UNIX for Dummies Questions & Answers

Hello

I am trying to generate a script to run on worldwide firewalls.

I need the spf block for large sites like google, etc so I can essentially whitelist google sites for users.

(Google here is just an example...)

Right now I am just testing Bash oneliners to see how I can isolate the data I need.

I want a list of networks with CIDR - this I can feed directly into my whitelist.

My script:

Code:

#!/bin/bash

site=${1} # not necc - just like to have a variable for this

diglist=`dig txt ${site} | grep v=spf1 | cut -d : -f2 | cut -d " " -f1`   

arr01=( `dig txt  $diglist | grep v=spf1 | cut -d \" -f2 | sed s/ip4://g` )




for i in $(seq 1 $((${#arr01[*]} - 2)))
          do 
             echo ${arr01[${i}]}
          done

I am happy to say it more or less works for my purposes.



But it is not very good.

I see the recursion there with the dig statements and know there must be a better way. Lots of kludgy cut statements - I should be able to just capture the IP blocks and load them into an array.

With I knew Perl/Python a little better or even awk (keeping in a Bash frame of mind).

How could I fix this?

yrs

Michael

I believe it will help you to know that dig has a "short" mode:

Code:

dig +short txt google.com

produces:

Code:

"v=spf1 include:_netblocks.google.com ~all"

I don't know what your sed command really does, but you can combine it with the cut-quotes command:

Code:

sed 's/"//g; s/ip4://g;'

I'm not sure what the complaint about "recursion" is: If you encounter an "include", you need to "follow it", recursively:

Code:

get_dns_spf1() { 
   dig +short txt "$1" | 
   tr ' ' '\n' |
   while read entry; do 
      case "$entry" in 
         ip4:*)  echo ${entry#*:} ;; 
         include:*) get_dns_spf1 ${entry#*:} ;;
      esac
   done |
   sort -u
   ;
}

This outputs a list. To get the output of the list in an array, just do:

Code:

ips=(`get_dns_spf1 some.site.com`)

Now you can just

Code:

echo ${ips[*]}