Name

scanslave -- invoke scanhosts on a scanning node

Synopsis

scanslave [-Hh] [-A authmode] [-d dir] [-n N] [-p post] [-r remote] scan chunkfile [-- scanhost-args]

Description

The scanslave utility is part of the “scanmaster” suite of scripts. It represents the portion of the process that runs on each scanning node and invokes scanhosts(1) . It takes as input the name of a scan and the socalled chunkfile containing the subset of hosts this scanning node should work on.

scanslave supports the following command-line options:

-A authmode

Specify the authentication mode. Valid options are “all", “password” and “pubkey". This is passed on to the scanshosts(1) command.

-H

Do not use the headless user for ssh connections.

-d dir

The directory under which scanslave should create all output. Preferably this is on an NFS share amongst all scanning nodes, though this is not a technical requirement (it just makes postprocessing of the scan results an order of magnitude easier). If not specified, defaults to “/mnt/scanmaster".

-n N

The number of jobs scanhosts(1) should execute via its -n flag. If not specified, defaults to 175.

-p post

The location of the script to be passed to scanhosts(1) as the post-processing script. If not specified, defaults to “./post.chunk.sh".

-r remote

The location of the script to be passed to scanhosts(1) as the script to execute on the remote hosts. If not specified, defaults to “./remote.sh".

It furthermore takes two mandatory arguments:

scan

The name of the scan. This name is used in a number of places to generate output directories and files.

chunkfile

The path to the file containing the hostnames to be scanned.

Any additional arguments are passed on to scanhosts(1) . However, since scanslave already uses the following flags, they should not be provided as this may lead to undefined results: -n, -f, -o, -s, -p, -r.

Details

Upon invocation, scanslave sets a few variables based on the environment (see below). It then starts an ssh-agent(1) and invokes ssh-add(1) , passing the value of the environment variable SSH_ADD_FLAGS. Next, it creates the output directories in the preferably shared location, adds a crontab entry for tkill(1) and eventually kicks off scanhosts(1) via autopw(1) . When the scanhosts process has terminated, the ssh-agent is killed and the crontab entries removed.

Examples

The following examples illustrate common usage of this tool.

To run a scan named “scan1", reading a list of hosts to scan from the file “/tmp/input.list” with the script “remote.sh” from the current working directory to be executed and the script “../post.chunk.sh” used as a per-chunk post script:

scanslave -r ./remote.sh -p ../post.chunk.sh \ scan1 /tmp/input.list

To run the same scan but pass the flags “-I” and “-S” to scanhosts(1) (which is useful when connecting to hosts that are reached via a tunnel, such as vault hosts):

scanslave -r ./remote.sh -p ../post.chunk.sh \ scan1 /tmp/input.list -- -I -S

Environment

scanslave honors the following environment variables:

SSH_ADD_FLAGS Flags to be passed to ssh-add(1) . This allows the user to specify custom keys to be added.

TMPDIR

The location of a temporary directory. If not specified, defaults to “/tmp".

See Also

autopw(1) , checkhosts(1) , scanhosts(1) , ssh-agent(1) , ssh-add(1) , tkill(1)

History

The scanslave utility was originally written by Jan Schaumann <jschauma@yahoo-inc.com> in July 2007 as “cmd.chunk".

Bugs

Please report bugs and feature requests to the author.

Table of Contents

• Name
• Synopsis
• Description
• Details
• Examples
• Environment
• See Also
• History
• Bugs