Mailinglist Archive: opensuse (4053 mails)

< Previous Next >
Re: [SLE] Re: splitting a string
  • From: s_bulterman@xxxxxx
  • Date: Fri, 10 Aug 2001 21:57:24 +0200
  • Message-id: <3B743CA4.D801590C@xxxxxx>

Adapted this nice script for SuSEFirewall2 users..........

<cr-check.sh>
#! /bin/bash

AWK="/usr/bin/awk"
GREP="/usr/bin/grep"
SORT="/usr/bin/sort"
UNIQ="/usr/bin/uniq"


case "$1" in
[p][p][p] | [p][p][p][0-9] | [i][p][p][p][0-9] | [e][t][h] |
[e][t][h][0-9] )
echo "case 0"
ADDRESS=`$GREP "$1" /var/log/firewall | $GREP DPT=80 | $AWK '{print
$9}'| $SORT | \
$AWK -F: '{print $1}' | $UNIQ | $GREP -c -e [0-9]`
ADDRESS2=`$GREP "$1" /var/log/firewall | $GREP DPT=80 | $GREP DROP |
$AWK '{print $9}' | \ $SORT | $AWK -F: '{print $1}' |
$UNIQ | $GREP -c -e [0-9]`
PACKETS=`$GREP "$1" /var/log/firewall | $GREP DPT=80 | $GREP -c -e
[0-9]`
PACKETS2=`$GREP "$1" /var/log/firewall | $GREP DPT=80 | $GREP DROP |
$GREP -c -e [0-9]`
echo "$ADDRESS individual probing machines"
echo "$ADDRESS2 individual dropped machines"
echo "$PACKETS individual probing packets"
echo "$PACKETS2 individual dropped packets"
;;
*)
echo "Usages: cr-check {ppp0|ippp0|eth0}"
;;
esac
</cr-check.sh>


"S.Toms" wrote:
>
> On Thu, 9 Aug 2001, Jay Vollmer wrote:
>
> jv> Try this:
> jv>
> jv> echo $STRING|awk -F: '{print $1}'
> jv>
>
> This is what I ended up using, should have mentioned it was bash sorry
> about that everyone. :) Anyway, what I wanted to do was quickly count the
> entries on a particular port in my /var/log/firewall file to see how many
> attempts have been coming in, and I didn't want to install apache on my
> firewall to check them for CR/CR2 so I tried the following
>
> pipedream:~ # probechk myaddr:80
>
> <probechk file>
>
> #! /bin/bash
>
> AWK="/usr/bin/awk"
> GREP="/usr/bin/grep"
> SORT="/usr/bin/sort"
> UNIQ="/usr/bin/uniq"
>
> ADDRESS=`$GREP "$1" /var/log/firewall | $AWK '{print $12}' | $SORT | \
> $AWK -F: '{print $1}' | $UNIQ | $GREP -c -e [0-9]`
>
> echo $ADDRESS individual machines
>
> </probechk file>
>
> This allows me to quickly count how many individual machines have tried
> to connect to port 80 and compare it to what I'm used to which is
> approximately 5-10 attempts in a week. So out of the 165+ I've gotten
> since Monday, 155-160 are probably CR/CR2's.
> Anyway, thanks for all the ideas I received, helps for the future when
> I'm playing with other things just to see if I can do something.
>
> jv>
>
> --
> S.Toms - smotrs@xxxxxxxxxxxxxx - www.mindspring.com/~smotrs
> SuSE Linux v7.0+ - Kernel 2.2.18
>
> On-line, adj.:
> The idea that a human being should always be accessible to a
> computer.
>
> --
> To unsubscribe send e-mail to suse-linux-e-unsubscribe@xxxxxxxx
> For additional commands send e-mail to suse-linux-e-help@xxxxxxxx
> Also check the FAQ at http://www.suse.com/support/faq and the
> archives at http://lists.suse.com

--
Thanks in advance,
Stefan
--------------------------------------------------------------
Linux a world without borders, fences, windows and gates.....
Titanic98 "Which computer do you want to sink today????"

< Previous Next >
References