Date: Tue, 19 Feb 2008 16:04:51 -0600 From: Paul Schmehl <pauls@utdallas.edu> To: FreeBSD Questions <freebsd-questions@freebsd.org> Subject: Re: Shell scripting question - incrementing Message-ID: <E1138610A110F91C9EE578EA@utd59514.utdallas.edu> In-Reply-To: <6.0.0.22.2.20080219123428.02425ec8@mail.computinginnovations.com> References: <B4C4A8D8DF6EFE8801895F53@utd59514.utdallas.edu> <6.0.0.22.2.20080219123428.02425ec8@mail.computinginnovations.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--On Tuesday, February 19, 2008 12:41:43 -0600 Derek Ragona <derek@computinginnovations.com> wrote: Thanks to all who offered suggestions. Here's a working script that creates snort rules *and* a sid-msg.map file: #!/bin/sh cat file.1 | cut -d',' -f9 | sort | uniq > file.nicks i=2000002 j=`wc -l file.nicks | awk '{print $1}'` k=$(( i + j - 1 )) (read line; echo "alert ip \$HOME_NET any -> \$EXTERNAL_NET any ( sid:2000001; msg:\" JOIN $line detected\"; classtype:trojan-activity; content:\"JOIN\"; content:$line; rev:1;)"; while read line && [ $i -le $k ]; do echo "alert ip \$HOME_NET any -> \$EXTERNAL_NET any (sid:$i; msg:\" JOIN $line detected\"; classtype:trojan-activity; content:\"JOIN\"; content:$line; rev:1;)"; i=`expr $i + 1`; done) < file.nicks > file.rules cat file.rules | cut -d':' -f2,3 | cut -d';' -f1,2 | sed 's/; msg:/ || /g' > file-sid-msg.map -- Paul Schmehl (pauls@utdallas.edu) Senior Information Security Analyst The University of Texas at Dallas http://www.utdallas.edu/ir/security/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?E1138610A110F91C9EE578EA>