Programming :: C Wrapper For Secure Password Substitution
Feb 3, 2011
I'm working on a program that will allow non-privileged users the ability to substitute passwords that are read in from a 600-root:root file.
A user might call it like this:
/bin/securepasswrapper "/path/to/check_ping -u Admin -p ?webserver1?"
The file (defined now as /tmp/securefile) will be searched for the identifier "webserver1", and it's corresponding password will be returned to securepasswrapper. Now, I know you could just call /bin/echo, and get the output, but that's in scope at this point.
File format of securefile is:
<identifierassword>
ex: webserver1:asdf123
Once the password is properly substituted in, securepasswrapper should then execute it as the UID/EUID of the calling user (not root)...that part I've not got to yet.
Code:
/* program: securepasswrapper
author: R.Briggs + Google
date: 02/02/11
purpose: C wrapper that replaces placeholders in a string with secure passwords retrieved from a file
*/ .....
I have written a shared library and successfully used debhelper 9 to create a Debian package from source using a Makefile generated by cmake. I then went about writing a python wrapper to that library and wish to package that wrapper in with the library so I can have a single distributable rather than 2 separate ones.
All of my attempts so far have me placing my python source and a setup.py file in the same directory as the makefile at the time where I call debuild.
From here I have tried a couple different configurations to my debian/rules file as seen below:
This try ran make, but completely ignored the python stuff. From some research I have gathered that the --buildsystem flag tells debuild to ignore any makefiles in the directory, which obviously causes a problem in my case.
Another attempt was to modify the build dependency to first run make and then call the python build process that file looked like this
This appears to somewhat work as both processes do build, but a few of the python files are still not getting installed.
Is this the way I should be going about doing this? I've noticed that most python wrappers tend to package themselves individually and then make that package dependent on the library it is attempting to wrap.
Just a simple BASH for loop to read the file path from a text file (clean.txt) echo the variable for debug purposes, and scp it to a server I have using port 50 for SSH.
I've already formatted the entries in clean.txt to handle spaces correctly, using sed replacement.
Example from the clean.txt file:
Code: /MP3/NAS000000001/Barenaked Ladies/Barenaked Ladies - Barenaked For The Holidays/20 Auld Lang Syne.mp3 /MP3/NAS000000001/Barenaked Ladies/Barenaked Ladies - Barenaked For The Holidays/14 Deck the Stills.mp3
file allids consists of 300,000 rows, each containing a 5-7 digit numeric id. file newids consists of 20,000 rows of id's. How do you explain the following timings? time: 0.07s:
I have an interpteter that supports string literals, and the way it works is that the lexer returns the entire string as a single token, with the quotes removed and escape sequences replaced with the literal characters they represent.
I already implemented single-quote strings, they don't interpret any characters specially except for the single quote. I partially implemented double-quoted strings, they already support all the same backslash escape sequences that C does. But I would also want to add variable substitution.
The way it would work is that "${expression}" would interpret the expression (which could just be a variable name) and replace itself with the result. But I have no idea how to do this.
In case it matters, I'm using a hand-written lexer and recursive-descent parser.
Code: SERVERS=(SERVER1 SERVER2 SERVER3) SERVER1_SERV=(web ftp mail) SERVER2_SERV=(web transcoding) SERVER3_SERV=(web ftp mail) for SERVER in ${SERVERS[@]} do echo "Starting tranfer for server $SERVER" for SERVICE in ${$SERVER_$SERVICE[@]} do something_to_be_done fi done But when I run it I get ${$SERVER_$SERVICE[@]}: bad substitution
I have a simple script that I am writing to parse an XML file for me, and update some version numbers. Basically what happens in my script is that I'm running a grep command on the file to get the current version number, then I prompt for a new number, and then I want to globally replace that version number in the file. The problem is, the sed command seems to only want literal values (it doesn't appear to be capable of resolving variables). For example, this code doesn't work:
[Code]...
I have tried removing the curly brackets from the variable names, quoting them, etc. and nothing seems to work. Should I do this with awk instead (and if so can you kindly write out the command for me because I never bothered to learn awk).
I remember reading that using sed, you can do this with parentheses: s/abc(something)def/(something)else/g I can't find an explanation of how to do something like this with Awk. Say you have this in an HTML file, where (number) stands for a one or two-digit number:
I need a substitution of a particular string (StringA) with another string (StringB). However, there may be more than one occurrence of StringA within the file, but only one instance needs to be changed, which is why I'm trying to be sure of it's positioning against something I know will be unique in the file, and will always have the same distance from the string to be replaced. So, I intend to match on a string (StringC) above the string to be substituted and then have sed go to StringA below and replace with StringB.
