[CentOS] if /else in expect script

Thu Jul 18 21:37:06 UTC 2013
Tim Dunphy <bluethundr at gmail.com>

 I took your suggestion and turned my (ill advised) sudoers bash script
into an expect script! It works a lot better this way and is more secure.
Because I'm not trying to store a password in a script (which I recognize
as a bad idea anyway, I I think I've learned my lesson here).


It really works well. But the only thing I'm still trying to figure out is
how to put a if statement in there based on success of the last command
($?) before it'll move the new sudoers file in place. I'm verifying it with
visudo before attempting to make the move. I'd like to make the final move
based on the success/failure of that.

Anyway, here's the script:

stty -echo
send_user -- "Please enter the host: "
expect_user -re "(.*)\n"
send_user "\n"
set host $expect_out(1,string)

stty -echo
send_user -- "Please enter your username: "
expect_user -re "(.*)\n"
send_user "\n"
set username $expect_out(1,string)

stty -echo
send_user -- "Please enter your passwd: "
expect_user -re "(.*)\n"
send_user "\n"
set passwd $expect_out(1,string)


set timeout -1
spawn ssh -t $host {sudo -S cp /etc/sudoers /tmp/sudoers-template}
match_max 100000
expect -exact "\[sudo\] password for $username: "
send -- "$passwd\r"
expect eof

set timeout -1
spawn ssh -t $host {sudo -S rm -f /tmp/sudoers.tmp}
match_max 100000
expect eof

set timeout -1
spawn ssh -t $host {sudo -S echo '%tekmark_t1  ALL=(root) NOPASSWD:
/sbin/service, /bin/rm, /usr/bin/du, /bin/df, /bin/ls, /usr/bin/find,
/usr/sbin/tcpdump' > /tmp/sudoers.tmp}
match_max 100000
expect eof

set timeout -1
spawn ssh -t $host {sudo -S chmod 777 /tmp/sudoers-template}
match_max 100000
expect eof

set timeout -1
spawn ssh -t $host {cat /tmp/sudoers.tmp | tee  -a /tmp/sudoers-template}
match_max 100000
expect eof

set timeout -1
spawn ssh -t $host {/usr/sbin/visudo -cf /tmp/sudoers-template}
match_max 100000
expect eof

if { "$?"  == 0 } {

set timeout -1
spawn ssh -t $host {sudo -S cp /etc/sudoers /tmp/sudoers.bak}
match_max 100000
expect eof

set timeout -1
spawn ssh -t $host {sudo -S cp /tmp/sudoers-template /etc/sudoers}
match_max 100000
expect eof

set timeout -1
spawn ssh -t $host {sudo -S /usr/sbin/visudo -cf /etc/sudoers}
match_max 100000
expect eof

set timeout -1
spawn ssh -t $host {rm -f /tmp/sudoers-template}
match_max 100000
expect eof
} else {

 puts "Verification of sudo template failed. Aborting. Process failed"

}


Pretty simple! Got a suggestion to make this work? If I get that part
right, it'll be done.


Thanks!


-- 
GPG me!!

gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B