Shell script question
Paul Schmehl
pauls at utdallas.edu
Thu Aug 4 17:46:21 GMT 2005
I'm working on a shell script to use p0f to identify "unauthorized" hosts
on our network.
In the script I use an echo command to see what the output of the command
is. This is what it looks like:
/usr/local/bin/p0f -i xl0 -N -l -o /root/capture.1123177152.log 'src net
10.0.0.0/8 or src net 129.110.0.0/16'
If I paste the output of the echo command to the cli and hit enter, p0f
runs and writes to the log. Yet when I actually try to run that same
command from the script, p0f complains:
pcap_compile: illegal token: '
See man tcpdump or p0f README for help on bpf filter expressions.
Here's the script. It's very simple right now, but there's a lot more work
to be done. I first have to figure out this problem, though:
#!/bin/sh
P0F=/usr/local/bin/p0f
EPOCH_DATE=`date -j -f "%a %b %d %T %Z %Y" "\`date\`" "+%s"`
LOG=/root/capture.${EPOCH_DATE}.log
NIC="-i xl0"
ARGS="-N -l -o ${LOG}"
DAEMON="-d"
FILTER="'src net 10.0.0.0/8 or src net 129.110.0.0/16'"
echo "${P0F} ${NIC} ${ARGS} ${DAEMON} ${FILTER}"
${P0F} ${NIC} ${ARGS} ${FILTER}
Why is p0f complaining about the bpf filter? I've tried escaping the
single quotes, but that generates a different error. I don't understand
why the identical command works on the cli, but not in the script.
Paul Schmehl (pauls at utdallas.edu)
Adjunct Information Security Officer
University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu/ir/security/
More information about the freebsd-questions
mailing list