If /else In Expect Script

Home » CentOS » If /else In Expect Script
CentOS 1 Comment

I took your suggestion and turned my (ill advised) sudoers bash script into an expect script! It works a lot better this way and is more secure. Because I’m not trying to store a password in a script (which I recognize as a bad idea anyway, I I think I’ve learned my lesson here).

It really works well. But the only thing I’m still trying to figure out is how to put a if statement in there based on success of the last command
($?) before it’ll move the new sudoers file in place. I’m verifying it with visudo before attempting to make the move. I’d like to make the final move based on the success/failure of that.

Anyway, here’s the script:

stty -echo send_user — “Please enter the host: ”
expect_user -re “(.*)\n”
send_user “\n”
set host $expect_out(1,string)

stty -echo send_user — “Please enter your username: ”
expect_user -re “(.*)\n”
send_user “\n”
set username $expect_out(1,string)

stty -echo send_user — “Please enter your passwd: ”
expect_user -re “(.*)\n”
send_user “\n”
set passwd $expect_out(1,string)

set timeout -1
spawn SSH -t $host {sudo -S cp /etc/sudoers /tmp/sudoers-template}
match_max 100000
expect -exact “\[sudo\] password for $username: ”
send — “$passwd\r”
expect eof

set timeout -1
spawn SSH -t $host {sudo -S rm -f /tmp/sudoers.tmp}
match_max 100000
expect eof

set timeout -1
spawn SSH -t $host {sudo -S echo ‘%tekmark_t1 ALL=(root) NOPASSWD:
/sbin/service, /bin/rm, /usr/bin/du, /bin/df, /bin/ls, /usr/bin/find,
/usr/sbin/tcpdump’ > /tmp/sudoers.tmp}
match_max 100000
expect eof

set timeout -1
spawn SSH -t $host {sudo -S chmod 777 /tmp/sudoers-template}
match_max 100000
expect eof

set timeout -1
spawn SSH -t $host {cat /tmp/sudoers.tmp | tee -a /tmp/sudoers-template}
match_max 100000
expect eof

set timeout -1
spawn SSH -t $host {/usr/sbin/visudo -cf /tmp/sudoers-template}
match_max 100000
expect eof

if { “$?” == 0 } {

set timeout -1
spawn SSH -t $host {sudo -S cp /etc/sudoers /tmp/sudoers.bak}
match_max 100000
expect eof

set timeout -1
spawn SSH -t $host {sudo -S cp /tmp/sudoers-template /etc/sudoers}
match_max 100000
expect eof

set timeout -1
spawn SSH -t $host {sudo -S /usr/sbin/visudo -cf /etc/sudoers}
match_max 100000
expect eof

set timeout -1
spawn SSH -t $host {rm -f /tmp/sudoers-template}
match_max 100000
expect eof
} else {

puts “Verification of sudo template failed. Aborting. Process failed”

}

Pretty simple! Got a suggestion to make this work? If I get that part right, it’ll be done.

Thanks!

One thought on - If /else In Expect Script

  • Hi Tim,

    You seem pretty determined to make this as convoluted as possible. Adding
    ‘expect’ into the mix? Using ‘tee -a’ to simply append a line to a file?
    chmod 777?

    If you take a look at my previous reply, you can see this is relatively simple, and I basically wrote it for you, and even improved it to add some checking before making the changes.

    There is no need to include a password in the script, as it can be read from the user like:
    echo “Enter password”
    read PASSWD

    What are the issues you see with that?

    ❧ Brian Mathis

    CentOS mailing list CentOS@CentOS.org http://lists.CentOS.org/mailman/listinfo/CentOS

LEAVE A COMMENT