Here's the command you'll need for your first question: $ man awk And for your second question: $ man grep HTH. Chris St. Pierre Unix Systems Administrator Nebraska Wesleyan University On Tue, 16 Aug 2005, kmail wrote: >thanks to all, I tried it but I got (1.2.3.4[1.2.3.4]) as result, how can I >parse the ip inorder to add it to hosts.deny? > >also, how to ignore monitoring ip if I have them listed in a test file. > >thank you > >----- Original Message ----- >From: "Michael Velez" <mikev777@xxxxxxxxxxx> >To: "'General Red Hat Linux discussion list'" <redhat-list@xxxxxxxxxx> >Sent: Friday, August 05, 2005 4:02 PM >Subject: RE: script needed > > >> >> >> > -----Original Message----- >> > From: redhat-list-bounces@xxxxxxxxxx >> > [mailto:redhat-list-bounces@xxxxxxxxxx] On Behalf Of Shaw, Marco >> > Sent: Friday, August 05, 2005 8:32 AM >> > To: General Red Hat Linux discussion list >> > Subject: RE: script needed >> > >> > > #!/bin/bash >> > > >> > > IPADDRLIST=`tail -50 /var/log/messages | grep "<line >> > > pattern>" | awk '{print >> > > $<ip addr field number>}' | sort | uniq` >> > > >> > > for IPADDR in $IPADDRLIST >> > > do >> > > IPADDRCNT=`tail -50 /var/log/messages | grep "<line >> > > pattern>" | grep >> > > -c $IPADDR` >> > > >> > > if [[ $IPADDRCNT -ge 10 ]] >> > > then >> > > EXISTS=`grep -c $IPADDR /etc/hosts.deny` >> > > >> > > if [[ $EXISTS -eq 0 ]] >> > > then >> > > echo $IPADDR >> /etc/hosts.deny >> > > fi >> > > fi >> > > done >> > >> > It's a slow Friday at work... ;-) >> > >> > Sorry, I think I found another little problem. >> > >> > Here: EXISTS=`grep -c $IPADDR /etc/hosts.deny` >> > >> > You might grep for 10.10.10.10 in /etc/hosts.deny, which >> > would also match possibly an existing 10.10.10.100 entry by error. >> > >> > I think you may have to go with changing this line to something like: >> > >> > EXISTS=`grep -c "^${IPADDR}$" /etc/hosts.deny` >> > >> > I realize your script is just supposed to be somewhat of a guide. >> > >> > Sorry again, for the critiques (spelling?). >> > >> > Marco >> >> Yes, my script is only supposed to point in the right direction. I only >> took a quick stab at it. >> >> That said, you are correct. Your solution would work. That doesn't mean >> the script still won't need changing. >> >> I appreciate the critique as I wouldn't want anybody to think the script I >> wrote was the final answer. Just goes to the point as to how much or >little >> one should offer in an answer. My fault, my oversight. >> >> It would be up to anybody who is putting something into operation to >verify >> the solution deals correctly with all eventualities, especially if the >> solution comes from a relatively unknown entity. >> >> That said, since I usually respond to scripting questions, from now on, >I'll >> put a disclaimer mentioning the lack of rigor that goes into writing >> something that is meant to help people think about the structure of the >> script, as opposed to the details. >> >> I am glad you critiqued the script, though, as you were correct in >pointing >> out the oversight and as it prompted me to write the above. I guess >that's >> what the entire mailing list is for. >> >> Thanks, >> Michael >> >> -- >> redhat-list mailing list >> unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe >> https://www.redhat.com/mailman/listinfo/redhat-list >> >> --- >> This message has been scanned for viruses and dangerous content by >MailScanner >> and is believed to be clean. > > >-- >redhat-list mailing list >unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe >https://www.redhat.com/mailman/listinfo/redhat-list > -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
