HPE Community
Operating System - HP-UX
1829103 Members
3117 Online
109986 Solutions
New Discussion

Searching complete / for sudo

 
SOLVED
Go to solution
Hemant S.
Occasional Advisor

‎06-08-2006 05:13 AM

‎06-08-2006 05:13 AM

Searching complete / for sudo

Before upgrading sudo, we need to check if any scripts are using sudo. For this I tried to search ALL files using find / -exec grep -l 'sudo' {} \; > /tmp/result. But this hangs in between while searching lot of files and I can can not keep killing every process where it hangs.(Example /etc/opt/resmon/pipe/153355665 ) So what is the best way searching complete system.
I have generated a complete listing of files in system. This comes to 414874 files which we need to search. I am looking for some script where it should search all files in this listing without any wait period and if it hangs anywhere, ONLY then it should wait for 30 seconds and then kill the grep for that file and proceed to search on next file in listing. Or if there is any better way to do this. Thanks in advance.
0 Kudos
16 REPLIES 16
Rick Garland
Honored Contributor

‎06-08-2006 05:21 AM

‎06-08-2006 05:21 AM

Re: Searching complete / for sudo

If you are upgrading sudo, are you keeping the same PATH to the executables?

If so there is no need to modify the scripts that contain the sudo call.

0 Kudos
Christian Tremblay
Trusted Contributor

‎06-08-2006 05:25 AM

‎06-08-2006 05:25 AM

Re: Searching complete / for sudo

It would be a lot easier to check the sudo log: /var/adm/syslog/sudo.log to see what scripts/users are using it.

But like Rick says, if your sudo stays at the same place when you upgrade it, there is no need to do anything, the scripts will
run the new version.
0 Kudos
Hemant S.
Occasional Advisor

‎06-08-2006 05:30 AM

‎06-08-2006 05:30 AM

Re: Searching complete / for sudo

The sudo we have on this box is very very OLD. Does not show any version. And command syntax is lot different from the rest sudo executable.
OLD@xxx:#sudo -V
usage: sudo [ [ -r | -e ] name ] [ cmd [ args ]]
sudo [ -l name ]
NEW!hxs $ sudo -V
Sudo version 1.6.6
Once I put this sudo 1.6.6, Some of scripts using sudo fail. So before going ahead of upgrade sudo on PROD systems I wanted to make sure how many scripts are using sudo. Find owners of those scripts, contact them and have them modify it.
0 Kudos
Christian Tremblay
Trusted Contributor

‎06-08-2006 05:42 AM

‎06-08-2006 05:42 AM

Re: Searching complete / for sudo

Like I said, check the sudo log, all invocations of sudo by a script are logged there with the name of the script that called it.
0 Kudos
Hemant S.
Occasional Advisor

‎06-08-2006 05:47 AM

‎06-08-2006 05:47 AM

Re: Searching complete / for sudo

There is no /var/adm/syslog/sudo.log present, or any other sudo log. The files which it use is /etc/suid_tab and /etc/suid_local not sudoers.
0 Kudos
Christian Tremblay
Trusted Contributor

‎06-08-2006 05:51 AM

‎06-08-2006 05:51 AM

Re: Searching complete / for sudo

by default sudo will log to the system log in /var/adm/syslog/syslog.log but it's a good idea to log to it's on log file
(configurable in the /etc/sudoers file)

You may check sudo entries in the system log
grep -i sudo /var/adm/syslog/syslog.log
0 Kudos
Hemant S.
Occasional Advisor

‎06-08-2006 05:58 AM

‎06-08-2006 05:58 AM

Re: Searching complete / for sudo

As I said there is no /etc/sudoers present. Also I don't want to depend on sudo entries in syslog.log. Is there any way to search ALL files in a system for use of command sudo.
0 Kudos
Christian Tremblay
Trusted Contributor

‎06-08-2006 06:12 AM

‎06-08-2006 06:12 AM

Re: Searching complete / for sudo

for i in `find / -type f`;do grep -i sudo $i;done 2>&1 >> search.out
0 Kudos
Christian Tremblay
Trusted Contributor

‎06-08-2006 06:23 AM

‎06-08-2006 06:23 AM

Re: Searching complete / for sudo

You may want to use grep -il to output only the file names where a match is found.
0 Kudos
Hemant S.
Occasional Advisor

‎06-08-2006 06:26 AM

‎06-08-2006 06:26 AM

Re: Searching complete / for sudo

Christian

This command hangs here -
# ll /etc/opt/resmon/pipe/1573980217
prw------- 1 root root 0 Jul 30 2003 /etc/opt/resmon/pipe/1573980217
# grep -il sudo /etc/opt/resmon/pipe/1573980217

Thats why I am looking for some scripts. Please see my question again.

Thanks
Hemant
0 Kudos
Pete Randall
Outstanding Contributor

‎06-08-2006 06:30 AM

‎06-08-2006 06:30 AM

Re: Searching complete / for sudo

You said you generated a list of the 414874 files that need to be searched. Use that list:

for i in `cat my_file_list`
do
grep -i 'sudo' $i
done


Pete

Pete
0 Kudos
Hemant S.
Occasional Advisor

‎06-08-2006 06:41 AM

‎06-08-2006 06:41 AM

Re: Searching complete / for sudo

Hi Pete

I have also tried to use a similar script but it hangs when is goes for a file like this - And I am tired killing those infinite greps.
prw------- 1 root root 0 Jul 30 2003 /etc/opt/resmon/pipe/1573980217

And some other files with names FIFO in it.

So I am looking for some script where it should search a file in this listing and go for next $i WITHOUT any wait period and if it hangs anywhere, ONLY then it should wait for 30 seconds and then kill the grep for that $i if it is still hanging and then proceed to search on next file in listing.

I am using - grep -l sudo $i > /tmp/result.out. As if any file has sudo word in it will be written to this result.out.

Any help is really appreciated.

Thanks
Hemant
0 Kudos
Christian Tremblay
Trusted Contributor

‎06-08-2006 06:41 AM

‎06-08-2006 06:41 AM

Solution

Re: Searching complete / for sudo

it's important that you use the -type f switch to the find command to look only at regular files not at a named pipe where you say it hangs.
0 Kudos
Peter Nikitka
Honored Contributor

‎06-08-2006 07:31 AM

‎06-08-2006 07:31 AM

Re: Searching complete / for sudo

Hi,

to exclude pipes, sockets, directories and not querying symlinks, use
find / -local -type f -print | xargs fgrep -l sudo >/tmp/result

I don't know if HPUX-find has '-local' option (have no HP at hand now) to inhibit walking into NFS-mounts, but there may be an option '! -fstype nfs' or so as a substitute.

mfG Peter
The Universe is a pretty big place, it's bigger than anything anyone has ever dreamed of before. So if it's just us, seems like an awful waste of space, right? Jodie Foster in "Contact"
0 Kudos
spex
Honored Contributor

‎06-08-2006 07:58 AM

‎06-08-2006 07:58 AM

Re: Searching complete / for sudo

This works on my system, and makes doubly sure that only text files are grep'ed:

find / -type f -local -exec file {} \; | awk -F ':' '/text$/{print $1}' | xargs grep -l 'sudo'

If you already have a list of files, replace everything before the first pipe with 'cat filelist'.

PCS

0 Kudos
Hemant S.
Occasional Advisor

‎06-09-2006 02:41 AM

‎06-09-2006 02:41 AM

Re: Searching complete / for sudo

Thanks for your help Christian.
- Hemant
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.