I've written a shell script that get's my IP address via curl from http://checkip.amazonaws.com
What i'm attempting to do is get a list of all my security groups and add that IP address to each security group via the AWS CLI.
The script I have so far is:
#!/bin/bash
# Get IP Address
IP_ADDR="`curl http://checkip.amazonaws.com`"
IP_ADDR="$IP_ADDR/32"
cat /dev/null > /tmp/ec2.info
tmpFile="/tmp/ec2.info"
ec2Info=`ec2-describe-group --region eu-west-1 > $tmpFile`
sec_groups=`cat $tmpFile | grep GROUP | cut -f4`
echo "You are using IP Address: $IP_ADDR"
echo ""
for security_group in $sec_groups
do
echo ""
echo $security_group
echo ""
ec2-authorize --region eu-west-1 $security_group –p 22 -s $IP_ADDR
done
The script works fine getting the IP address and a list of my security groups. However, I get an issue when the script gets to the ec2-authorize line.
I get an error message:
WARNING: Ignoring extra parameter(s): [ ?p, 22 ]
Required option '-p, --port-range PORT-RANGE' missing (-h for usage)
As you can see from the script i've added the -p parameter specifying the port. It seems to be ignoring everything after the $security_group variable.
Any ideas?
Instead of a minus sign, you typed an en dash (Unicode U+2013). So just replace –p with -p.
I noticed in your answer, you fixed this without realizing it. That's why it worked, not because you put the args into a var.
And this is why there was a question mark in the error message: [ ?p, 22 ]
Related
I'm trying to update my /etc/hosts file with my EC2 instance's Ip address, but I keep getting errors. Here's my portion of the bash script that is trying to accomplish this:
TOKEN=curl -s -X PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 21600"
INSTANCE_IP=wget --header="X-aws-ec2-metadata-token:$TOKEN" -qO- http://instance-data/latest/meta-data/local-ipv4
echo "$INSTANCE_IP whatever.hostname.com" | tee -a /etc/hosts
When running this, I got an error saying -s: command not found, so I removed that from the script and tried again and now I'm getting this error -X: command not found. How can I pull in the instance's ipv4 address vis SSM? I'm also using the Amazon Linux 2 AMI for my instances.
The syntax is off. Try it this way:
TOKEN=$(curl -s -X PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 21600")
INSTANCE_IP=$(wget --header="X-aws-ec2-metadata-token:$TOKEN" -qO- http://instance-data/latest/meta-data/local-ipv4)
echo "$INSTANCE_IP whatever.hostname.com" | tee -a /etc/hosts
we got a script that inserts new hosts in check_mk via curl
#!/bin/bash
cat file.conf | while read line
do
HOSTNAME=$(echo $line | cut -d '|' -f1)
IP=$(echo $line | cut -d '|' -f2)
curl "http://myserver/mysite/check_mk/webapi.py?action=add_host&_username=automation&_secret=myautomationsecret" -d 'request={"hostname":"'"$HOSTNAME"'","folder":"ansible","attributes":{"ipaddress":"'"$IP"'","site":"mysite","tag_agent":"cmk-agent"}}'
done
the file "file.conf" is an already processed file from an nmap scan with xmlstarlet, this file does not always have the hostname, therefore the ip address was used as hostname
the file.conf looks like this
192.168.30.1|192.168.30.1|os
_gateway|192.168.30.2|Linux 2.6.18 - 2.6.22
...
so for some hosts the ip address was passed once as hostname and logically as ip. now it is so that an employee enters the correct hostname and deletes the ip from the field hostname
if the above mentioned script is executed again, it will create the host again with the ip as hostname (because no hostname was specified), so now we have the host 2x in check_mk 1x with the manually added hostname and once with the ip as hostname
all other hosts where the hostname was already recognized correctly by nmap from start on were not taken over like it should be
we now need a function that asks for the ip address of the hostname before the script is executed and if it is already there the host should not be created again
with curl you can only get the hosts
curl "http://myserver/mysite/check_mk/webapi.py?action=get_all_hosts&_username=automation&_secret=myautomationsecret"
First you will need "jq", so apt-get install jq. ( is for reading json file by bash )
FILE="filename"
getHost="http://myserver/mysite/check_mk/webapi.py?action=get_all_host&_username=automation&_secret=myautomationsecret"
while IFS='|' read -r host ip description
do
checkHost=$( curl -s "$getHost" |
jq -r '.result | keys[] as $k | "\(.[$k] | .attributes | select(.ipaddress=="'$ip'") | .ipaddress )"' | uniq )
if [ "$checkHost" != "$ip" ]
then
# here you already know that this ip ( $ip ) not exist in check_mk
# put your curl command with add_host action here
echo "Hostname: $ip added to check_mk"
else
echo "Hostname: $ip is already exist in check_mk"
fi
done <$FILE
now we have another problem: i have to include the OS directly. this already works with the same add_host so far, i just had to include another attribute
curl "http://myserver/mysite/check_mk/webapi.py?action=add_host&_username=automation&_secret=myautomationsecret" -d 'request={"hostname":"'"$HOSTNAME"'","folder":"ansible","attributes":{"ipaddress":"'"$IP"'","tag_os": "'"$OS"'","site":"mysite","tag_agent":"cmk-agent"}}'
but it is so that you have to insert OS names manually into the checkmk interface, there is a special tab where you can define them
this was already done with the OS Linux, Windows and LCOS
but now it is so that the nmap scan does not have an os included everywhere, so the file.conf looks like this from time to time:
host1|192.168.30.25|Windows
host2|192.168.30.90|Linux
host3|192.168.30.110|Linux
host4|192.168.30.111|Linux
192.168.30.130|192.168.30.130|
192.168.30.131|192.168.30.131|Android
192.168.30.155|192.168.30.155|Linux
192.168.30.157|192.168.30.157|
you can see that at hosts the os is completely missing or that there is something like android
we now want the hosts that do NOT have linux, windows or lcos to have "empty" as tag_os
but the curl command gives an error for hosts with empty os and does not create them
{"result": "Check_MK exception: Unknown tag ", "result_code": 1}{"result": "Check_MK exception: No such host", "result_code": 1}
I have a script, that is running inside the docker container some actions we need for some internal debugging purposes:
set -eu
echo "Starting i/o test for host"
IP_HOST=$(ip a | grep -oE "\b([0-9]{1,3}\.){3}[0-9]{1,3}\b" | grep 172.17 | awk 'NR==1{print $1}')
echo "Detected IP of host is $IP_HOST"
sshpass -p tcuser ssh -o StrictHostKeyChecking=no docker#localhost -t -t
echo "Then"
the output here produce exactly:
bash-5.0# sh /etc/cron.d/iotesthost.sh
Mon Mar 2 12:43:59 UTC 2020
Starting i/o test for host
Detected IP of host is 172.17.0.1
Warning: Permanently added 'localhost' (ECDSA) to the list of known hosts.
