script needed
Chris St. Pierre
stpierre at NebrWesleyan.edu
Tue Aug 16 20:10:10 UTC 2005
Here's the command you'll need for your first question:
$ man awk
And for your second question:
$ man grep
HTH.
Chris St. Pierre
Unix Systems Administrator
Nebraska Wesleyan University
On Tue, 16 Aug 2005, kmail wrote:
>thanks to all, I tried it but I got (1.2.3.4[1.2.3.4]) as result, how can I
>parse the ip inorder to add it to hosts.deny?
>
>also, how to ignore monitoring ip if I have them listed in a test file.
>
>thank you
>
>----- Original Message -----
>From: "Michael Velez" <mikev777 at hotmail.com>
>To: "'General Red Hat Linux discussion list'" <redhat-list at redhat.com>
>Sent: Friday, August 05, 2005 4:02 PM
>Subject: RE: script needed
>
>
>>
>>
>> > -----Original Message-----
>> > From: redhat-list-bounces at redhat.com
>> > [mailto:redhat-list-bounces at redhat.com] On Behalf Of Shaw, Marco
>> > Sent: Friday, August 05, 2005 8:32 AM
>> > To: General Red Hat Linux discussion list
>> > Subject: RE: script needed
>> >
>> > > #!/bin/bash
>> > >
>> > > IPADDRLIST=`tail -50 /var/log/messages | grep "<line
>> > > pattern>" | awk '{print
>> > > $<ip addr field number>}' | sort | uniq`
>> > >
>> > > for IPADDR in $IPADDRLIST
>> > > do
>> > > IPADDRCNT=`tail -50 /var/log/messages | grep "<line
>> > > pattern>" | grep
>> > > -c $IPADDR`
>> > >
>> > > if [[ $IPADDRCNT -ge 10 ]]
>> > > then
>> > > EXISTS=`grep -c $IPADDR /etc/hosts.deny`
>> > >
>> > > if [[ $EXISTS -eq 0 ]]
>> > > then
>> > > echo $IPADDR >> /etc/hosts.deny
>> > > fi
>> > > fi
>> > > done
>> >
>> > It's a slow Friday at work... ;-)
>> >
>> > Sorry, I think I found another little problem.
>> >
>> > Here: EXISTS=`grep -c $IPADDR /etc/hosts.deny`
>> >
>> > You might grep for 10.10.10.10 in /etc/hosts.deny, which
>> > would also match possibly an existing 10.10.10.100 entry by error.
>> >
>> > I think you may have to go with changing this line to something like:
>> >
>> > EXISTS=`grep -c "^${IPADDR}$" /etc/hosts.deny`
>> >
>> > I realize your script is just supposed to be somewhat of a guide.
>> >
>> > Sorry again, for the critiques (spelling?).
>> >
>> > Marco
>>
>> Yes, my script is only supposed to point in the right direction. I only
>> took a quick stab at it.
>>
>> That said, you are correct. Your solution would work. That doesn't mean
>> the script still won't need changing.
>>
>> I appreciate the critique as I wouldn't want anybody to think the script I
>> wrote was the final answer. Just goes to the point as to how much or
>little
>> one should offer in an answer. My fault, my oversight.
>>
>> It would be up to anybody who is putting something into operation to
>verify
>> the solution deals correctly with all eventualities, especially if the
>> solution comes from a relatively unknown entity.
>>
>> That said, since I usually respond to scripting questions, from now on,
>I'll
>> put a disclaimer mentioning the lack of rigor that goes into writing
>> something that is meant to help people think about the structure of the
>> script, as opposed to the details.
>>
>> I am glad you critiqued the script, though, as you were correct in
>pointing
>> out the oversight and as it prompted me to write the above. I guess
>that's
>> what the entire mailing list is for.
>>
>> Thanks,
>> Michael
>>
>> --
>> redhat-list mailing list
>> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
>> https://www.redhat.com/mailman/listinfo/redhat-list
>>
>> ---
>> This message has been scanned for viruses and dangerous content by
>MailScanner
>> and is believed to be clean.
>
>
>--
>redhat-list mailing list
>unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
>https://www.redhat.com/mailman/listinfo/redhat-list
>
More information about the redhat-list
mailing list