if __name__ =="__main__": dispatch() myFunction() sys.exit(0)
#!/bin/bash OUT=() for a in"$@" do OUT+="$a " done echo -e "$OUT">/tmp/esa_alert.json
As I mentioned above, moving the script server onto the Admin Server opens up a number of possibilities for certain queries and tasks within the NW architecture. Some that come to mind:
pulling host stats and ingesting them as syslog events
better ESA Alert <--> Custom Feed <--> Context-Hub List <-- > ESA Alert enrichment loops
However, one restriction I've been trying to figure out a good solution for is that the Admin Server will run these scripts as the "netwitness" user, and this user has fairly limited access.
I've been kicking around the possibility of adding this user to the sudoers group, possibly adding read/write/execute permissions for this user to specific directories and/or files depending on the use case, or sudo-ing to a different user within the script.
Each of these options present certain risks, so I'd be interested in hearing what other folks might think about these or other possible solutions to run scripts with elevated permissions in as secure a manner as possible.