I don't know if it is such a good idea to be automating the installation of security software as root over the net with a fresh program and 1700 servers... um, how did you get the list of 1700 root passwords again? ;)

If there are other admins of these machines they might get ticked off if something happens.. and hopefully the bugs will be worked out on just a few machines first! That said, with the frequency of ssh upgrades recently I can understand the need to automate the upgrade, this could be a seriously needed tool. But I just wonder if you don't already have that kind of tool in your size department.

Anyway assuming this is all on the level, the company has fired all of its administrators and just hired you to admin 1700 unix servers even though (no personal offense intended) you don't know shell scripting, um, I think this could be a bad situation for you. Actually that isn't really fair. You may have the tool but still be assigned the job, and anyway how else do you learn? Maybe you can make something more useable than whatevery you have. So given that this is probably a good idea.

It is certainly possible to automate these kinds of things see for example Melbourne.pm's talk on Expect.pm. (by the way the link about fastmail.fm on mod_perl is interesting though off-topic.) It does seem to me that passwords sent over telnet, including the initial login itself, will be cleartext over your network (unless you installed something through another route, that would set up ssh on the target machine by itself). So you would need at least to quickly change them by logging in over ssh again. And maybe disable telnet right away, which could if a bug creeps in, lock you out of a lot of machines. Also there may be firewalls settings involved. Well anyway caveat emptor and all that. The tools are there, why not experiment with your own machine first? Maybe you want to set up a distribution server there too.

Sounds like maybe you should keep your private key on a very secure removable piece of equipment.. Also I guess I should mention that if you have machines without ssh installed, you may have a private interface (i.e. ethernet cable) which is not open to the outside world. So maybe you want to see if these machines are on an internal (i.e. 10.x.x.x) network. Telnet and ssh could be set to only be accessible from within.

Finally, my own two niggling cents but while shell scripting is fine, to a lot of people perl is more advanced than it, not less so. Though you maybe want to know both. Anyway I wish you luck.

Oh, finally I shold mention, though I have never used it, a hit on freshmeat.net that sounds quite fresh! SWUP - The Secure SoftWare UPdater written in python but maybe that's okay. Meant for linux but maybe you want to check it out anyway.

In reply to Re: Login Script by mattr
in thread Login Script by /dev/null

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.