From owner-freebsd-questions@FreeBSD.ORG Tue Feb 19 17:35:30 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 4C5BE16A418 for ; Tue, 19 Feb 2008 17:35:30 +0000 (UTC) (envelope-from pauls@utdallas.edu) Received: from smtp3.utdallas.edu (smtp3.utdallas.edu [129.110.10.49]) by mx1.freebsd.org (Postfix) with ESMTP id 2EB1913C455 for ; Tue, 19 Feb 2008 17:35:30 +0000 (UTC) (envelope-from pauls@utdallas.edu) Received: from utd59514.utdallas.edu (utd59514.utdallas.edu [129.110.3.28]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by smtp3.utdallas.edu (Postfix) with ESMTP id 9B69C65502 for ; Tue, 19 Feb 2008 11:35:29 -0600 (CST) Date: Tue, 19 Feb 2008 11:35:29 -0600 From: Paul Schmehl To: FreeBSD Questions Message-ID: X-Mailer: Mulberry/4.0.8 (Linux/x86) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline Subject: Shell scripting question - incrementing X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 19 Feb 2008 17:35:30 -0000 I could do this in perl easily, but I'm trying to force myself to learn shell scripting better. :-) I'm parsing a file to extract some elements from it, then writing the results, embeded in long strings, into an output file. Here's the script: cat file.1 | cut -d',' -f9 | sort | uniq > file.nicks (read line; echo "alert ip \$HOME_NET any -> \$EXTERNAL_NET any (msg:\"JOIN $line detected\"; classtype:trojan-activity; content:\"JOIN\"; content:$line; sid:2000001; rev:1;)"; while read line; do echo "alert ip \$HOME_NET any -> \$EXTERNAL_NET any (msg:\"JOIN $line detected\"; classtype:trojan-activity; content:\"JOIN\"; content:$line; sid:2000001; rev:1;)"; done) < file.nicks > file.rules The result is a file with a bunch of snort rules in it (I can't provide the actual data because it's sensitive.) The rules look like this: alert ip $HOME_NET any -> $EXTERNAL_NET any (msg:"JOIN "channel" detected"; classtype:trojan-activity; content:"JOIN"; content:"channel"; sid:2000001; rev:1;) alert ip $HOME_NET any -> $EXTERNAL_NET any (msg:"JOIN "channel2" detected"; classtype:trojan-activity; content:"JOIN"; content:"channel2"; sid:2000001; rev:1;) Once this file is created (or ideally *while* it's being created!) I need to increment the sid numbers. The first one is 2000001. The second needs to be 2000002, and so forth. I don't know the total number of lines ahead of time, but it's easy enough to get after the file is created. (wc -l file.rules | awk '{print $1}') Is there a way to do this in shell scripting? In perl I'd use a for loop and vars, but I'm not sure how to solve this problem in shell scripting. In pseudo code I would do: COUNT=`wc -l file.rules | awk '{print $1}'` LAST_SID=$((2000000 + COUNT)) for (i=2000001; i >= ${LAST_SID}; i++) { sed 's/2000001/${i}/g < file.rules > rules.new' } -- Paul Schmehl (pauls@utdallas.edu) Senior Information Security Analyst The University of Texas at Dallas http://www.utdallas.edu/ir/security/