我有使用logger
模擬一些「假」登錄腳本:saltstack - 傳遞變量包含單引號,雙引號,空格...到cmd.script?
#!/bin/bash
{%- set maxretry = salt['pillar.get']('fail2ban:maxretry', 3) %}
tag="$1"
message="$2"
logger -p auth.info "The {{ maxretry + 1 }} \"$tag\" below lines are generated by logger to test Fail2ban"
for i in $(seq {{ maxretry + 1 }}); do
logger -p auth.warning -t "$tag" "$message"
done
這就是所謂的宏:
fake_{{ formula }}_login:
cmd:
- script
- source: salt://fail2ban/fake_login.jinja2
- template: jinja
- args: "{{ tag|default(formula) }} '{{ message }}'"
- require:
- sls: bash
- sls: fail2ban
事情是{{消息}}可以包含單/雙引號,空格,方括號,... 根據cmd.script文檔,要傳遞一個包含空格的字符串,我們必須將其雙引號。 但是,如果我有這樣的事情:
{{ fail2ban_regex_test('mysql', tag='mysqld', message="150114 3:40:50 [Warning] Access denied for user 'root'@'5.6.7.8' (using password: YES)") }}
將被記錄到系統日誌而沒有圍繞用戶/主機的單引號,只是:
mysqld: 150114 3:40:50 [Warning] Access denied for user [email protected] (using password: YES)
,使的fail2ban未能確認爲它與過濾器正則表達式不匹配。
我可以單引號改爲雙引號,並使用反斜線逃避:
fake_{{ formula }}_login:
cmd:
- script
- source: salt://fail2ban/fake_login.jinja2
- template:
jinja
- args: "{{ tag|default(formula) }} \"{{ message|safe }}\""
- require:
- sls: bash
- sls: fail2ban
它處理上述情況時,消息只包含單引號。
但是,如果它包含雙引號:
{{ fail2ban_regex_test('postfix', tag='postfix/smtpd[20228]', message="NOQUEUE: reject: RCPT from sender.com["5.6.7.8"]: 554 5.7.1 <[email protected]>: Recipient address rejected: Access denied; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<mg01d1.sender.com>") }}
我得到這個錯誤:
local:
Data failed to compile:
----------
Rendering SLS "base:postfix.test" failed: Jinja syntax error: expected token ',', got 'float'; line 29
---
[...]
- sls: openldap
- sls: openldap.diamond
- sls: openldap.nrpe
{%- endcall %}
{{ fail2ban_regex_test('postfix', tag='postfix/smtpd[20228]', message="NOQUEUE: reject: RCPT from sender.com["5.6.7.8"]: 554 5.7.1 <[email protected]>: Recipie
nt address rejected: Access denied; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<mg01d1.sender.com>") }} <======================
如果我試圖逃跑用反斜槓雙引號:
... message="NOQUEUE: reject: RCPT from sender.com[\"5.6.7.8\"] ...
那麼我得到了另一個錯誤:
local:
Data failed to compile:
----------
Rendering SLS postfix.test failed, render error: while parsing a block mapping
in "<unicode string>", line 84, column 7:
- args: "postfix/smtpd[20228] \"NO ...
^
expected <block end>, but found '<scalar>'
in "<unicode string>", line 84, column 76:
... : reject: RCPT from sender.com["5.6.7.8"]: 554 5.7.1 <[email protected] ...
如何處理這兩種情況?
如何傳遞一個串過'stdin'及使用'read'來把它讀入一個變量。然後在雙引號內使用該變量... – anishsane 2015-03-19 04:31:11
全部自動化。這裏沒有涉及到stdin。 – quanta 2015-03-19 04:46:38
我的理解是這樣的:你有你的框架中的字符串數據,使用它,你想觸發另一個腳本。您正在使用一些字符串連接邏輯來完成此操作。取而代之的是,改變'另一個腳本'以從標準輸入讀取數據。然後,不要使用字符串連接,而是將字符串傳遞給腳本。 – anishsane 2015-03-19 09:29:49