Re: [Peterboro] How do I monitor a script

Tue, 10 Jun 2008 12:56:13 -0700 

Andy,

Thanks - I think!!
I will have to have a root around to see what I can find again. Perhaps I can get back top you with some options in the next few days if that is OK? 


Ed


Andy Smith wrote:

Hi Edward,

On Sat, Jun 07, 2008 at 08:25:00PM +0100, Edward Kerr wrote:

I am about to include about this script in my /etc/rc.local file


[...]
How can I get it to produce an output in a log / text file so I can see what it did and if it was successful? 

Aside from making it not remove the temp file as already suggested,
you could put:

set -x

near the top of the script which would cause it to print out (to
stdout) everything that it is doing.

However, this is a terrible script and I would urge you not to use
it.  Even from a cursory glance I can see several problems with it:


UNAME=xxx               # username
PWORD=xxx               # password (plaintext, sorry!)


Not only plain text so any user can read it from this file if you
left it world readable, but see later.


TEMP=/tmp/tmp.ddns      # temporary file


A fixed file name for temporary file, so any user can create
/tmp/tmp.ddns as a link to an arbitrary file such as /boot/vmlinuz
then next time your script runs it overwrites your kernel with its
output.

Should be using mktemp(1) or similar.
wget --quiet --no-check-certificate -O $TEMP 'http://'$UNAME':'$PWORD'@updates.dnsomatic.com/nic/update?' 

so now the plain text password that you kept secure by keeping this
script readable only by root is used on the command line which is
visible to any user with "top" or "ps" or by looking in /proc..

Surely dnsomatic.com has a method whereby you don't need to send
your plain text password over the internet?

Perhaps use of this script could be justified on a single user
machine, but it would be better to come up with a generally more
secure version.

If you are going to continue using this script I would suggest not
running it as root (which is what would happen if you just added it
to rc.local).  I don't see it doing anything that requires root, so
why not create its own user and run it as that, e.g. with

sudo -u dnsomatic /usr/local/sbin/dnsomatic.sh

or whatever.

Cheers,
Andy



------------------------------------------------------------------------

_______________________________________________
Peterboro mailing list
Peterboro@mailman.lug.org.uk
https://mailman.lug.org.uk/mailman/listinfo/peterboro


_______________________________________________
Peterboro mailing list
Peterboro@mailman.lug.org.uk
https://mailman.lug.org.uk/mailman/listinfo/peterboro

Reply via email to