[Dshield] CAUTION email about shell scripting...

Esler, Joel - Contractor joel.esler at rcert-s.army.mil
Wed Oct 13 19:32:49 GMT 2004


It runs every 5 minutes to check and see if the tunnel is up, if it is
not up then reestablish...

Bout to run out of the office right quick so I can't test this one...
Bbl

Joel

-----Original Message-----
From: list-bounces at lists.dshield.org
[mailto:list-bounces at lists.dshield.org] On Behalf Of Meidinger Chris
Sent: Wednesday, October 13, 2004 1:16 PM
To: General DShield Discussion List
Subject: RE: [Dshield] CAUTION email about shell scripting...


i'm a bit of a hack of a shell scripter, someone will probably have a
one liner for you, but .....


----------------------begin-------------------

#!/bin/bash

# i have no idea what you are checking for with your 
# ps command, i assume you want to make sure that 
# there is no tunnel already up, if so, then this is right.
# else you need to set a ! before -z or change accordingly

PROC=`ps aux | grep "ssh -C -p 9428 -R" | grep -v grep`

if [ -z ${PROC} ]; then

	SSH_CMD='ssh -C -p 9428 ${SNORT_IP} "/snort/startup.sh"'

	for i in 1 2 3; do
		${SSH_CMD} && exit
		sleep 20
	done

	mail -s "Snort tunnel error" foo at foo.com < /snort/cito.error fi


-----------------------end--------------------

> -----Original Message-----
> From: list-bounces at lists.dshield.org
> [mailto:list-bounces at lists.dshield.org] On Behalf Of Esler, 
> Joel - Contractor
> Sent: Wednesday, October 13, 2004 15:55
> To: General DShield Discussion List
> Subject: [Dshield] CAUTION email about shell scripting...
> 
> Shell scripting..  I know this may not be the best place to
> ask this question, however, I always get great answers from 
> this list..
> 
> ----------------------begin-------------------
> 
> #!/bin/bash
> 
> ps aux | grep "ssh -C -p 9428 -R" | grep -v grep
> 
> if [ $? -ne 0 ]; then
>         ssh -C -p 9428 -R 1521:localhost:1521 -R
> 3306:localhost:3306 <ip> /snort/startup.sh else
>         sleep 20; ssh -C -p 9428 -R 1521:localhost:1521 -R
> 3306:localhost:3306 <ip> /snort/startup.sh
>         mail -s "Snort tunnel error" foo at foo.com < 
> /snort/cito.error fi
> 
> ----------------------end-----------------------
> 
> 
> I want the script to connect to the box and run the
> startup.sh script, if it faults (can't establish the 
> connection, something wrong with the script on the the box 
> etc...) I want it to wait a bit (20 seconds) then try again, 
> and if it STILL fails...  Then email..  I'd like for it to do 
> it three times (am I doing this correctly?)
> 
> Joel
> _______________________________________________
> DShield and the Internet Storm Center are sponsored by the
> SANS Institute.
> To learn more about current SANS training, see http://www.sans.org .
> 
> _______________________________________________
> send all posts to list at lists.dshield.org To change your
> subscription options (or unsubscribe), see: 
> http://www.dshield.org/mailman/listinfo/list
> 
_______________________________________________
DShield and the Internet Storm Center are sponsored by the SANS
Institute. To learn more about current SANS training, see
http://www.sans.org .

_______________________________________________
send all posts to list at lists.dshield.org
To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list



More information about the list mailing list