bash IP whois lookup script - linux

I have a decent admin script working for checking what IPs are logging on too a web app but I need to make it more fancy with a whois at the start and then I thought a geoip.
At the moment I've hashed out the whois part of it - my problem is that because there are multiple IPs - the whois doesn't know what to do with them
Any ideas on this would be great? and also ideas on geoips would be lovely!
Cheers
#!/bin/bash
#Setting date and time (y and z aren't being used at the moment)
x="$(date +'%d/%b/%Y')"
y="$(date +'%T')"
z="$(date +'%T' | awk 'BEGIN { FS =":"} ; {print $1}')"
#Human readable for email title
emaildate=$(date +"%d%b%Y--Hour--%H")
#Setting date and time for grep and filename
beta="$(date +'%d/%b/%Y:%H')"
sigma="$(date +'%d-%b-%Y-%H')"
#Current SSL Access logs
log='/var/log/apache2/ssl_access.log'
#Set saved log location
newlogs=/home/user/Scripts/logs
grep user#user.com $log | grep $beta | awk 'BEGIN { FS = " " } ; { print $1 }' | sort -u >> $newlogs/adminusage"$sigma".txt
#Preform whois
#whoip=`grep -o '[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}' $newlogs/adminusage"$sigma".txt | sort | uniq >> $testing`
#echo $whoip
#testing="/home/user/Scripts/testing.txt"
#IPlookup="/home/user/Scripts/iptest.txt"
#Preform Usage for the current hour
if
grep -v 1.1.1.1 $newlogs/adminusage"$sigma".txt
then
#whois $testing >> $IPlookup
mail -s "Admin Usage for $emaildate" email.com < $newlogs/adminusage"$sigma".txt
else
echo
fi

Just use a loop and invoke whois once per iteration
Presuming that your grep returns a newline-delimited list of IP addresses, you could do something like this:
grep ... | sort | uniq | while IFS= read -r ip ; do
whois "$ip" >> whatever
done

If you have multiple IPs, simply loop over them and run whois on each:
for address is $whoip ; do
whois $address
done

Related

How to find out your IP addresses using bash

I have a server that has several ip addresses. I want to work out their exact values in bash. I am looking for something like:
a=returnIpAddressStartingWith 10.60.12
b=returnIpAddressStartingWith 10.60.13
so that the following returns:
> echo $a
10.60.12.23
Is there a reasonable way of doing this on linux?
You can use a function like this for searching:
findip() {
ip -4 addr | awk -v ip="$1" -F '[/[:blank:]]+' '$2 == "inet" && index($3, ip){print $3}'
}
And find the IP by:
a=$(findip '10.60.12')
Parse it out of the 'ip addr show' list using grep/awk/cut, then optionally, if you need to access it as an array, copy your list into a Bash array:
# Create a string that is the list of all variables
IPSTR=`ip addr show | fgrep 'inet ' | fgrep -v '127.0.0.1' | awk '{ print $2 }' | cut -d '/' -f 1`
I=0
for IP in $IPSTR ; do
IPARY[$I]=$IP
I=$(($I+1))
done
echo "First IP in array is ${IPARY[0]}"
echo "Number of IP addresses in array is ${#IPARY[*]}"

Scripting HELP needed for finding LIVE HOSTS using bash in linux

How do I create a script that will identify all live hosts (responding to ping) using bin/bash in linux? My thoughts are to first have a
fping -A "some URL" // to get the IP address
then to set that to a var. then run a
fping -g "var" // having the ip address inserted by using a var.
Is there an easier way? If so, what would that script look like?
Not sure what you want to do and why you use fping, but if you just need the IP for a host you should use somthing like this:
getent ahostsv4 www.google.de | grep STREAM | head -n 1 | cut -d ' ' -f 1
getent ahostsv6 www.google.de | grep STREAM | head -n 1 | cut -d ' ' -f 1
getent hosts google.de | head -n 1 | cut -d ' ' -f 1
All commands will resolve an IP address if host still exist. If host points to CNAME it will also get the IP in that case.
Lets say, you have a text file containing all your hosts to test:
like: test-hosts.txt
www.server1.dom
www.server2.dom
server3.dom
1.3.5.7
then the command line (contains bash-script) will do it:
cat test-hosts.txt | xargs -i\{\} bash -c 'HOST="{}"; IP=$(getent ahostsv4 "{}" | grep STREAM | head -n 1 | cut -d " " -f 1); ping -c 1 -w 5 "$IP" >/dev/null 2>&1; RESULT="$?"; echo -e "Host: $HOST ($IP) \c"; case "$RESULT" in 0) echo "is online";; 1) echo "not responding after 5 secs";; *) if [[ "$IP" == "" ]]; then echo "has no resolveable address"; else echo "not availabe due to error [$RESULT]"; fi;; esac;'
and provide outputs like:
is online
not responding
no resolveable address
not available due error [code]

Optimizing Bash script, subshell removal

I have a bash script that lists the amount of ip addresses connected on a port. My issue is, is that with large amounts of connections it is slow as poo. I think it is because of the subshells in use, but I am having trouble removing them without borking the rest of the script. Here is the script in its entirety as it is fairly short:
#!/bin/bash
portnumber=80
reversedns_enabled=0
[ ! -z "${1}" ] && portnumber=${1}
[ ! -z "${2}" ] && reversedns_enabled=${2}
#this will hold all of our ip addresses extracted from netstat
ipaddresses=""
#get all of our connected ip addresses
while read line; do
ipaddress=$( echo ${line} | cut -d' ' -f5 | sed s/:[^:]*$// )
ipaddresses="${ipaddresses}${ipaddress}\n"
done < <( netstat -ano | grep -v unix | grep ESTABLISHED | grep \:${portnumber} )
#remove trailing newline
ipaddresses=${ipaddresses%%??}
#output of program
finaloutput=""
#get our ip addresses sorted, uniq counted, and reverse sorted based on amount of uniq
while read line; do
if [[ ${reversedns_enabled} -eq 1 ]]; then
reversednsname=""
#we use justipaddress to do our nslookup(remove the count of uniq)
justipaddress=$( echo ${line} | cut -d' ' -f2 )
reversednsstring=$( host ${justipaddress} )
if echo "${reversednsstring}" | grep -q "domain name pointer"; then
reversednsname=$( echo ${reversednsstring} | grep -o "pointer .*" | cut -d' ' -f2 )
else
reversednsname="reverse-dns-not-found"
fi
finaloutput="${finaloutput}${line} ${reversednsname}\n"
else
finaloutput="${finaloutput}${line}\n"
fi
done < <( echo -e ${ipaddresses} | uniq -c | sort -r )
#tabulate that sheet son
echo -e ${finaloutput} | column -t
The majority of the time spent is doing this operation: echo ${line} | cut -d' ' -f5 | sed s/:[^:]*$// what is the best way to inline this to produce a faster script. It takes well over a second with 1000 concurrent users (which is my base target, although should be able to process more without using up all of my cpu).
You could reduce that with cut -d' ' <<< "$line" | sed .... You could write a more complex sed script and avoid the use of cut.
But the real benefit would be in avoiding the loop so there's only one sed (or awk or perl or …) script involved. I'd probably look to reduce it to ipaddresses=$(netstat -ano | awk '...') so that instead of 3 grep processes, plus one cut and sed per line, there was just a single awk process.
ipaddresses=$(netstat -ano |
awk " /unix/ { next } # grep -v unix
!/ESTABLISHED/ { next } # grep ESTABLISHED
!/:${portnumber}/ { next } # grep :${portnum} "'
{ sub(/:[^:]*$/, "", $5); print $5; }'
)
That's probably rather clumsy, but it is a fairly direct transliteration of the existing code. Watch for the quotes to get ${portnumber} into the regex.
Since you feed the list of IP addresses into uniq -c and sort -r. You probably should use sort -rn, and you could use awk to do the uniq -c, too.
The only bit that you can't readily improve is host; that seems to only take one host or IP address argument at a time, so you have to run it for each name or address.
I'll take a stab at a couple of issues:
The following line from the script which performs incremental string concatenation will not be be efficient without the means to allocate a reasonable buffer:
ipaddresses="${ipaddresses}${ipaddress}\n"
For another, using a while loop with read line when a pipeline will do is significantly worse than the pipeline. Try something like this instead of the first loop:
netstat -ano |
grep -v 'unix' |
grep 'ESTABLISHED' |
grep "\:${portnumber}" |
cut -d' ' -f5 |
sed 's/:[^:]*$//' |
while read line; do ...
Also, try combining at least two of the three sequential grep commands into one invocation of grep.
If nothing else, this will mean you are no longer spawning a pipeline which creates new cut and sed processes for each line of input processed in the first loop.
Here is a whole script optimized & refactored:
#!/bin/bash
portnumber=80
reversedns_enabled=0
[[ $1 ]] && portnumber=$1
[[ $2 ]] && reversedns_enabled=$2
#this will hold all of our ip addresses extracted from netstat
ipaddresses=''
#get all of our connected ip addresses
while IFS=' :' read -r type _ _ _ _ ipaddress port state _; do
if [[ $type != 'unix' && $port == "$portnumber" && $state == 'ESTABLISHED' ]]; then
ipaddresses+="$ipaddress\n"
fi
done < <(netstat -ano)
#remove trailing newline
ipaddresses=${ipaddresses%%??}
#output of program
finalOutput=""
#get our ip addresses sorted, uniq counted, and reverse sorted based on amount of uniq
while read -r line; do
if (( reversedns_enabled == 1 )); then
reverseDnsName=""
#we use justipaddress to do our nslookup(remove the count of uniq)
read -r _ justipaddress _ <<< "$line"
reverseDnsString=$(host "$justipaddress")
if [[ $reverseDnsString == *'domain name pointer'* ]]; then
reverseDnsName=${reverseDnsName##*domain name pointer }
else
reverseDnsName="reverse-dns-not-found"
fi
finalOutput+="$line $reverseDnsName\n"
else
finalOutput+="$line\n"
fi
done < <(echo -e "$ipaddresses" | sort -ur)
#tabulate that sheet son
echo -e "$finalOutput" | column -t
As you can see, there are almost no external tools used (no sed, awk or grep). Awesome!

