script needed

Michael Velez mikev777 at hotmail.com
Wed Aug 17 07:27:49 UTC 2005 

> -----Original Message-----
> From: redhat-list-bounces at redhat.com 
> [mailto:redhat-list-bounces at redhat.com] On Behalf Of kmail
> Sent: Tuesday, August 16, 2005 4:18 AM
> To: General Red Hat Linux discussion list
> Subject: Re: script needed
> 
> thanks to all, I tried  it but I got (1.2.3.4[1.2.3.4]) as 
> result, how can I parse the ip inorder to add it to hosts.deny?
> 
> also, how to ignore monitoring ip if I have them listed in a 
> test file.
> 
> thank you
> 

To further parse that line and get the IP address between the '(' and '[',
you can add these awk components into the pipe:

awk -F"(" '{print $2}' | awk -F[ '{print $1}' 

The -F option tells awk which character delimits a field.

However, as I mentioned in my first e-mail, I do not know the exact format
of the line you are searching for.  If the line will always produce the same
format as you mentioned in your e-mail (with the IP address in the same
location), then the above should work.  However, it is up to you to verify
this would work 100% of the time.

As the parsing you're asking for is relatively simple, I offered the line
above; however, a 100% correct solution can only be guaranteed through a
careful review/research (by the end user) of all details.

As for your second question, I may have misunderstood your question but it
seems the answer is already in the script.  The code will check if the IP
address exists on one line in the file /etc/hosts.deny.  If it does not
exist then append the IP address to the hosts.deny file.  If you want to
check another test file, simply replace /etc/hosts.deny with the name of
your test file on the grep line.

As a final point, in order to ensure 11.2.3.4 will not be confused with
1.2.3.4 when you grep (as pointed out by Marco Shaw), replace this line:

IPADDRCNT=`tail -50 /var/log/messages | grep "<linepattern>" | grep -c
$IPADDR`

with this line:

IPADDRCNT=`tail -50 /var/log/messages | grep "<linepattern>" | grep -c
"($IPADDR\["`

This will delimit the IP address as per your format you gave in your e-mail,
with a "(" at the beginning and "[" at the end.

Again, I can't stress more that you need to verify this script will work
100% yourself.  I used to teach unix scripting so I don't mind helping out
if the solution is simple, but you need to be 100% comfortable that you know
what this script is doing and that it does what you want, before you put it
in operation.

If you have any more questions, I would suggest you do the research yourself
to familiarize yourself with the script.

Michael

More information about the redhat-list mailing list