#!/usr/bin/expect -d
set timeout -1
spawn ossec-hids-2.4.1/install.sh
expect "en/br/cn/de"
send "en\r"
expect "Press ENTER to continue"
send "\r"
expect "What kind of installation"
send "local\r"
expect "Choose where to install the OSSEC HIDS"
send "\r"
expect "Do you want e-mail notification"
send "y\r"
expect "your e-mail address"
send "root@localhost\r"
expect "Do you want to use it"
send "y\r"
expect "Do you want to run the integrity check daemon"
send "y\r"
expect "Do you want to run the rootkit detection engine"
send "y\r"
expect "Do you want to enable active response"
send "y\r"
expect "Do you want to enable the firewall-drop response"
send "y\r"
expect "Do you want to add more IPs to the white list"
send "n\r"
expect "Press ENTER to continue"
send "\r"
expect "Press ENTER to finish"
send "\r"
expect eof

alias sshwww='ssh john@www.example.com'

What about you have 100s of www servers:

sshwww() { ssh "john@$1".example.com; }

Usage: "sshwww web1", "sshwww web2"

Even more, you can su directly to root from john:
sshroot() { ssh "john@$1".example.com "su"; }

Usage: "sshroot web1", "sshroot web2"

php -r "echo crypt('myplaintextpassword123');"

useradd -m -p "$1$abJez234$fD4Dn4IrG3Hzeas3hBjIb0" -d /home/john -s /bin/bash john

su -c "mysql -e 'SHOW STATUS;' "

This will return the status of mysql. Now you can run this via a regular user, then su, then mysql. You'll be asked for password twice, one for the regular user, one for root.

ssh nonroot@server "su -c \"mysql -e 'SHOW STATUS;' \""

You'll get "standard in must be a tty" error. Too bad! Nice concept but does not work like this. Now to solve this, I've seen some suggestion to use an expect script but not supplying the root password automatically. The expect script will ask for the password.

Update: no need for expect script, with just an ssh option "-t" to force it to ask for a tty (see man page for description). So the solution is this:

ssh -t nonroot@server "su -c \"mysql -e 'SHOW STATUS;' \""

Security is still there, you'll be asked for two different passwords, but you can now write a script to guide the process flow as you expected and not having to teach/say/request/instruct users to type in a certain command (eg: then type su, then type your xxx command). Love it eh!

Run of Puppet configuration client already in progress; skipping

Problem: the lock file is not removed properly. It's a known bug: http://projects.reductivelabs.com/issues/2888

Solution: manually remove /var/lib/puppet/state/puppetdlock
Also, you might need to check /var/run/ for the pid and delete/kill the process if it's indeed running

Solution: add Listen 127.0.0.1:80 to your httpd.conf, it should be the first line before other Listen's statements

You might want to add exceptions or slowly introduce the rulesets. Some core rules are very specific and might not work for your case.

#Include modsecurity.d/base_rules/modsecurity_crs_20_protocol_violations.conf
#Include modsecurity.d/base_rules/modsecurity_crs_21_protocol_anomalies.conf
#Include modsecurity.d/base_rules/modsecurity_crs_23_request_limits.conf
#Include modsecurity.d/base_rules/modsecurity_crs_30_http_policy.conf
#Include modsecurity.d/base_rules/modsecurity_crs_35_bad_robots.conf
#Include modsecurity.d/base_rules/modsecurity_crs_40_generic_attacks.conf
#Include modsecurity.d/base_rules/modsecurity_crs_41_phpids_converter.conf
#Include modsecurity.d/base_rules/modsecurity_crs_41_phpids_filters.conf
#Include modsecurity.d/base_rules/modsecurity_crs_41_sql_injection_attacks.conf
#Include modsecurity.d/base_rules/modsecurity_crs_41_xss_attacks.conf
#Include modsecurity.d/base_rules/modsecurity_crs_42_tight_security.conf
#Include modsecurity.d/base_rules/modsecurity_crs_45_trojans.conf
#Include modsecurity.d/base_rules/modsecurity_crs_47_common_exceptions.conf
#Include modsecurity.d/base_rules/modsecurity_crs_48_local_exceptions.conf
#Include modsecurity.d/base_rules/modsecurity_crs_49_enforcement.conf
#Include modsecurity.d/base_rules/modsecurity_crs_49_inbound_blocking.conf
#Include modsecurity.d/base_rules/modsecurity_crs_50_outbound.conf
#Include modsecurity.d/base_rules/modsecurity_crs_59_outbound_blocking.conf
#Include modsecurity.d/base_rules/modsecurity_crs_60_correlation.conf