( '>')
/) TC (\ Core is distributed with ABSOLUTELY NO WARRANTY.
(/-_--_-\) www.tinycorelinux.net
and as the last line is reached, the script makes me exiting bash or crond execution. So I can't go ahead with processing other lines after sshpass/ssh, so I never reach echo "Then"
That is the reason of exiting the script execution and how to work it around, still keeping all the features of accepting keys (i need is as each time the docker container calls for the script it is new)
If I ignore -t -t, I'm getting error according to https://stackoverflow.com/a/7122115/1759063
see https://askubuntu.com/questions/87449/how-to-disable-strict-host-key-checking-in-ssh
or
echo "StrictHostKeyChecking no" >> /etc/ssh_config
for a global solution. Please note that there is no security check anymore then.
I have very little experience with Bash but here is what I am trying to accomplish.
I have two different text files with a bunch of server names in them. Before installing any windows updates and rebooting them, I need to disable all the nagios host/service alerts.
host=/Users/bob/WSUS/wsus_test.txt
password="my_password"
while read -r host
do
curl -vs -o /dev/null -d "cmd_mod=2&cmd_typ=25&host=$host&btnSubmit=Commit" "https://nagios.fqdn.here/nagios/cgi-bin/cmd.cgi" -u "bob:$password" -k
done < wsus_test.txt >> /Users/bob/WSUS/diable_test.log 2>&1
This is a reduced form of my current code which works as intended, however, we have servers in a bunch of regions. Each server name is prepended with a 3 letter code based on region (ie, LAX, NYC, etc). Secondly, we have a nagios server in each region so I need the code above to be connecting to the correct regional nagios server based on the server name being passed in.
I tried adding 4 test servers into a text file and just adding a line like this:
if grep lax1 /Users/bob/WSUS/wsus_text.txt; then
<same command as above but with the regional nagios server name>
fi
This doesn't work as intended and nothing is actually disabled/enabled via API calls. Again, I've done very little with Bash so any pointers would be appreciated.
Extract the region from host name and use it in the Nagios URL, like this:
while read -r host; do
region=$(cut -f1 -d- <<< "$host")
curl -vs -o /dev/null -d "cmd_mod=2&cmd_typ=25&host=$host&btnSubmit=Commit" "https://nagios-$region.fqdn.here/nagios/cgi-bin/cmd.cgi" -u "bob:$password" -k
done < wsus_test.txt >> /Users/bob/WSUS/diable_test.log 2>&1
There is a script I'm running that I can not install on the remote machine.
clear && printf '\e[3J'
read -p "Please enter device: " pattern
read -p "Enter date: (YYYY-MM-DD): " date
pfix=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 5 | head -n 1)
mkdir /home/user/logCollectRes/"${pfix}"
ssh xxx.xxx.xxx.xxx 'bash -s' < /usr/local/bin/SearchAdvanced.sh ${pattern} ${date} ${pfix}
In that script, I would like to be able to use read.
ls -g *"${pattern}"*
read -p "Select one of these? [y/n] " "found";
I've tried adding the -n on the read as well as the -t -t option on ssh. As you can see the script presents information that is only seen once the script starts, so I can't use the read on local machine.
EDIT: So lets say server B stores syslogs for 5K computers. The file names are given by using the internal IP of the device and the date at the end.
/var/log/remotes/192.168.1.500201505050736.gz
/var/log/remotes/192.168.1.500201505050936.gz
/var/log/remotes/192.168.1.500201505051136.gz
/var/log/remotes/192.168.1.600201505050836.gz
/var/log/remotes/192.168.1.600201505051036.gz
/var/log/remotes/192.168.1.600201505051236.gz
I'd like to be able to select the IP address from the main script, list all the files matching that IP address, and then select which I want to scp to my local machine.
After speaking with some coworkers I found the answer to be running two scripts: The first pulls the ls -g result and directs the answer to a variable on the local machine. I then print that output with the read option of selecting on of the files. The 2nd script will take that answer and scp the file from the remote machine
In the main script
ssh xxx.xxx.xxx.xxx 'bash -s' < /usr/local/bin/SearchAdvanced.sh ${pattern} ${date} > ${result}
then as a follow up
printf "${result}"
read -p "Select file: "