Date: Tue, 19 Feb 2008 18:59:47 +0100 From: Pietro Cerutti <gahr@gahr.ch> To: Paul Schmehl <pauls@utdallas.edu> Cc: FreeBSD Questions <freebsd-questions@freebsd.org> Subject: Re: Shell scripting question - incrementing Message-ID: <47BB1913.6070500@gahr.ch> In-Reply-To: <B4C4A8D8DF6EFE8801895F53@utd59514.utdallas.edu> References: <B4C4A8D8DF6EFE8801895F53@utd59514.utdallas.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enigF7AC71CE7BBE9E41F3299013
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Paul Schmehl wrote:
> I could do this in perl easily, but I'm trying to force myself to learn=
> shell scripting better. :-)
>=20
> I'm parsing a file to extract some elements from it, then writing the
> results, embeded in long strings, into an output file.
>=20
> Here's the script:
>=20
> cat file.1 | cut -d',' -f9 | sort | uniq > file.nicks
>=20
> (read line; echo "alert ip \$HOME_NET any -> \$EXTERNAL_NET any
> (msg:\"JOIN $line detected\"; classtype:trojan-activity;
> content:\"JOIN\"; content:$line; sid:2000001; rev:1;)"; while read line=
;
> do echo "alert ip \$HOME_NET any -> \$EXTERNAL_NET any (msg:\"JOIN $lin=
e
> detected\"; classtype:trojan-activity; content:\"JOIN\"; content:$line;=
> sid:2000001; rev:1;)"; done) < file.nicks > file.rules
>=20
> The result is a file with a bunch of snort rules in it (I can't provide=
> the actual data because it's sensitive.)
>=20
> The rules look like this:
> alert ip $HOME_NET any -> $EXTERNAL_NET any (msg:"JOIN "channel"
> detected"; classtype:trojan-activity; content:"JOIN"; content:"channel"=
;
> sid:2000001; rev:1;)
> alert ip $HOME_NET any -> $EXTERNAL_NET any (msg:"JOIN "channel2"
> detected"; classtype:trojan-activity; content:"JOIN";
> content:"channel2"; sid:2000001; rev:1;)
>=20
> Once this file is created (or ideally *while* it's being created!) I
> need to increment the sid numbers. The first one is 2000001. The
> second needs to be 2000002, and so forth. I don't know the total
> number of lines ahead of time, but it's easy enough to get after the
> file is created. (wc -l file.rules | awk '{print $1}')
>=20
> Is there a way to do this in shell scripting? In perl I'd use a for
> loop and vars, but I'm not sure how to solve this problem in shell
> scripting.
>=20
> In pseudo code I would do:
>=20
> COUNT=3D`wc -l file.rules | awk '{print $1}'`
> LAST_SID=3D$((2000000 + COUNT))
> for (i=3D2000001; i >=3D ${LAST_SID}; i++) {
> sed 's/2000001/${i}/g < file.rules > rules.new'
> }
>=20
for i in `jot $COUNT 2000001`; do
# foo bar
done
--=20
Pietro Cerutti
PGP Public Key:
http://gahr.ch/pgp
--------------enigF7AC71CE7BBE9E41F3299013
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (FreeBSD)
iEYEAREKAAYFAke7GRcACgkQwMJqmJVx944QHACfaaXaSMTMobA9t0C5c0Of6Pu6
5+YAoOMbdCpcA1wBv/mSwesJId7y93ac
=RJrS
-----END PGP SIGNATURE-----
--------------enigF7AC71CE7BBE9E41F3299013--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?47BB1913.6070500>