homepage Welcome to WebmasterWorld Guest from 54.204.94.228
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member

Home / Forums Index / Hardware and OS Related Technologies / Linux, Unix, and *nix like Operating Systems
Forum Library, Charter, Moderators: bakedjake

Linux, Unix, and *nix like Operating Systems Forum

    
Shell script to capture part of ping output
StupidScript

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 3828219 posted 12:57 am on Jan 17, 2009 (gmt 0)

A user has a dynamic IP.
I'm running portsentry.
The user's email program is ill-behaved.
It TCP/SYN scans my system every time it checks for mail.
Portsentry does not like this.
I can allow his IP by adding it to the portsentry ignore list.

He uses a virtual domain: dude.somehost.net (dude=him)

I ping the domain to get his current IP, then add it to the ignore list so he can use the mail system.

I want to do this with a shell script, but I'm having trouble grabbing the initial ping output, for example:

PING dude.somehost.net (12.23.12.23) from 23.12.23.12 : 56(84) bytes of data.

Note that this is not the data ping gathers, but just its identification of what it will do before it does it. I'd be happy to use ping's result set, but his domain is non-responsive unless he's actually doing some mail thing. i.e. I almost always get a 100% packet loss, so there's an empty ping result set.

Therefore, I want to grab the "12.23.12.23" from ping's initial output (as above) and append it to my ignore list if it is not already in there. Bonus points for removing whatever earlier IP address he had used from the ignore list before adding the current IP.

I've been trying to work with variations on the following:

ping -c1 dude.somehost.net sed -n '/net (/,/) from/p' > ignore_list

however there is a big issue in that what I want to capture is not part of ping's result set, so whatever I try fails.

I appreciate very much any thoughts and advice. Any type of coding is welcomed (shell, PHP, whatever). This needs to run as a cronjob each hour, because his domain provider is nuts. ;)

 

mcavic

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 3828219 posted 6:47 am on Jan 17, 2009 (gmt 0)

Instead of pinging him, you probably just want to do a DNS lookup. One of these should work:

host dude.somehost.net awk '{print $4}'

nslookup dude.somehost.net grep '^Address' tail -1 awk '{print $2}'

StupidScript

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 3828219 posted 8:36 pm on Jan 23, 2009 (gmt 0)

Awesome! Thanks mcavic. Here's what I ended up with (chkhost.sh):

#!/bin/bash
TMPHOST=`host dude.somehost.net awk '{print $4}'`
if ! grep $TMPHOST ignore_list
then
host dude.somehost.net awk '{print $4}' cat >> ignore_list
service portsentry restart
fi

I realized that removing the old address was absurd ... how would I remember it after it had changed? So I'm living with checking the ignore_list before I go home each day and removing any defunct entries manually.

I appreciate your help, mcavic.

[edited by: StupidScript at 8:50 pm (utc) on Jan. 23, 2009]

mcavic

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 3828219 posted 1:02 am on Jan 24, 2009 (gmt 0)

Glad to help! Removing the old address automatically would make sense, because once it changes, it's unlikely to be needed again. But if you had more than one user, you'd need more logic to remove only the expired address.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Hardware and OS Related Technologies / Linux, Unix, and *nix like Operating Systems
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved