Cover V12, I01
jan2003.tar

Listing 1 autosniff

#!/bin/sh

# autosniff - user-friendly interface to autosniffd
#
# Written by Ed Ravin, <eravin@panix.com>
# Courtesy of PANIX, Public Access Networks Corporation, http://www.panix.com
# License is GPL: see http://www.gnu.org/licenses/gpl.html
#

set -u

CONFIGFILE=/etc/autosniff.conf
. $CONFIGFILE

# auto-detect which style of "echo" suppresses CR
if [ `echo -n 2>&1 | wc -c` = 0 ]
then
    printnocr() {
         echo -n "${1:-}"  # BSD
    }
elif [ `echo "\c" 2>&1 | wc -c` = 0 ]
then
    printnocr() {
        echo "${1:-}\c"    # System V
    }
fi

USERIN=""

getstr() {  # prompt default blankok
    USERIN=""
    while [ "$USERIN" = "" ]
    do
        prompt="$1:"
        if [ "$2" ]
            then prompt="$1 [$2]:"
        fi
        printnocr "$prompt "
        read USERIN
        if [ "$USERIN" = "" ]  && [ "${3:-}" = "blankok" ]
            then return;
        fi
        if [ "$USERIN" = "" ] && [ "$2" != "" ]
            then USERIN="$2"
        fi
    done
}

getstr "Enter a short alphanumeric name for this job" ""
jobname="$USERIN"

getstr "Enter an (optional) description" "" "blankok"
if [ "$USERIN" = "" ]
    then comment=""
    else comment="$USERIN"
fi

keeptesting=true
while $keeptesting
do
    getstr "Hostname that customer will use to trigger autosniff" ""
    host="$USERIN"

    getstr "Port number to use for trigger" ""
    port="$USERIN"

    case $port in  # oddly enough, snoop & tcpdump don't check this
    [0-9]*)
        if [ "$port" -lt 1 -o "$port" -gt 65535 ]
        then
            echo
            echo "Invalid port number: please try again."
            echo
            continue
        fi ;;
    *) ;;
    esac

    getstr "Capture filter to use once triggered" "ip"
    filter="$USERIN"
    echo
    if $AUTOSNIFFD --testonly testing nobody "$host" "$port" "$filter"
    then 
        keeptesting=false
    else
        echo
        echo "Please correct the hostname, port, or filter and try again."
        echo
    fi
done

getstr "Number of minutes to run sniffer after trigger" "5"
timeout=`expr "$USERIN" "*" 60`

getstr "Mail address for notifications" "$DEFAULTMAIL"
mail="$USERIN"

# if autosniffd dies upon startup, set DEBUG_AUTOSNIFF=YES before invocation
# to get a tracefile.  otherwise, all output from autosniff gets discarded
if [ "${DEBUG_AUTOSNIFF:-no}" = YES ]
then
    OUTPUT=$ARCHIVE/autosniff.debug.$$
    DEBUG="--debug"
    echo "Check $OUTPUT for additional messages."
    set -x
else
    OUTPUT=/dev/null
    DEBUG="--discard-output"
fi

# one last test to weed out any errors in the arguments
if     $AUTOSNIFFD --testonly $DEBUG --timeout="$timeout" \
  --comment="$comment" "$jobname" "$mail" "$host" "$port" "$filter"
then    # invoke the daemon
            nohup $AUTOSNIFFD $DEBUG --timeout="$timeout" \
              --comment="$comment" "$jobname" "$mail" "$host" "$port" \
              "$filter" > $OUTPUT 2>&1 &
else
    echo "autosniffd fails to start: check your arguments."
    echo "or try again with DEBUG_AUTOSNIFF=YES in environment."
    exit 1
fi
 
© 2005 CMP Media LLC. All Rights Reserved.
www.sysadminmag.com