1、获得详细的系统信息

use Rex -feature => ['1.0'];

task "sysinfo", group =>"all", sub {

say connection->server."::";
   dump_system_information;
say "==========================";
};

rex -qw sysinfo 就能打印相关信息。

2、通过get_system_information获得特需的信息

task "get_hostname",group =>"all" sub {
   my %info = get_system_information;
    say Dumper $info{Host};
};

3、在模板中插入环境信息

可以在模板中插入这些环境信息，比如可以把ip地址或者hostname插入到一个模板文件中：

Listen <%= $eth0_ip %>:80

做为配置文件，用以适应不同的环境情况。

登录系统发现find被替换为空文件了……

1、批量扫描有多少服务器有问题：很简单扫描远程服务目录find 如果大小为1（即使为空）。

task “find”, group => “all”, sub {
my $output= run ‘ls -al /bin/find’;
say connection->server.’:’. $output;
};

rex -qw find 1>findlist.txt

然后对findlist处理，当然是perloneline

perl -lane ‘print $F[0] if $F[5]==1’ findlist.txt|perl -pe ‘s/:$//’

获得有问题的服务器列表。

2、打印对服务器版本进行，以便找到相对应的find文件进行替换

task “issue”, group => “all”, sub {
my $output= run ‘cat /etc/issue’;
say connection->server.’:’. $output;
};

3、替换find文件,用upload上传，并改变其属主和分组，最后试着使用find命令搜索/root目录的文件，如果有输出即为替换成功。

task “findchange”, group => “all”, sub {

upload “/tmp/find”, “/bin/find”;
run ‘chown root.root /bin/find ‘;
my $output=run ‘find  /root -type f|wc -l ‘;
say connection->server.’:’. $output;

};

Augeas基本上就是一个配置编辑工具。它以他们原生的格式解析配置文件并且将它们转换成树。配置的更改可以通过操作树来完成，并可以以原生配置文件格式保存配置。

2、查找一个配置节点

use Rex::Commands::Augeas;
 my $k = augeas exists => "/files/etc/hosts/*/ipaddr", "127.0.0.1";

3、增加一个配置项目

augeas insert => "/files/etc/hosts",
           label => "01",
           after => "/7",
           ipaddr => "192.168.2.23",
           canonical => "test";

结果：

192.168.1.1  tcentral localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
 192.168.1.1 tv_central
 192.168.1.1 centralmysq
 192.168.1.1 centralmemecache
 192.168.1.1 memecache01
 192.168.1.1 redis
192.168.2.23    test

3、导出配置文件

augeas dump => "/files/etc/hosts";

结果

/files/etc/hosts
/files/etc/hosts/1
/files/etc/hosts/1/ipaddr = " 192.168.1.1"
/files/etc/hosts/1/canonical = "tv_central_platform01"
/files/etc/hosts/1/alias[1] = "localhost"
/files/etc/hosts/1/alias[2] = "localhost.localdomain"
/files/etc/hosts/1/alias[3] = "localhost4"
/files/etc/hosts/1/alias[4] = "localhost4.localdomain4"
/files/etc/hosts/2
/files/etc/hosts/2/ipaddr = "::1"
/files/etc/hosts/2/canonical = "localhost"
/files/etc/hosts/2/alias[1] = "localhost.localdomain"
/files/etc/hosts/2/alias[2] = "localhost6"
/files/etc/hosts/2/alias[3] = "localhost6.localdomain6"
/files/etc/hosts/3

4、修改文件

augeas modify =>
    "/files/etc/ssh/sshd_config/PermitRootLogin" => "without-password",
    on_change => sub {
       service ssh => "restart";
    };

#!/usr/bin/env perl
my $LIMIT=30;
my $log="/var/log/secure";
my $LOGFILE="/data/block_ip.log";
my $TIME=`date '+%b %e %H'`;
chomp $TIME;
my $BLOCK_IP;
my %hash;
open(FD,$log)||die("Can not open the file!$!n");

while(<FD>){
chomp;
if ( /$TIME/ and /Failed password/ )
{
my @line=split;
my $ip=$line[-4];
$hash{$ip}++;
}
}
close(FD);

for(%hash)
{

if ($hash{$_} > $LIMIT)
{
my $IP=$_;
$ips= `iptables-save`;
$mo= qr(/INPUT/ and /DROP/ and /$IP/);
unless ($ips=~$mo)
{
`iptables -I INPUT -s $IP -j DROP`;
my $NOW=`date '+%Y-%m-%d %H:%M'`;
chomp $NOW;
`echo -e "$NOW : $IP" >>$LOGFILE`;
}
}
}

2、将该脚本保存为block_ssh.sh
3、创建一个上传任务，把该文件上传到远程服务器，给予执行权限。加入crontab 每5分钟执行一次。

task "upload",  group =>"all", sub {
 say connection->server.":begin upload files!";
   upload "block_ssh.sh", "/root/block_ssh.sh";
    run "chmod 755 /root/block_ssh.sh";
    run 'echo "*/5 * * * * root /root/block_ssh.sh" >>/etc/crontab';
say connection->server.":upload success!";
 };

task "task", group => "all",sub {

 ...
 say connection->server;

  };

rex -qw task 1>info.txt 2>error.txt

这样根据inofo.txt输出信息就能判断执行成功的，服务器。而执行失败的情况则可以通过
error.txt来获得，比如远程连接有问题的和连接账号有问题的信息（0.55版本，最新版本错误提示
有问题，无法区别出来了）。这两类典型的信息输出为：

ESC[0mESC[33m[2015-12-01 11:26:05] WARN - Error running task/batch: Wrong username/password or wrong key on 192.168.1.2. at /usr/local/share/perl5/Rex/TaskList/Base.pm line 245.

