I was wondering what type of security Zeppelin provides to avoid a user run a shell command (using %sh) that, for example, would delete files from disk.
For example, take a look here at the Bash interpreter test
Related
I am running a rsync ssh command in cygwin in windows. Upon this, password is asked and if given, it does the intended task. Now I want to put these all tasks in one batch file, which can be run on one click.
Thanks
Step 1: Set up an authorized_keys file on the server so that you can ssh in from your local machine without using a password (check the security implications of this carefully). You can find instructions for this in many places, including the official documentation.
Step 2: Add Cygwin's bin directory to your Windows PATH environment variable. If you don't want to do it permanently, you could write that into your batch file.
Step 3: Write your one-line batch file using the exact same rsync command line you used in Cygwin. Pathnames should not need translating unless you expect the shell to expand a wild card. If you use any sort of quoting then that might need adjusting.
Step 4: Configure Windows to run programs with one click, instead of double click. Not sure how you do that; I don't use Windows much.
My requirement is to execute a system command like (ls) or C program when a trigger executes. Is there any way to create a trigger function to solve this problem.
You can write trigger functions Python, Perl or Tcl, and provided that you use the "untrusted" version of the language, any of these can be used to execute arbitrary shell commands. The shell will be run under the same user as the Postgres server process (typically "postgres"), so you will need to set permissions accordingly.
For example, after running CREATE EXTENSION plpythonu, you can write a trigger function using LANGUAGE plpythonu, and run commands by calling e.g. os.system().
Take care with any commands which modify the system, as these changes are not tied to your database transaction (so you would need to find your own way of dealing with concurrent writes, transaction rollbacks, etc.).
Here's a quick exampe of how you can achieve this in PG15 on Ubuntu:
sudo apt-get install -y postgresql-plpython3-15
CREATE EXTENSION plpython3u
CREATE OR REPLACE FUNCTION reboot_server(version text) RETURNS text AS $BODY$
import subprocess
subprocess.call(f"/usr/lib/postgresql/{version}/bin/pg_ctl restart -D /var/lib/postgresql/{version}/main",shell=True)
$BODY$ LANGUAGE plpython3u;
select * from reboot_server('15')
In this case, i'm restarting specified instance of postgres.
Is it possible to run the silent and verysilent option from within the inno setup application.That is as soon as I clicked the exe it will run with verysilent option (no need to provide it in the command prompt)
I have figured out the temporary way of putting the command with verysilent option in the batch script and clicking the batch script :) !
It is Bad Formâ„¢ make a "covert" installer. From Inno's FAQ:
Is it possible to do a silent install without using the /SILENT or /VERYSILENT command-line parameters?
No, nor is such a feature planned (it would be abused). If it is your intention to keep user interaction to a minimum, use the Disable* [Setup] section directives.
This would only matter if you are actually building the installer. If you're just trying to install the application, the only sensible thing to do is use the command-line flags in a batch file (or other scripting language).
The build definition is created but in order to automate the build process I need to start the build via the command line.
How is this done ? Reading the doc on the scm command line client this does'nt seem to be described :
http://pic.dhe.ibm.com/infocenter/rtc/v1r0m0/index.jsp?topic=%2Fcom.ibm.team.scm.doc%2Ftopics%2Fc_scm_cli.html
I don't think scm is involved at all for launching a build.
You check out the Java API: See "Automated Build Output Management Using the Plain Java Client Libraries".
Or, you can use the JB Toolkit, and use a task like requestTeamBuild:
The requestTeamBuild task requests a build by using a specified build definition.
There must be an active engine that supports the build definition in order for the request to succeed.
Long story short... we have multiple servers which we run perflog monitoring on every night. My job is to convert these logs to .csv format and send them to my e-mail.
This bit it already automated via a .sh script an ex-employee wrote.
What I want automated is to run a batch job after the perfmon logging to look at a specific folder and find the latest .blg file and run the sh script on it (the script is called upload) so that I don't have to log in to each server and do it manually.
e.g.
upload myInitials cd /cygdrive/someLocation/logs/$latestFile$.blg
myInitials and the location can be hard-coded... I just wouldn't know how to find the latest file in the folder and automate it all via a batch file.
Any pointers would be very helpful!
# Jeremy:
Sorry, I probably should have mentioned in my question that the servers are running 2003 and 2008.
I don't think it would be absolutely necessary to register a change notification on the folder - If the log runs from noon till 7 in the morning, the script will run immediately after (you can set a script to run after a perfmon log has finished in log properties) so the log will almost definitely be the latest file in the folder anyway.
Like I said, I already have a .sh file in place to convert to csv and send to my e-mail, I just need to incorporate it into a batch file so that instead of me going to each of the servers and opening up cygwin and typing upload xx /cygdrive/location/logs/xyz.blg, I can have it automated to run straight after the log has finished without me having to RDC into it.
Thanks for the input!
If you have a Shell script and you job is to call the shell script from a windows batch file then this will work.This assumes the cygwin is installed in C:
Contents of start_cyg.bat
#echo off
set PATH=%PATH%:"C:\Cygwin\bin"
rem bash --login -i
bash "/cygdrive/d/cyg.sh"
Contents of cyg.sh
#!/bin/bash
TAIL=`ls -lrt | tail -1`
echo "TAIL:$TAIL"
If you call start_cyg.bat from windows command prompt you can get the output of the cyg.sh in the console
for getting newest file in a directory, ls -1tr | tail -1 should work.
First, I don't know if it would meet your requirements, but the Windows Task Scheduler 2 in Vista+ is very robust and can trigger an event even based on log entries. However, extraction and parsing of that log entry may require some scripting, and might have concurrency issues, even if that log entry did indicate the last used process. Chances are none of this is helpful, but just throwing it out there.
Programatically, it would be simple as you can register a change notification on a folder. When a change occurs, you go find the latest file. Then launch the batch file to launch your shell script, or whatever your desired sequence may be.
I think cygwin may even support change notification events via scripting, though I'm unsure. I believe there are linux extensions for this, but I may be wrong.
If it were me, I'd just write a little C++ app to do whatever I wanted.. but for you maybe any (or more likely none) of the above helps ;o.