Some example exceptions

# avoid for Apache dummy internal connection
SecRule REMOTE_ADDR "^127\.0\.0\.1$" phase:1,nolog,allow,ctl:ruleEngine=Off

# turn off for this file
SecRule REQUEST_BASENAME "^special\.php$" phase:1,nolog,allow,ctl:ruleEngine=Off

# certain agents do not send Accept header and it's okay, I don't need to see those errors
SecRule REQUEST_HEADERS:User-Agent "SomeAgentString" phase:1,nolog,pass,ctl:ruleRemoveById=960015

1. Apache: http://apache.hoxt.com/
2. PuTTY: http://putty.hoxt.com/
3. ProFTPD: http://proftpd.hoxt.com/
4. Linux Virtual Server: http://lvs.hoxt.com/
5. Linux Documentation Project: http://ldp.hoxt.com/
6. cURL: http://curl.hoxt.com/
7. CPAN: http://cpan.hoxt.com/
8. OpenSSL: http://openssl.hoxt.com/
9. PHP: http://php.hoxt.com/

rsync mirroring commands

These mirrors are created and synced with the following commands:

==> rsync.apache.sh <==
rsync -rtlzv --progress --delete rsync.apache.org::apache-dist /home/mirrors/apache

==> rsync.centos.sh <==
rsync --progress -azHv --delete --bwlimit=600 us-msync.centos.org::CentOS /home/mirrors/centos

==> rsync.cpan.sh <==
rsync --progress -av --delete rsync.nic.funet.fi::CPAN /home/mirrors/cpan

==> rsync.curl.sh <==
rsync --progress -r -t -z --delete "rsync://cool.haxx.se/curlweb/*" /home/mirrors/curl/
rsync --progress -z -t --delete "rsync://cool.haxx.se/curldownload/*" /home/mirrors/curl/download/

==> rsync.kde.sh <==
rsync --progress -za --timeout=3600 --delete rsync.kde.org::www /home/mirrors/kde

==> rsync.ldp.sh <==
rsync -rlptv --progress --delete ftp.ibiblio.org::ldp_mirror /home/mirrors/ldp

==> rsync.lvs.sh <==
rsync --progress -auvz --delete rsync.linuxvirtualserver.org::w3lvs /home/mirrors/lvs

==> rsync.mozilla.sh <==
rsync --progress -az --delete --delete-after ftp-rsync.mozilla.org::mozilla-releases/ /home/mirrors/mozilla

==> rsync.mysql.sh <==
rsync --progress -av --delete --delete-after rsync://mysql.mirrors.pair.com/mysql/ /home/mirrors/mysql

==> rsync.openssl.sh <==
rsync --progress -rztpv --delete rsync://ftp.openssl.org/openssl-ftp/ /home/mirrors/openssl/openssl-ftp
rsync --progress -rztpv --delete rsync://ftp.openssl.org/openssl-web/ /home/mirrors/openssl/openssl-web

==> rsync.php.sh <==
rsync -avzC --progress --timeout=600 --delete --delete-after --include='manual/en/' --include='manual/en/**' --exclude='manual/**' --exclude='distributions/**' --exclude='extra/**' rsync.php.net::phpweb /home/mirrors/php

==> rsync.proftpd.sh <==
rsync --progress --recursive --times --links --compress --delete rsync.proftpd.org::proftpd-www /home/mirrors/proftpd

==> rsync.putty.sh <==
rsync -auHv --progress rsync://rsync.chiark.greenend.org.uk/ftp/users/sgtatham/putty-website-mirror/ /home/mirrors/putty