What is the best way to automatically sign/certify keys?
What i came up with is:
gpg --yes --no-tty --sign-key "mail#example.com"
but --yes is some how ignored and with --no-tty it just fails.
echo "y" | gpg --sign-key "mail#example.com"
does not work either.
Take it as it is, but I come up with this bash script, it uses gpg2 but you can easily change the var GPG. I assume it would be working with gpg but I have not tried.
#!/bin/bash
# /usr/local/bin/gpgsign.sh
#
# Signs the input key ID, using the keyring found in the local .gnupg folder.
#
# Usage:
# gpgsign.sh *key_id*
do_usage() {
echo -n
echo "Usage:"
echo "gpgsign.sh *key_id*"
exit 1
}
do_fail() {
echo -ne "\nFailed!\n"
exit 1
}
do_cancel() {
echo -ne "\nCanceled!\n"
exit 0
}
[ 1 -ne $# ] && do_usage
GPG="/usr/bin/gpg2"
GPG_FOLDER=.gnupg
KEY_ID=$1
COMMON_OPTS="--no-default-keyring --homedir .gnupg"
SECRET_KEY_ID=$($GPG $COMMON_OPTS --list-secret-keys | grep sec | awk '{ print $2 }' | awk -F/ '{ print $2 }' | xargs)
KEY_ID_SIGNED_FILE="$KEY_ID.signed-by.$SECRET_KEY_ID.asc"
echo -n Showing the current keyring...
$GPG $COMMON_OPTS -K
# From
# http://stackoverflow.com/questions/226703/how-do-i-prompt-for-input-in-a-linux-shell-script/27875395#27875395
echo -n "It is necessary to retrieve key $KEY_ID, proceed (y/n)? "
stty raw -echo ; answer=$(head -c 1) ; stty sane
if echo "$answer" | grep -iq "^y" ;then
echo "Downloading..."
else
do_cancel
fi
$GPG $COMMON_OPTS --recv-keys $KEY_ID
[ 0 -ne $? ] && do_fail
echo -ne "\nSign $KEY_ID (y/n)? "
stty raw -echo ; answer=$(head -c 1) ; stty sane
if echo "$answer" | grep -iq "^y" ;then
echo -ne "\n"
else
do_cancel
fi
$GPG $COMMON_OPTS --sign-key $KEY_ID
[ 0 -ne $? ] && do_fail
$GPG $COMMON_OPTS --list-sigs $KEY_ID
WAS_SIGNED=$($GPG $COMMON_OPTS --list-sigs $KEY_ID | grep $SECRET_KEY_ID | awk '{ print $1 }' | uniq)
if echo "$WAS_SIGNED" | grep -iq "sig" ;then
echo -n "Key $KEY_ID is currently signed, upload to keyserver (y/n)? "
stty raw -echo ; answer=$(head -c 1) ; stty sane
if echo "$answer" | grep -iq "^y" ;then
echo -ne "\nUploading...\n"
$GPG $COMMON_OPTS --send-keys $KEY_ID
else
echo -ne "\nNOTE: key $KEY_ID has been signed, during this o previous sessions by the local
.gnupg identity. A file has been created in the current folder containing the new signed key,
$KEY_ID_SIGNED_FILE, ready to be sent either to a key server or the key owner."
$GPG $COMMON_OPTS --armor --export $KEY_ID > $KEY_ID_SIGNED_FILE
fi
else
do_cancel
fi
echo -ne "\nDone!\n"
Related
I've overlooked my program for any mistakes and can't find any. Usually when I run into a mistake with BASH the interpreter is off on where the mistake is. I'm trying to customize this script from SANS InfoSec Using Linux Scripts to Monitor Security. Everything is fine until the part where the check function looks at the different protocols. When I uncomment them I get the error: ./report: line 41: [: too many arguments. Here is the program...
#!/bin/bash
if [ "$(id -u)" != "0" ]; then
echo "Must be root to run this script!"
exit 1
fi
##### CONSTANTS -
report=/home/chron/Desktop/report.log
#router=/home/chron/Desktop/router.log
red=`tput bold;tput setaf 1`
yellow=`tput bold;tput setaf 3`
green=`tput bold;tput setaf 2`
blue=`tput bold;tput setaf 4`
magenta=`tput bold;tput setaf 5`
cyan=`tput bold;tput setaf 6`
white=`tput sgr0`
##### FUNCTIONS -
pingtest() {
ping=`ping -c 3 localhost | tail -2`
loss=`echo $ping | cut -d"," -f3 | cut -d" " -f2`
delay=`echo $ping | cut -d"=" -f2 | cut -d"." -f1`
if [ "$loss" = "100%" ]; then
echo -n $red$1$white is not responding at all | mail -s'REPORT' localhost
echo 'You have mail in /var/mail!'