find ip address of my system for a particular interface with shell script (bash)

I am trying to find ip-address of my own system through a shell script and write into a text thats my script content
#!/bin/bash
wifiip=$(ip addr | grep inet | grep wlan0 | awk -F" " '{print $2}'| sed -e 's/\/.*$//')
eth0ip=$(ip addr | grep inet | grep eth0 | awk -F" " '{print $2}' | sed -e 's/\/.*$//')
if [ "$eth0ip" == "0" ]; then
echo "$eth0ip" | grep [0-9]$ > /home/pi/att/ip.txt
else
echo "$wifiip" | grep [0-9]$ > /home/pi/att/ip.txt
fi
and trying to do something like if one interface is not up print another ip in ip.txt
but it's giving
ip.sh: 14: [: unexpected operator
Let's clean up your code first. You don't need chains of a dozen different commands and pipes when you're already using awk. This:
wifiip=$(ip addr | grep inet | grep wlan0 | awk -F" " '{print $2}'| sed -e 's/\/.*$//')
can be written simply as this:
wifiip=$(ip addr | awk '/inet/ && /wlan0/{sub(/\/.*$/,"",$2); print $2}')
but your whole script can be written as just one awk command.
I need you to update your question with some sample output of the ip addr command, the output you want from the awk command given that input, and explain more clearly what you're trying to do in order to show you the correct way to write that but it might be something like this:
ip addr | awk '
/inet/ { ip[$NF] = $2; sub(/\/.*$/,"",ip[$NF]) }
END { print ( "eth0" in ip ? ip["eth0"] : ip["wlan0"] ) }
' > /home/pi/att/ip.txt
Here is a nice way to get your IP address. This gives you the address used to reach the internet at the test, so it will give you correct IP even if you change from Wifi to eth or to any other IF type.
See more detailed post here: Linux bash script to extract IP address
my_ip=$(ip route get 8.8.8.8 | awk '/8.8.8.8/ {print $NF}')
To get interface name:
my_if=$(ip route get 8.8.8.8 | awk '/dev/ {f=NR} f&&NR-1==f' RS=" ")

In BASH, Is there any way to find exactly the IP address for all interfaces? And remove all other information's?

How can i get only IP and which interface IP it is? So that i can keep a record file such as realtime.ini
1 - test.sh
#!/bin/bash
ipstring ='inet (.*)'
for i in $(ip addr);
do
echo $i #on found it write down to my realtime.ini as a list for future query
done
2 - realtime.ini
em1,192.168.1.2
lo,127.0.0.1
wlan0,<not found>
Follow up: Just for single ip:
$ ifconfig eth0 | grep 'inet addr:' | cut -d: -f2 | awk '{ print $1}'
192.168.1.2
This is not terribly elegant, nor is bash, but you can do the following if you have both awk and sed:
ifconfig | awk 'BEGIN { FS = "\n"; RS = "" } { print $1 $2 }' | sed -e 's/ .*inet addr:/,/' -e 's/ .*//'
I wouldn't bet on this being hugely portable either, so maybe someone has a better answer.
if you install moreutils package, you can use handy ifdata command:
for INTF_PATH in /sys/class/net/* # list all interfaces
do
INTF=$(basename $INTF_PATH) # interface name
echo "$INTF,$(ifdata -pa $INTF)" # interface name and address
done
example output for 5 interfaces, while only eth0 and lo are up:
eth0,123.234.10.12
lo,127.0.0.1
vboxnet0,NON-IP
wlan0,NON-IP
wlan1,NON-IP

Resources