script needed

Tue Aug 16 08:17:45 UTC 2005

thanks to all, I tried  it but I got (1.2.3.4[1.2.3.4]) as result, how can I
parse the ip inorder to add it to hosts.deny?

also, how to ignore monitoring ip if I have them listed in a test file.

thank you

----- Original Message ----- 
From: "Michael Velez" <mikev777 at hotmail.com>
To: "'General Red Hat Linux discussion list'" <redhat-list at redhat.com>
Sent: Friday, August 05, 2005 4:02 PM
Subject: RE: script needed

>
>
> > -----Original Message-----
> > From: redhat-list-bounces at redhat.com
> > [mailto:redhat-list-bounces at redhat.com] On Behalf Of Shaw, Marco
> > Sent: Friday, August 05, 2005 8:32 AM
> > To: General Red Hat Linux discussion list
> > Subject: RE: script needed
> >
> > > #!/bin/bash
> > >
> > > IPADDRLIST=`tail -50 /var/log/messages | grep "<line
> > > pattern>" | awk '{print
> > > $<ip addr field number>}' | sort | uniq`
> > >
> > > for IPADDR in $IPADDRLIST
> > > do
> > > IPADDRCNT=`tail -50 /var/log/messages | grep "<line
> > > pattern>" | grep
> > > -c $IPADDR`
> > >
> > > if [[ $IPADDRCNT -ge 10 ]]
> > > then
> > > EXISTS=`grep -c $IPADDR /etc/hosts.deny`
> > >
> > > if [[ $EXISTS -eq 0 ]]
> > > then
> > > echo $IPADDR >> /etc/hosts.deny
> > > fi
> > > fi
> > > done
> >
> > It's a slow Friday at work... ;-)
> >
> > Sorry, I think I found another little problem.
> >
> > Here: EXISTS=`grep -c $IPADDR /etc/hosts.deny`
> >
> > You might grep for 10.10.10.10 in /etc/hosts.deny, which
> > would also match possibly an existing 10.10.10.100 entry by error.
> >
> > I think you may have to go with changing this line to something like:
> >
> > EXISTS=`grep -c "^${IPADDR}$" /etc/hosts.deny`
> >
> > I realize your script is just supposed to be somewhat of a guide.
> >
> > Sorry again, for the critiques (spelling?).
> >
> > Marco
>
> Yes, my script is only supposed to point in the right direction.  I only
> took a quick stab at it.
>
> That said, you are correct.  Your solution would work.  That doesn't mean
> the script still won't need changing.
>
> I appreciate the critique as I wouldn't want anybody to think the script I
> wrote was the final answer.  Just goes to the point as to how much or
little
> one should offer in an answer.  My fault, my oversight.
>
> It would be up to anybody who is putting something into operation to
verify
> the solution deals correctly with all eventualities, especially if the
> solution comes from a relatively unknown entity.
>
> That said, since I usually respond to scripting questions, from now on,
I'll
> put a disclaimer mentioning the lack of rigor that goes into writing
> something that is meant to help people think about the structure of the
> script, as opposed to the details.
>
> I am glad you critiqued the script, though, as you were correct in
pointing
> out the oversight and as it prompted me to write the above.  I guess
that's
> what the entire mailing list is for.
>
> Thanks,
> Michael
>
> -- 
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>
> ---
> This message has been scanned for viruses and dangerous content by
MailScanner
> and is believed to be clean.