1]}:${csv_line[1]};done < Desktop/Passwoerter.csv
It gives error that password do not match!
The actual script for individual user work like:
~$ createuser xyz <press Enter>
password for xyz: whatever <press enter>
confirm password for xyz whatever <enter again>
~$
Its NOT:
~$ createuser xyz whatever whatever <press enter>
~$
It works fine if I add one by one but there are 1000+ so I was trying using a small script over CSV.

First Option: Use newusers: Its a part of passwd package.
DESCRIPTION
The newusers command reads a file (or the standard input by default)
and uses this information to update a set of existing users or to
create new users. Each line is in the same format as the standard
password file.
Input file formatting:
username:passwd:UID:GID:full name,room number,work phone,home phone,other:directory:shell
As you can see, the password is provided in the file.
Downside, You need to convert your csv to txt with provided format.
newusers < file.txt
Second Option: you can use useradd with -p switch.
useradd -m -p $(mkpasswd "password") username
-m Create the user's home directory if it does not exist.
-p The encrypted password, as returned by crypt(3).

I find out what I needed, my script looks like:
while IFS=# read -a csv_line
do
printf "%s\n%s\n" ${csv_line[1]} ${csv_line[1]} | createuser ${csv_line[0]}
done
and executed like:
./insertalluser < Desktop/Passwoerter.csv

Related

Encrypt/decrypt password and use it by ksh script

I work on a RedHat linux server with an applicative user (no root).
I have a ksh script that make some sqlplus connections on different DBs by this command:
sqlplus -s myuser/password#DBNAME.
This connections need passwords, each one different from the others.
I would like to encrypt these passwords and store them inside a file.
Then, each time i run my script it has to read a specific encrypted password, decryp it and finally pass it to sqlplus command.
About taking a specific passwd I suppose I can insert a label at the beginning of line but my question is how to encrypt this passwords with openSSL (I can't install any tool on the machine) and if it is a secure method to avoid plain text password sending. Thanks in advance.
Something like :
Credential file
#!/bin/ksh
#######################################################
#
# Source for UID/Password. MUST be with access 600
#
# .credential.sh
#
# Usage : . .credential.sh
#
######################################################
#Declaring associative array
typeset -A Password
# Setting the values
Password[USER1]="Passwd1"
Password[USER2]="Passwd2"
And in your script :
#!/bin/ksh
#sourcing the credential files
. /foo/bar/.credential.sh
#............... Some code
myuser=USER1 # Or whatever means to set the user variable
#............... Some code
sqlplus -s $myuser/${Password[$myuser]}#DBNAME
#............... Some code

securely passing password through bash

I am building a bash script for my work to make initial setup and windows-domain join for our Ubuntu machines easy enough for someone who knows nothing about Linux can do it. I have found a lot of people that say that you shouldn't pass passwords through a script but to be efficient, I have to. The script prompts for info and credentials in the beginning and it needs to be able to be left to do it's job without interaction. I can't have it visible through ps when I pass it and I can't have it stored as an unsecured variable. Any suggestions?
If you really must do this, you can read the credentials into variables with read -s early in the script and then pass those values to the prompts. For example:
read -p "Enter your username: " username
read -sp "Enter your password: " password
echo
I included the blank echo because the -s option for read prevents the user's typing from appearing in the terminal, including the new line usually created after a user presses Enter when answering a prompt.
You can then use the $username and $password variables for the rest of your script and the credentials will not have to be stored outside of memory, meaning they will be lost/destroyed after the script completes.
However, note that any programs or utilities which take the credentials as command-line arguments will display those to other users on the machine running the script. For example, if I were to run a MySQL query using this method, I could do:
mysql -u "${username}" -p"${password}" -e "SHOW DATABASES;"
Other users on the machine could see the credentials while that was running with something like ps:
ps -ef | grep mysql
...
watrudoin 29512 29443 0 12:57 pts/4 00:00:00 mysql -u MyUserName -phunter2 -e SHOW DATABASES
You just need to be aware that what you are doing is not necessarily secure, but it seems that you already are.

Shell script with mysqldump

I wrote a shell script to automate mysqldump.
I don't want my password to be entered in the script file. Can anyone suggest me an alternative way to do this?
If you are running the script interactively, then you can use read to read the password into an environmental variable, and then echo that password to mysqldump.
read -s -p 'password: ' password
echo "$password" | mysqldump ...
The password will be stored in plain text in memory but not elsewhere.
Alternatively as per the documentation you can use an option file to avoid giving the password on the command line. The file would contain something similar to the below:
[client]
# The following password will be sent to all standard MySQL clients
password="my_password"

Uploading the content of a variable as a file into FTP server using Bash

Using Bash scripting, I'm trying to upload the content of variable into an FTP server.
The variable is $HASHED and it contains some hashed password
echo $HASHED
The output of the above command is: M0eSl8NR40wH
I need to do the following:
Create a time/date stamped file in the FTP server (i.e. PASSWORD_18_02_2014)
The file needs to have the same content of the $HASHED value (i.e. the PASSWORD_18_02_2014 needs to have M0eSl8NR40wH inside it).
Trying Curl, I couldn't get it working using the following:
UPLOAD="curl -T $HASHED ftp://192.168.0.1/passwords/ --user username:password"
$UPLOAD
Your help is very much appreciated.
Something like this might help you (tested on Linux Mint 13):
#!/bin/bash
FILENAME=PASSWORD_`date +%d_%m_%Y`
echo $HASHED >$FILENAME
ftp -n your_ftp_site <<EOF
user your_user_name_on_the_ftp_server
put $FILENAME
EOF
rm $FILENAME
A few caveats:
You have to export HASHED, e.g. when you set it, set it like this: export HASHED=M0eSl8NR40wH
The above assumes you will be running this from a terminal and can type in your password when prompted
You may have to add some cd commands after the line that starts "user" and before the line that starts "put", depending on where you want to put the file on your ftp server
Don't forget to make the script executable:
chmod u+x your_command_script_name
You can code the password after the user name on the line that starts "user", but this leaves a big risk that someone can discover your password on the ftp server. At the very least, make the bash command script readable only by you:
chmod 700 your_command_script_name
Please try this:
HASHED="M0eSl8NR40wH"
echo "$HASHED" | curl --silent --show-error --upload-file \
-ftp://192.168.0.1/passwords/$(date +PASSWORD_%d_%m_%Y) --user username:password
Where:
--silent : prevents the progress bar
--show-error : shows errors if any
--upload-file - : get file from stdin
The target name is indicated as part of the URL

ruby script to enter prompt command from a system command

I'm trying to write a simple script to mysqldump some dbs. I'm getting stuck on the password prompt though.
I'd like to just have a config file that contains all the db creds, then the script can use those to connect to the db.
Problem is a command such as:
system('mysqldump -u username -p')
then prompts for
Enter password:
even when I do something like:
system('mysqldump -u username -p some_password')
I still get prompted for the password...
I don't do a whole lot of scripting in Ruby so I'm at a loss as to how my script can automatically enter this info so the user running the script doesn't have to.
If you already know the password why aren't you passing it to the command?
system('mysqldump -u username --password=mypassword')
you need to delete space after -p
system('mysqldump -uusername -psome_password')
or without password just
system('mysqldump -uusername')
or
system('mysqldump -uusername --password=')
you could always check the application that uses the database for the password, check the config file file for the connection string. Failing that change the password in the database.

Resources