echo `date` $1 is not responding at all >> $report
elif [ "$loss" != "0%" ]; then
echo $yellow$1$white is responding with some packet loss
else
if [ "$delay" -lt 100 ]; then
echo $green$1$white is responding normally
else
echo $yellow$1$white is responding slow
fi
fi
}
check() {
if [ "$2" != "" -a "$2" $3 ] ; then
echo -n $green$1$white' '
else
echo -n $red$1$white' '
echo `date` $1 was not $3 >> $report
fi
}
##### __MAIN__ -
pingtest localhost # hostname or ip
echo "Server Configuration:"
check hostname `hostname -s` '= localhost'
check domain `hostname -d` '= domain.com'
check ipaddress `hostname -I | cut -d" " -f1` '= 10.10.0.6'
check gateway `netstat -nr | grep ^0.0.0.0 | cut -c17-27` '= 10.10.0.1'
echo
echo "Integrity of Files:"
check hostsfile `md5sum /etc/hosts | grep 7c5c6678160fc706533dc46b95f06675 | wc -l` '= 1'
check passwd `md5sum /etc/passwd | grep adf5a9f5a9a70759aef4332cf2382944 | wc -l` '= 1'
#/etc/inetd.conf is missing...
echo
#echo "Integrity of Website:"
#check www/index.html `lynx -reload -dump http://<LOCALIP> 2>&1 | md5sum | cut -d" " -f1 '=<MD5SUM>'
#echo
echo "Incoming attempts:"
#lynx -auth user:password -dump http://10.10.0.1 >> $router 2>&1
check telnet `grep \ 23$ $PWD/router.log | wc -l` '= 0'
check ftp `grep \ 21$ $PWD/router.log | wc -l` '= 0'
check ssh `grep \ 22$ $PWD/router.log | wc -l` '=0'
check smtp `grep \ 25$ $PWD/router.log | wc -l` '=0'
check dns `grep \ 53$ $PWD/router.log | wc -l` '=0'
echo
Some of the lines are commented out for later tweaking. Right now my problem is with the protocols. Not sure what's wrong because it looks like to me there are 3 arguments for the function.
In your last three calls to check, you are missing the required space between the operator and the operand.
check ssh `grep \ 22$ $PWD/router.log | wc -l` '=0'
check smtp `grep \ 25$ $PWD/router.log | wc -l` '=0'
check dns `grep \ 53$ $PWD/router.log | wc -l` '=0'
The final argument to all of these should be '= 0'.
However, this is not a good way to structure your code. If you really need to parameterize the comparison fully (all your calls use = as the operation), pass the operator as a separate argument. Further, written correctly, there is no need to pre-check that $2 is a non-empty string.
check() {
if [ "$2" "$3" "$4" ] ; then
printf '%s%s%s ' "$green" "$1" "$white"
else
printf '%s%s%s ' "$red" "$1" "$white"
printf '%s %s was not %s\n' "$(date)" "$1" "$3" >> "$report"
fi
}
Then your calls to check should look like
check hostname "$(hostname -s)" = localhost
check domain "$(hostname -d)" = domain.com
check ipaddress "$(hostname -I | cut -d" " -f1)" = 10.10.0.6
check gateway "$(netstat -nr | grep ^0.0.0.0 | cut -c17-27)" = 10.10.0.1
etc
Run your code through http://shellcheck.net; there are a lot of things you can correct.
Here is my other problem. I changed it up a bit just to see what's going on.
router=/home/chron/Desktop/router.log
check() {
if [ "$2" "$3" "$4" ]; then
printf "%s%s%s" "$green" "$1" "$white"
else
printf "%s%s%s" "$red" "$1" "$white"
printf "%s %s was not %s\n" "$(date)" "$1" $3" >> report.log
fi
check gateway "$(route | grep 10.10.0.1 | cut -c17-27)" = 10.10.0.1
check telnet "$(grep -c \ 23$ $router)" = 0
check ftp "$(grep -c \ 21$ $router)" = 0
check ssh "$(grep -c \ 22$ $router)" = 0
check smtp "$(grep -c \ 25$ $router)" = 0
check dns "$(grep -c \ 53$ $router)" = 0
I have found a nice solution to check if an audio cd is present. It works with a While loop which I like to end after the audio rip is done and the disc is ejected.
while true; do
sleep 10
cdparanoia -Q 2>&1 | grep 'audio only'
RET=$?
