1

So I'm trying to combine the good parts of two bash scripts. I need to grab the environmental variables that are created by a successful PAM session and pass them into a MySQL statement.

By way of breaking the process down into parts to troubleshoot, I was able to start with the following snippet of code which works, by itself, but it's not the entire package and far from using variables:

#!/bin/bash
mysql -h localhost -u user -ppassword << EOF 
insert into database.table (PAM_RHOST,PAM_SERVICE,PAM_TTY) values ('1','2','3');
EOF

Okay so the above actually inserts data into the MySQL database. So far, so good with the troubleshooting. So my ultimate goal is to combine something like above, with the following snippet, that works, but instead of sending email, I need the script to do what the above script does, i.e., grab environmental variables and input data into MySQL. The original script used to send an email was:

#!/bin/bash
adminEmail="[email protected]"
[ "$PAM_TYPE" == "open_session" ] || exit 0
{
echo "User: $PAM_USER"
echo "Remote Host: $PAM_RHOST"
echo "Service: $PAM_SERVICE"
echo "TTY: $PAM_TTY"
echo "Date: `date`"
echo "Server: `hostname -s`"
} | mail -s "`hostname -s` $PAM_SERVICE login: $PAM_USER" $adminEmail

So what I attempted to do was glue some pieces to together, which doesn't work. I came up with the following and need help here:

#!/bin/bash
[ "$PAM_TYPE" == "open_session" ] || exit 0
{
echo "User: $PAM_USER"
echo "Remote Host: $PAM_RHOST"
echo "Service: $PAM_SERVICE"
echo "TTY: $PAM_TTY"
echo "Date: `date`"
echo "Server: `hostname -s`"
} 
mysql -h localhost -u user -ppassword << EOF 
insert into database.table (PAM_USER,PAM_RHOST,PAM_SERVICE,PAM_TTY) values '$PAM_USER','$PAM_RHOST','$PAM_SERVICE,$PAM_TTY');
EOF
Improve this question

2 Answers 2

Reset to default
2

You've got some syntax errors in the values clause of the SQL statement.

values ('$PAM_USER','$PAM_RHOST','$PAM_SERVICE','$PAM_TTY');
       ^                                      ^ ^
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

Oooops. You are correct. I have modified the script which now works and have put it below for others who may need such a script. My only concern now is sanitizing the script given that: 1) the script resides outside of any publicly available directories and 2) I have a concern that someone could pass a variable through the connection so I'm wondering what would be good to sanitize or protect against that. Herewith, then, is the script that works:

#!/bin/bash
if [ "$PAM_TYPE" == "open_session" ]

then 

mysql -h localhost -u user -ppassword << EOF 
insert into database.table (PAM_USER,PAM_RHOST,PAM_SERVICE,PAM_TTY,SERVER) values ('$PAM_USER','$PAM_RHOST','$PAM_SERVICE','$PAM_TTY',"`hostname -s`");
EOF

fi
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.