So far, I have had some success with the following:
Code:
... but I can't help thinking that there *has* to be a cleaner way of doing it.
if{ [catch {sqlite3 db /path/to/db/file} result] } { puts stderr $result } else { do something }
What I want is to use a variable for the file name/path. When I put in a variable instead of the absolute path, I get an error: "missing close-brace: possible unbalanced brace in comment while executing"
This is weird because when I run the code with the fully qualified pathname, it works fine. I substitute out the pathname for a variable containing the pathname ($variable) and I get this error.
Further to solved LQ thread Bash: how to populate a list of arbitrarily named files?, what is the functional difference between feeding a loop with process substitution and feeding it with a here string with embedded command substitution? ABSG pages: process substitution, here string and command substitution. This works
Code:
while IFS= read -r -d '' file do files+=("$file") done < <(find $dir -type f -print0)
I can find points to Tillies Garrels TLDP reference. Do I want to create my own variable to hold the string or do I want to place the string in memory? Is that my problem? Or is something different causing the 'bad substitution' error.
I'm writing a script that tars, bzips, and encrypts a set of files to my GPG key and then (ideally) uploads the files to a backup directory on my school's web server. I want to run it daily as a cron job. Problem is, the web server only allows connections with scp and sftp.
Neither program allows specifying a password as a switch. I want to run it as a cron job, so I won't necessarily be present to type the password, and I'd like to just be able to specify the password in the script.
"Ah ha!" you're thinking. "He needs to generate a keypair and set up ssh to not require a password!" And I've found tutorials on the web that show me how to do just that. Problem there is that they all require me to install software and/or access files outside my home directory on the remote machine.
I have zero access to anything other than my own home directory on the remote machine. None. Nada. Zip. I can't install software, access files in /var or /etc, or find out anything about running processes. The local IT priesthood won't give me any information about what's running on the machine or how I can connect to it (and has made a point of telling me that they don't care for Linux users and I should stop asking questions).
I'd really like to to just be able to specify my password in the script. I understand that scripts are really just text files and that anyone who can get at my desktop computer can read them with a text editor and that this would reveal my password and blah blah blah, but I'm willing to trade that particular risk for the convenience of not having to be awake and monitoring the computer when the cron job is running.
Is there any way to specify the password in the script itself? I'd be happy using either sftp or scp (I've used them both successfully from the terminal to transfer files to this machine).
there are some configuration files where linux require the password of application user, to do something.how can i to encrypt the password in these files? Or how can i to store that password in encrypted file and retrieve it in secure mode?
I'm trying to use ${VAR:0:4} substring extraction described here: tldp.org/LDP/abs/html/string-manipulation.html and it works perfectly if i issue a command in bash. But when i put it in a script file and run it, bash gives me "bad substitution" error. Does anyone know how to fix it?
Im using opennms network configuration backup server called 'RANCID'.It run on top of RHEL5 system and using APache. Here's the link which i'm accessing [URL] But any one can access this URL and obtain my configuration files
I want to secure this using a logon page.allow login Only for the successful authentications by entering the predefined username and password But after get authenticate book marking the above URL still can access anyone since it didnt prompt username and password again In eachtime executing the above url it should direct to authenticate page
we are using linux email server axigen past few years. we keep port open ssh and pop,smtp webmail etc. ssh use for remote trouble shooting. so through firewall it is globally accessable. we notice many attacks coming to our machine, also some people try to enter in our system but failure. as example see below a log come in messages file
Mar 17 09:19:50 sa1 sshd(pam_unix)[21231]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.51.13.120 user=root how we can secure more. as per my understanding only good long strong password can stop to prevent from attacks.
I'm an Oracle DBA and started working for my current employer about 4 months ago. This past weekend an alert re: FS space brought my attention to /var/spool/clientmqueue (full of mail re: cron jobs) and the fact that sendmail is not running on our Linux servers.I'm told that the IT security team deemed sendmail too vulnerable so we don't run it.Aside from FS filling up and missing notification of issues with crontab entries, I'm concerned that we may be missing notification of potential issues. In other Unix/Linux environments I've seen emails from the print daemon when it experienced problems with specific jobs.
Are there other Linux facilities aside from cron and lpd that use email to advise the users of possible issues? Are there ways to secure sendmail or secure alternatives to sendmail? My primary need/desire is to make sure that emails regarding issues on the server get to the appropriate users. Secondary goal would be to have the ability to use mailx to send mail out. There is No need/desire to receive mail from outside.
