thanks to all, I tried it but I got (1.2.3.4[1.2.3.4]) as result, how can I parse the ip inorder to add it to hosts.deny? also, how to ignore monitoring ip if I have them listed in a test file. thank you ----- Original Message ----- From: "Michael Velez" <mikev777@xxxxxxxxxxx> To: "'General Red Hat Linux discussion list'" <redhat-list@xxxxxxxxxx> Sent: Friday, August 05, 2005 4:02 PM Subject: RE: script needed > > > > -----Original Message----- > > From: redhat-list-bounces@xxxxxxxxxx > > [mailto:redhat-list-bounces@xxxxxxxxxx] On Behalf Of Shaw, Marco > > Sent: Friday, August 05, 2005 8:32 AM > > To: General Red Hat Linux discussion list > > Subject: RE: script needed > > > > > #!/bin/bash > > > > > > IPADDRLIST=`tail -50 /var/log/messages | grep "<line > > > pattern>" | awk '{print > > > $<ip addr field number>}' | sort | uniq` > > > > > > for IPADDR in $IPADDRLIST > > > do > > > IPADDRCNT=`tail -50 /var/log/messages | grep "<line > > > pattern>" | grep > > > -c $IPADDR` > > > > > > if [[ $IPADDRCNT -ge 10 ]] > > > then > > > EXISTS=`grep -c $IPADDR /etc/hosts.deny` > > > > > > if [[ $EXISTS -eq 0 ]] > > > then > > > echo $IPADDR >> /etc/hosts.deny > > > fi > > > fi > > > done > > > > It's a slow Friday at work... ;-) > > > > Sorry, I think I found another little problem. > > > > Here: EXISTS=`grep -c $IPADDR /etc/hosts.deny` > > > > You might grep for 10.10.10.10 in /etc/hosts.deny, which > > would also match possibly an existing 10.10.10.100 entry by error. > > > > I think you may have to go with changing this line to something like: > > > > EXISTS=`grep -c "^${IPADDR}$" /etc/hosts.deny` > > > > I realize your script is just supposed to be somewhat of a guide. > > > > Sorry again, for the critiques (spelling?). > > > > Marco > > Yes, my script is only supposed to point in the right direction. I only > took a quick stab at it. > > That said, you are correct. Your solution would work. That doesn't mean > the script still won't need changing. > > I appreciate the critique as I wouldn't want anybody to think the script I > wrote was the final answer. Just goes to the point as to how much or little > one should offer in an answer. My fault, my oversight. > > It would be up to anybody who is putting something into operation to verify > the solution deals correctly with all eventualities, especially if the > solution comes from a relatively unknown entity. > > That said, since I usually respond to scripting questions, from now on, I'll > put a disclaimer mentioning the lack of rigor that goes into writing > something that is meant to help people think about the structure of the > script, as opposed to the details. > > I am glad you critiqued the script, though, as you were correct in pointing > out the oversight and as it prompted me to write the above. I guess that's > what the entire mailing list is for. > > Thanks, > Michael > > -- > redhat-list mailing list > unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe > https://www.redhat.com/mailman/listinfo/redhat-list > > --- > This message has been scanned for viruses and dangerous content by MailScanner > and is believed to be clean. -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
