Giter Club home page Giter Club logo

nanoexec's Introduction

nanoexec - nanomsg based command execution

This repository contains a simple client/server "thing" which allows for the execution of remote commands via a shared nanomsg queue.

In brief:

  • There is a central host which creates a queue through which commands can be broadcast.
  • There are an arbitrary number of listeners, which subscribe to the master-queue.
    • When a message is seen for the current host it will be executed.

How is this useful? Well it could allow client-side operations to be remotely initiated by a central host.

For example I have a sysadmin tool called Slaughter, which is something like cfengine, but without the client-server part. Each host must have a crontab entry installed to run the tool once an hour or so.

If this system were installed on all managed nodes then the central hub could instruct them to trigger execution immediately.

Setup

One host will be called "master.example.com", that is the central host.

All other hosts will connect to this host, and await the arrival of messages. When a message is received it will be executed via system().

On each host you wish to be able to receive/execute commands you should compile and execute nanoexec, specifying the details of the master.

For example:

# ./nanoexec tcp://master.example.com:4444
Filtering on hostname: host1.example.com

On the master host itself you can now inject commands to any of the listening hosts:

# ./nanotrigger --host=host1.example.com --command=uptime

If you want to mass-broadcast you could also use the magic string "ALL":

# ./nanotrigger --host=ALL --command=uptime

Security

The agents that listen for messages will connect to the master host, and will not themselves listen upon the network.

The master node will have to have a port open for communiction, 4444 in the examples above. To restrict the attack surface you'll almost certainly want to open that port only to hosts that you expect to connect to it.

NOTE If you choose a high-port for the connection then it is not necessary to run either the listener or the injector as root.

If you launch nanoexec as root you can configure it to drop permissions to the given user via the --user argument, for example:

# ./nanoexec --user=nobody tcp://master.example.com:4444

Building

There is a debian package of the nanomsg library, it is not available for Wheezy but backports cleanly.

I've produced a backported library, and a binary release of this repository which you can find here:

Steve

nanoexec's People

Contributors

skx avatar

Watchers

James Cloos avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.