if [ $RET = "0" ] ; then
abcde -c ~/Music/abcde.conf -o flac,mp3,ogg -p -x
fi
done
I believe I found a solution to my wishes, hereby my code
#!/bin/bash
echo "voer componist in"
read componist
echo ingevoerde "$componist"
echo "voer het aantal CD's in"
read aantaldiscs
echo aantal discs $aantaldiscs
mkdir ~/Music/"$componist"
for a in $(seq -f %02g 01 $aantaldiscs);
do
mkdir ~/Music/"$componist"/$a
echo "OUTPUTDIR='~/Music/"$componist"/$a'" > ~/Music/abcde.conf
echo "OUTPUTFORMAT='\${TRACKNUM}.\${TRACKFILE}'" >> ~/Music/abcde.conf
echo "LAMEOPTS='-V 0'" >> ~/Music/abcde.conf
echo "FLACOPTS='-f --verify --best'" >> ~/Music/abcde.conf
echo "OGGENCOPTS='-q 8'" >> ~/Music/abcde.conf
echo "MAXPROCS=2" >> ~/Music/abcde.conf
echo "mungefilename ()" >> ~/Music/abcde.conf
echo "{" >> ~/Music/abcde.conf
echo "echo "$#" | sed s,:,\ -,g | tr / _ | tr -d \’\"\?\[:cntrl:\]" >> ~/Music/abcde.conf
echo "}" >> ~/Music/abcde.conf
while true; do
sleep 10
cdparanoia -Q 2>&1 | grep 'audio only'
RET=$?
if [ $RET = "0" ] ; then
abcde -c ~/Music/abcde.conf -o flac,mp3,ogg -p -x
break
fi
done
done
filein="users.csv"
IFS=$'\n'
if [ ! -f "$filein" ]
then
echo "Cannot find file $filein"
else
#...
groups=(`cut -d: -f 6 "$filein" | sed 's/ //'`)
fullnames=(`cut -d: -f 1 "$filein"`)
userid=(`cut -d: -f 2 "$filein"`)
usernames=(`cut -d: -f 1 "$filein" | tr [A-Z] [a-z] | awk '{print substr($1,1,1) $2}'`)
#...
for group in ${groups[*]}
do
grep -q "^$group" /etc/group ; let x=$?
if [ $x -eq 1 ]
then
groupadd "$group"
fi
done
#...
x=0
created=0
for user in ${usernames[*]}
do
useradd -n -c ${fullnames[$x]} -g "${groups[$x]}" $user 2> /dev/null
if [ $? -eq 0 ]
then
let created=$created+1
fi
#...
echo "${userid[$x]}" | passwd --stdin "$user" > /dev/null
#...
echo "Welcome! Your account has been created. Your username is $user and temporary
password is \"$password\" without the quotes." | mail -s "New Account for $user" -b root $user
x=$x+1
echo -n "..."
sleep .25
done
sleep .25
echo " "
echo "Complete. $created accounts have been created."
fi
I'm guessing the problem is that you're trying to capture command output in arrays without actually using command substitution. You want something like this:
groups=( $( cut... ) )
Note the extra set of parentheses with $ in front of the inner set.
I've done the following script
HOSTS="ns1.server.com ns2.server.com"
SUBJECT="Host Down"
for myHost in $HOSTS
do
count=$(ping -c 10 $myHost | grep 'received' | awk -F',' '{ print $2 }' | awk '{
print $1 }')
if [ $count -eq 0 ]; then
echo "Host : $myHost is down (ping failed) at $(date)" | sendEmail -f email (email address removed) -u "$SUBJECT" etc etc
fi
done
Run via cron every 5 minutes however when a host is down I will receive and email every 5 minutes reflecting this. What i'd like is to add the function so that it only emails me when the status has changed. ie if it's down I don't want it to send any further updates until it's up.
I think something like this can help:
#!/bin/bash
HOSTS="ns1.server.com ns2.server.com"
HOSTS="123.123.1.1 ns1.server.com"
SUBJECT="Host Down"
ping_attempts=1
down_hosts=down_hosts.txt
for myHost in $HOSTS
do
count=$(ping -c $ping_attempts $myHost | awk -F, '/received/{print $2*1}')
echo $count
if [ $count -eq 0 ]; then
echo "$myHost is down"
if [ $(grep -c "$myHost" "$down_hosts") -eq 0 ]; then
echo "Host : $myHost is down (ping failed) at $(date)"
echo "$myHost" >> $down_hosts
fi
else
echo "$myHost is alive"
if [ $(grep -c "$myHost" "$down_hosts") -eq 1 ]; then
echo "Host : $myHost is up (ping ok) at $(date)"
sed -i "/$myHost/d" "$down_hosts"
fi
fi
done
There is a good point in the comments that you might want to use an infinite loop. But as you have asked for something different, here you go:
HOSTS="ns1.server.com ns2.server.com"
SUBJECT="Host Down"
PATH_STATUS='/yourfolder/hoststatus_' # For example can be located in /tmp.
for myHost in $HOSTS; do
count=$(ping -c 10 "$myHost" | grep 'received' | awk -F',' '{ print $2 }' | awk '{ print $1 }')
[[ -f "$PATH_STATUS$myHost"]] && prevStatus=$(cat "$PATH_STATUS$myHost") || prevStatus='unknown'
[[ $count == 0 ]] && curStatus='down' || curStatus='up'
if [[ $curStatus != $prevStatus ]]; then
echo "$curStatus" > "$PATH_STATUS$myHost"
echo "Host : $myHost is $curStatus at $(date)" | sendEmail
fi
done
I'm trying to learn some scripting however I can't find solution for one functionality.