I need to write a wrapper script for iostat functionality . in solaris unix i have iostat but in linux i don't have iostat , so I need to write a wrapper script which does all the functionality of iostat . i am entirely new to scripting
I'm not a database guru, so be patient with me: Is there some kind of "wrapper" software you can put around an SQL database (MySQL perhaps) that allows you to internally configure database rules on a higher level than the database itself can actually implement? (E.g., "rows in table A can be deleted, but only if there are no related rows in table B and only if column x for the row in table A is in state y.")The idea would be to keep from having to trust this kind of logic to the client programs, while also avoiding the need to write a full fledged server daemon just for your application. The clients submit their SQL insert requests to the wrapper daemon, and the daemon passes them on to the database if they pass a rules table defined for that particular database.
I did a NMAP on a 10.4 desktop system. Found tcp wrapper on my system with an open port. Again I do not run a server. etc/host-deny and etc/host-allow contain no active elements. I know tcp wrapper as a great tool to secure a server. Closing the port with ufw gives no result, tcp wrapper still show up.
I hope to add a wrapper script for the command with different parameters. For example, for any Unix command or script, like below: command.sh -s p1 -o p2 -q p3 or command.sh
Probably we could do as this way cat wrapper $1 $2 $3 $4 $5 $6 $7 | tee test.log (assume it has 0 to 6 parameters)
and use it like wrapper command.sh -s p1 -o p2 -q p3 wrapper command.sh
It is a little ugly to list all fixed parameter as above, do we have better code to handle various parameters?
Just figured this one out and thought I'd post it here in case it helped someone else. Skype just upgraded itself from 2.1 to 2.2. After upgrading it didn't start, and I got the message
"failed to execute child process skype-wrapper" First test out if skype runs from the command line, by running this in a terminal
Code: skype & If it runs, you're good to go: simply right click on the menu, locate your entry for skype and change the command to launch it from skype-wrapper to skype. The reason for this is that in the 2.1 version, skype needed a script called skype-wrapper to set some varibles before start up. Upgrading removes the script, but failed to update the menu entry.
I have a couple of questions to ask, first, at F14 startup, it shows three progress bars at the bottom of the screen instead of the default fedora bubble loading indicator. It started after I had installed a driver for my Nvidia GeForce2 Go card. Is there any way I can fix this? and two, can somebody give me specific instructions on how to install ndiswrapper and the driver for my Linksys WPC54g version 1.2.
I had installed koha 3.0.0 successfully.I am able to import data by using Marc Editor but i am not able to edit the data of ITEMSit shows the following errorThe following fatal error has occurred:found MARCXML element datafield, but the <record> wrapper is missing at /usr/lib/perl5/site_perl/5.12.3/MARC/File/XML.pm line 452ApacheServer version: Apache/2.2.17 (Linux/SUSE) Server built: 2010-10-21 14:13:51.000000000 +0000 Koha3.00.00.107Koha DB3.0000107MySQLmysql Ver 14.14 Distrib 5.1.53, for suse-linux-gnu (i686) using readline 6.1OSLinux koha-test 2.6.37.1-1.2-desktop #1 SMP PREEMPT 2011-02-21 10:34:10 +0100 i686 i686 i386 GNU/Linux Perl5.012003Or
I have an security cam with a built-in webpage inside my home network. That camera is using basic HTTP authentication instead of SSL. I want to be able to access the camera's webpage from outside my network, but I don't want to open an unencrypted video stream to the outside world. Right now, I'm doing some cumbersome ssh tunneling where I bounce off an ssh server like: ssh -N -L 9090:[URl]..and then I connect to my web page like: http://localhost:9090
But this is a pain. Now, gentle reader, I beseech you to tell me how I can use linux (Ubuntu) to get a fully encrypted SSL connection to my internal web page without the hassle of creating an ssh tunnel each time. I believe I can use stunnel, but I'm not sure of the command.
1. Make a disk image of my 9.10 system (formatted ext3, btw) on my Syology CS407 NAS so I can do a bare metal restore. Why is this a couple of clicks on my Mac and Windows boxes, but so far not easy on Jaunty? Did I miss something?
2. Drivers. Why can't I just have an automatic wrapper for Windows drivers so I can use any printer or scanner, or a simple point and click driver install for native drivers? I have my ethernet connected Brother MFC-7820N, and the Samsung CLP-315 that runs off my CS407 installed and working on my Jaunty, but it was way more work than expected. What is the easy, automatic or point and click way to install drivers?
3. Graphics drivers. I have decent cards in my big boxes, Nvidia GTX 200 series. But when I get kernel updates, I have to uninstall and reinstall the graphics driver. Is there an easy way to keep this working?
4. Is there one flavor of linux distro that has a really consistent standard for user interface? I like to be able move things around, but do like my menus to be consistent (and do I ever hate the MS ribbon!). I've really only tried Ubuntu.
Linux installs have come a long, long way from the old days, and are such a point and click operation that I just wonder what I'm doing wrong. Someone is bound to have sorted these things.