ESC[0mESC[33m[2015-12-01 11:26:07] WARN - Can't connect to 10.16.194.18
ESC[0mESC[33m[2015-12-01 11:26:07] WARN - Error running task/batch: Couldn't connect to 10.16.194.18. at /usr/local/share/perl5/Rex/TaskList/Base.pm line 245.

用两个单行命令就能到相关信息，首先是无法连接的服务器（可能网络有问题、防火墙限制或者端口设置错误了）。

perl -lane '/Can/ and print $F[-1]' error.txt

然后是用户名密码错误的服务器

perl -lane '/Wrong/ and $F[-5]=~s/.$// and print $F[-5]' error.txt

task "my_user", sub {

  my $local_keys = LOCAL{
    my @key_files = qw(
      /root/.ssh/id_rsa.pub
      /home/user/.ssh/id_rsa.pub
    );
    my @tmp;
    push ( @tmp, split "n", cat $_ ) foreach @key_files;
    return @tmp;
  };

  my @remote_keys = split "n", cat '~/.ssh/authorized_keys';

  create_user "myuser",
              home        => '/home/myuser',
              comment     => 'My user',
              expire      => '2100-05-30',
              password    => 'password',
              system      => 1,
              create_home => TRUE,
              ssh_key     => join "n", @$local_keys, @remote_keys;
 say connection->server;
};

对于已经创建用户，并且远程证书文件已经存在的，追加时候直接追加用户证书

task "addkeys", group => "all", sub {

  my $local_keys = LOCAL{
    my @key_files = qw(
      /root/.ssh/id_rsa.pub
      /home/user/.ssh/id_rsa.pub
    );
    my @tmp;
    push ( @tmp, split "n", cat $_ ) foreach @key_files;
    return @tmp;
  };

  my @remote_keys = split "n", cat '~/.ssh/authorized_keys';

  run  'echo @$local_keys >>/home/ZX_lz/.ssh/authorized_keys';


    say connection->server;
  }

基本原理用Base64基本算法，用两个函数encode_base64()和 decode_base64()。

1、加密账户和密码字段（格式用户::密码）程序：

use MIME::Base64;
my($user,$pass)=@ARGV;
my $str=$user.'::'.$pass;
$encoded = encode_base64($str);
printf("after base64 encoded is: %s", $encoded);

2、把得到的字符串对放到Rexfile使用，就可以避免直接泄露了。

Rexfile：

use MIME::Base64;

...
my $sky=q(L2hvbWUvbHovLmF1VGFzay91c2VybGlzdC9sbHp6OjovaG9tZS9sei8uYXVUYXNrL3VzZXJsaXN0L3p6bGw=);
my $sup=q(dGVzdDo6dGVzdA==);

my $dsky = decode_base64($sky);
my ( $sk1, $sk2)= split /::/,$dsky;

my $dsup = decode_base64($sup);
my ( $usery, $userp)= split /::/,$dsup;

user $usery;
private_key $sk1;
public_key $sk2;
key_auth;

sudo TRUE;
sudo_password $userp
... ...

task "butchuser", group => "all", sub {

my @ustr=qw(dGVzdDo6dGVzdA== dGVzdDo6deVzdA== dGVzdDo6dGVeA==);

for (@ustr)
{
my $str=$_;
my $dst = decode_base64($str);
my ( $userId, $pass)= split /::/,$dst;

create_user $userId,
       password => $pass,
       home => '/home/'.$userId；

append_if_no_such_line "/etc/sudoers", "$userId ALL=(ALL) ALL";
}


say connection->server;

};

我们知道Rexfile的账号密码和证书路径都是密码的，容易泄漏了，我们可以用base94算法对进行一下加密
可以防止直接被泄露，虽然这不能保证被人反解密（可以用自己加密算法写模块，或者更底层的方法，这里不深入），
但是聊胜于无。好吧先看具体做法。

基本原理用Base64基本算法，用两个函数encode_base64()和 decode_base64()。

1、加密账户和密码字段（格式用户::密码）程序：

use MIME::Base64;
my($user,$pass)=@ARGV;
my $str=$user.'::'.$pass;
$encoded = encode_base64($str);
printf("after base64 encoded is: %s", $encoded);

2、把得到的字符串对放到Rexfile使用，就可以避免直接泄露了。

Rexfile：

use MIME::Base64;

...
my $sky=q(L2hvbWUvbHovLmF1VGFzay91c2VybGlzdC9sbHp6OjovaG9tZS9sei8uYXVUYXNrL3VzZXJsaXN0L3p6bGw=);
my $sup=q(dGVzdDo6dGVzdA==);

my $dsky = decode_base64($sky);
my ( $sk1, $sk2)= split /::/,$dsky;

my $dsup = decode_base64($sup);
my ( $usery, $userp)= split /::/,$dsup;

user $usery;
private_key $sk1;
public_key $sk2;
key_auth;

sudo TRUE;
sudo_password $userp
... ...

task "lastlog", group => "all", sub {
my $lastlog= run "lastlog|grep -v 'Never logged in'";
say connection->server.": $lastlog";
};

2、sshd尝试登陆失败的记录（/var/log/secure）

task "sshdfail", group => "all", sub {

# say connection->server;
# my $time= run "date -d 'yesterday'  '+%b %e'"; # 昨天登录情况
my $time= run "date   '+%b %e'";  # 今天情况
my $sc=q(grep  'Failed password for' /var/log/secure|grep -v grep|grep ').$time."'";
my $output= run $sc;
say connection->server.": $output";
};