Basically I would like to ask to evaluate my script as it's probably possible to reduce the complexity and number of lines.
The purpose of this script is to download random, encrypted MySQL backups from Amazon S3, restore the dump and run some random MySQL queries.
I'm not sure how to email the output from printf statements - one is for headers and second one for actual data. I've tried to format the output so it looks like below but I had to exclude the headers from the loop:
Database: Table: Entries:
database1 random_table 0
database2 random_table 0
database3 random_table 0
database4 random_table 0
I would like to include this output in the email and also change the email subject based on the success/failure of the script.
I probably use to much if loops and MySQL queries are probably to complicated.
Script:
#!/usr/bin/env bash
# DB Details:
db_user="user"
db_pass="password"
db_host="localhost"
# Date
date_stamp=$(date +%d%m%Y)
# Initial Setup
data_dir="/tmp/backup"
# Checks
if [ ! -e /usr/bin/s3cmd ]; then
echo "Required package (http://s3tools.org/s3cmd)"
exit 2
fi
if [ -e /usr/bin/gpg ]; then
gpg_key=$(gpg -K | tr -d "{<,>}" | awk '/an#example.com/ { print $4 }')
if [ "$gpg_key" != "an#example.com" ]; then
echo "No GPG key"
exit 2
fi
else
echo "No GPG package"
exit 2
fi
if [ -d $data_dir ]; then
rm -rf $data_dir/* && chmod 700 $data_dir
else
mkdir $data_dir && chmod 700 $data_dir
fi
# S3 buckets
bucket_1=s3://test/
# Download backup
for backup in $(s3cmd ls s3://test/ | awk '{ print $2 }')
do
latest=$(s3cmd ls $backup | awk '{ print $2 }' | sed -n '$p')
random=$(s3cmd ls $latest | shuf | awk '{ print $4 }' | sed -n '1p')
s3cmd get $random $data_dir >/dev/null 2>&1
done
# Decrypting Files
for file in $(ls -A $data_dir)
do
filename=$(echo $file | sed 's/\.e//')
gpg --out $data_dir/$filename --decrypt $data_dir/$file >/dev/null 2>&1 && rm -f $data_dir/$file
if [ $? -eq 0 ]; then
# Decompressing Files
bzip2 -d $data_dir/$filename
if [ $? -ne 0 ]; then
echo "Decompression Failed!"
fi
else
echo "Decryption Failed!"
exit 2
fi
done
# MySQL Restore
printf "%-40s%-30s%-30s\n\n" Database: Table: Entries:
for dump in $(ls -A $data_dir)
do
mysql -h $db_host -u $db_user -p$db_pass < $data_dir/$dump
if [ $? -eq 0 ]; then
# Random DBs query
db=$(echo $dump | sed 's/\.sql//')
random_table=$(mysql -h $db_host -u $db_user -p$db_pass $db -e "SHOW TABLES" | grep -v 'Tables' | shuf | sed -n '1p')
db_entries=$(mysql -h $db_host -u $db_user -p$db_pass $db -e "SELECT * FROM $random_table" | grep -v 'id' | wc -l)
printf "%-40s%-30s%-30s\n" $db $random_table $db_entries
mysql -h $db_host -u $db_user -p$db_pass -e "DROP DATABASE $db"
else
echo "The system was unable to restore backups!"
rm -rf $data_dir
exit 2
fi
done
#Remove backups
rm -rf $data_dir
You'll get the best answers if you ask specific questions (rather than, "please review my code")...and if you limit each post to a single question. Regarding emailing the output of your printf statements:
You can group statements into a block and then pipe the output of a block into another program. For example:
{
echo "This is a header"
echo
for x in {1..10}; do
echo "This is row $x"
done
} | mail -s "Here is my output" lars#example.com
If you want to make the email subject conditional upon the success or
failure of something elsewhere in the script, you can (a) save your
output to a file, and then (b) email the file after building the
subject line:
{
echo "This is a header"
echo
for x in {1..10}; do
echo "This is row $x"
done
} > output
if is_success; then
subject="SUCCESS: Here is your output"
else
subject="FAILURE: Here are your errors"
fi
mail -s "$subject" lars#example.com < output