Date: Tue, 19 Feb 2008 18:59:47 +0100 From: Pietro Cerutti <gahr@gahr.ch> To: Paul Schmehl <pauls@utdallas.edu> Cc: FreeBSD Questions <freebsd-questions@freebsd.org> Subject: Re: Shell scripting question - incrementing Message-ID: <47BB1913.6070500@gahr.ch> In-Reply-To: <B4C4A8D8DF6EFE8801895F53@utd59514.utdallas.edu> References: <B4C4A8D8DF6EFE8801895F53@utd59514.utdallas.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --]
Paul Schmehl wrote:
> I could do this in perl easily, but I'm trying to force myself to learn
> shell scripting better. :-)
>
> I'm parsing a file to extract some elements from it, then writing the
> results, embeded in long strings, into an output file.
>
> Here's the script:
>
> cat file.1 | cut -d',' -f9 | sort | uniq > file.nicks
>
> (read line; echo "alert ip \$HOME_NET any -> \$EXTERNAL_NET any
> (msg:\"JOIN $line detected\"; classtype:trojan-activity;
> content:\"JOIN\"; content:$line; sid:2000001; rev:1;)"; while read line;
> do echo "alert ip \$HOME_NET any -> \$EXTERNAL_NET any (msg:\"JOIN $line
> detected\"; classtype:trojan-activity; content:\"JOIN\"; content:$line;
> sid:2000001; rev:1;)"; done) < file.nicks > file.rules
>
> The result is a file with a bunch of snort rules in it (I can't provide
> the actual data because it's sensitive.)
>
> The rules look like this:
> alert ip $HOME_NET any -> $EXTERNAL_NET any (msg:"JOIN "channel"
> detected"; classtype:trojan-activity; content:"JOIN"; content:"channel";
> sid:2000001; rev:1;)
> alert ip $HOME_NET any -> $EXTERNAL_NET any (msg:"JOIN "channel2"
> detected"; classtype:trojan-activity; content:"JOIN";
> content:"channel2"; sid:2000001; rev:1;)
>
> Once this file is created (or ideally *while* it's being created!) I
> need to increment the sid numbers. The first one is 2000001. The
> second needs to be 2000002, and so forth. I don't know the total
> number of lines ahead of time, but it's easy enough to get after the
> file is created. (wc -l file.rules | awk '{print $1}')
>
> Is there a way to do this in shell scripting? In perl I'd use a for
> loop and vars, but I'm not sure how to solve this problem in shell
> scripting.
>
> In pseudo code I would do:
>
> COUNT=`wc -l file.rules | awk '{print $1}'`
> LAST_SID=$((2000000 + COUNT))
> for (i=2000001; i >= ${LAST_SID}; i++) {
> sed 's/2000001/${i}/g < file.rules > rules.new'
> }
>
for i in `jot $COUNT 2000001`; do
# foo bar
done
--
Pietro Cerutti
PGP Public Key:
http://gahr.ch/pgp
[-- Attachment #2 --]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (FreeBSD)
iEYEAREKAAYFAke7GRcACgkQwMJqmJVx944QHACfaaXaSMTMobA9t0C5c0Of6Pu6
5+YAoOMbdCpcA1wBv/mSwesJId7y93ac
=RJrS
-----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?47BB1913.6070500>