I'm writing a comprehensive security audit script for my own use that I want to use remotely from my workstation to various systems I administer. I'm writing the script in Perl and it runs several ssh commands against the remote system and then formats the results. To facilitate all the ssh authentication, I have copied my public key out to my accounts on all these systems and I'm running this script under an ssh-agent with my private key added to the sessions, therefore I never have to enter a password for all these ssh connections.

Okay, with the background out of the way it's down to brass tacks. I'm trying to limit my bandwidth usage as much as possible, so the less screwing around on the remote system, the better. One of the commands I created, however, is really giving me some real problems. It's obviously a shell / syntax incompatibility due to much of the punctuation, but I don't know how to get around it. This particular routine is a slick command-line one-liner to yank all the UID 0 accounts out of the password file and return them. On a standard command-line, it would look like this:

perl -F: -ane 'print if !$F[2];' /etc/passwd

Using any non-C style shell (i.e. ksh, sh, or bash), this will work fine. If you're using a C-style shell (i.e. csh, or tcsh), you'll need to make one modification:

perl -F: -ane 'print if not $F[2];' /etc/passwd

I'm trying to use some variation of this line in my script to avoid multiple command steps of breaking apart the passwd file, searching for UID 0 users and returning the results using a more conventional method. All myattempts, however, have failed. Here's what I have tried:

my $response = system("/usr/bin/ssh system.name.domain.com /usr/bin/perl -F: -ane 'print if not $F[2];' /etc/passwd");

This gives me the error:


Name "main::F" used only once: possible typo at ./audit line 17.
Use of uninitialized value in concatenation (.) or string at ./audit line 17.
Can't open if: No such file or directory
Can't open not: No such file or directory
ksh: /etc/passwd: cannot execute


I also tried this:

my $response = `/usr/bin/ssh $system \"/usr/bin/perl -F: -ane 'print if not @F[2];' /etc/passwd\"`;

Thinking that the punctuation was causing most of the problems, you'll notice I tried to use escaped quotes to enclose the entire statement without success. I also had to replace the dollar sign with the @ sign to get around the F being treated as a shell variable. This didn't work either. In fact, the error I got was:


Scalar value @F[2] better written as $F[2] at ./audit line 16.
Possible unintended interpolation of @F in string at ./audit line 16.
Name "main::F" used only once: possible typo at ./audit line 16.
Use of uninitialized value in join or string at ./audit line 16.
syntax error at -e line 1, near "not ;"
Execution of -e aborted due to compilation errors.


I know this is a pretty specific problem, but does anyone have any suggestions on how I can better format that statement so that it will work?