From owner-freebsd-questions@FreeBSD.ORG  Tue Feb 19 18:00:11 2008
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 84FB816A418
	for <freebsd-questions@freebsd.org>;
	Tue, 19 Feb 2008 18:00:11 +0000 (UTC) (envelope-from gahr@gahr.ch)
Received: from cpanel03.rubas-s03.net (cpanel03.rubas-s03.net [195.182.222.73])
	by mx1.freebsd.org (Postfix) with ESMTP id 1829013C467
	for <freebsd-questions@freebsd.org>;
	Tue, 19 Feb 2008 18:00:11 +0000 (UTC) (envelope-from gahr@gahr.ch)
Received: from 80-218-191-236.dclient.hispeed.ch ([80.218.191.236]
	helo=gahrtop.localhost)
	by cpanel03.rubas-s03.net with esmtpsa (TLSv1:AES256-SHA:256)
	(Exim 4.68) (envelope-from <gahr@gahr.ch>)
	id 1JRWlF-00079f-Kw; Tue, 19 Feb 2008 19:00:09 +0100
Message-ID: <47BB1913.6070500@gahr.ch>
Date: Tue, 19 Feb 2008 18:59:47 +0100
From: Pietro Cerutti <gahr@gahr.ch>
User-Agent: Thunderbird 2.0.0.9 (X11/20080208)
MIME-Version: 1.0
To: Paul Schmehl <pauls@utdallas.edu>
References: <B4C4A8D8DF6EFE8801895F53@utd59514.utdallas.edu>
In-Reply-To: <B4C4A8D8DF6EFE8801895F53@utd59514.utdallas.edu>
X-Enigmail-Version: 0.95.5
OpenPGP: id=9571F78E;
	url=http://www.gahr.ch/pgp
Content-Type: multipart/signed; micalg=pgp-sha512;
	protocol="application/pgp-signature";
	boundary="------------enigF7AC71CE7BBE9E41F3299013"
X-AntiAbuse: This header was added to track abuse,
	please include it with any abuse report
X-AntiAbuse: Primary Hostname - cpanel03.rubas-s03.net
X-AntiAbuse: Original Domain - freebsd.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - gahr.ch
X-Source: 
X-Source-Args: 
X-Source-Dir: 
Cc: FreeBSD Questions <freebsd-questions@freebsd.org>
Subject: Re: Shell scripting question - incrementing
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 19 Feb 2008 18:00:11 -0000

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enigF7AC71CE7BBE9E41F3299013
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

Paul Schmehl wrote:
> I could do this in perl easily, but I'm trying to force myself to learn=

> shell scripting better.  :-)
>=20
> I'm parsing a file to extract some elements from it, then writing the
> results, embeded in long strings, into an output file.
>=20
> Here's the script:
>=20
> cat file.1 | cut -d',' -f9 | sort | uniq > file.nicks
>=20
> (read line; echo "alert ip \$HOME_NET any -> \$EXTERNAL_NET any
> (msg:\"JOIN $line detected\"; classtype:trojan-activity;
> content:\"JOIN\"; content:$line; sid:2000001; rev:1;)"; while read line=
;
> do echo "alert ip \$HOME_NET any -> \$EXTERNAL_NET any (msg:\"JOIN $lin=
e
> detected\"; classtype:trojan-activity; content:\"JOIN\"; content:$line;=

> sid:2000001; rev:1;)"; done) < file.nicks > file.rules
>=20
> The result is a file with a bunch of snort rules in it (I can't provide=

> the actual data because it's sensitive.)
>=20
> The rules look like this:
> alert ip $HOME_NET any -> $EXTERNAL_NET any (msg:"JOIN "channel"
> detected"; classtype:trojan-activity; content:"JOIN"; content:"channel"=
;
> sid:2000001; rev:1;)
> alert ip $HOME_NET any -> $EXTERNAL_NET any (msg:"JOIN "channel2"
> detected"; classtype:trojan-activity; content:"JOIN";
> content:"channel2"; sid:2000001; rev:1;)
>=20
> Once this file is created (or ideally *while* it's being created!) I
> need to increment the sid numbers.  The first one is 2000001.  The
> second needs to be 2000002, and so forth.   I don't know the total
> number of lines ahead of time, but it's easy enough to get after the
> file is created.  (wc -l file.rules | awk '{print $1}')
>=20
> Is there a way to do this in shell scripting?  In perl I'd use a for
> loop and vars, but I'm not sure how to solve this problem in shell
> scripting.
>=20
> In pseudo code I would do:
>=20
> COUNT=3D`wc -l file.rules | awk '{print $1}'`
> LAST_SID=3D$((2000000 + COUNT))
> for (i=3D2000001; i >=3D ${LAST_SID}; i++) {
>    sed 's/2000001/${i}/g < file.rules > rules.new'
> }
>=20

for i in `jot $COUNT 2000001`; do
  # foo bar
done


--=20
Pietro Cerutti

PGP Public Key:
http://gahr.ch/pgp


--------------enigF7AC71CE7BBE9E41F3299013
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (FreeBSD)

iEYEAREKAAYFAke7GRcACgkQwMJqmJVx944QHACfaaXaSMTMobA9t0C5c0Of6Pu6
5+YAoOMbdCpcA1wBv/mSwesJId7y93ac
=RJrS
-----END PGP SIGNATURE-----

--------------enigF7AC71CE7BBE9E41F3299013--