script needed
Michael Velez
mikev777 at hotmail.com
Wed Aug 17 07:27:49 UTC 2005
> -----Original Message-----
> From: redhat-list-bounces at redhat.com
> [mailto:redhat-list-bounces at redhat.com] On Behalf Of kmail
> Sent: Tuesday, August 16, 2005 4:18 AM
> To: General Red Hat Linux discussion list
> Subject: Re: script needed
>
> thanks to all, I tried it but I got (1.2.3.4[1.2.3.4]) as
> result, how can I parse the ip inorder to add it to hosts.deny?
>
> also, how to ignore monitoring ip if I have them listed in a
> test file.
>
> thank you
>
To further parse that line and get the IP address between the '(' and '[',
you can add these awk components into the pipe:
awk -F"(" '{print $2}' | awk -F[ '{print $1}'
The -F option tells awk which character delimits a field.
However, as I mentioned in my first e-mail, I do not know the exact format
of the line you are searching for. If the line will always produce the same
format as you mentioned in your e-mail (with the IP address in the same
location), then the above should work. However, it is up to you to verify
this would work 100% of the time.
As the parsing you're asking for is relatively simple, I offered the line
above; however, a 100% correct solution can only be guaranteed through a
careful review/research (by the end user) of all details.
As for your second question, I may have misunderstood your question but it
seems the answer is already in the script. The code will check if the IP
address exists on one line in the file /etc/hosts.deny. If it does not
exist then append the IP address to the hosts.deny file. If you want to
check another test file, simply replace /etc/hosts.deny with the name of
your test file on the grep line.
As a final point, in order to ensure 11.2.3.4 will not be confused with
1.2.3.4 when you grep (as pointed out by Marco Shaw), replace this line:
IPADDRCNT=`tail -50 /var/log/messages | grep "<linepattern>" | grep -c
$IPADDR`
with this line:
IPADDRCNT=`tail -50 /var/log/messages | grep "<linepattern>" | grep -c
"($IPADDR\["`
This will delimit the IP address as per your format you gave in your e-mail,
with a "(" at the beginning and "[" at the end.
Again, I can't stress more that you need to verify this script will work
100% yourself. I used to teach unix scripting so I don't mind helping out
if the solution is simple, but you need to be 100% comfortable that you know
what this script is doing and that it does what you want, before you put it
in operation.
If you have any more questions, I would suggest you do the research yourself
to familiarize yourself with the script.
Michael
More information about the redhat-list
mailing list