Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 19 Feb 2008 11:35:29 -0600
From:      Paul Schmehl <pauls@utdallas.edu>
To:        FreeBSD Questions <freebsd-questions@freebsd.org>
Subject:   Shell scripting question - incrementing
Message-ID:  <B4C4A8D8DF6EFE8801895F53@utd59514.utdallas.edu>

next in thread | raw e-mail | index | archive | help
I could do this in perl easily, but I'm trying to force myself to learn shell 
scripting better.  :-)

I'm parsing a file to extract some elements from it, then writing the results, 
embeded in long strings, into an output file.

Here's the script:

cat file.1 | cut -d',' -f9 | sort | uniq > file.nicks

(read line; echo "alert ip \$HOME_NET any -> \$EXTERNAL_NET any (msg:\"JOIN 
$line detected\"; classtype:trojan-activity; content:\"JOIN\"; content:$line; 
sid:2000001; rev:1;)"; while read line; do echo "alert ip \$HOME_NET any -> 
\$EXTERNAL_NET any (msg:\"JOIN $line
 detected\"; classtype:trojan-activity; content:\"JOIN\"; content:$line; 
sid:2000001; rev:1;)"; done) < file.nicks > file.rules

The result is a file with a bunch of snort rules in it (I can't provide the 
actual data because it's sensitive.)

The rules look like this:
alert ip $HOME_NET any -> $EXTERNAL_NET any (msg:"JOIN "channel" detected"; 
classtype:trojan-activity; content:"JOIN"; content:"channel"; sid:2000001; 
rev:1;)
alert ip $HOME_NET any -> $EXTERNAL_NET any (msg:"JOIN "channel2" detected"; 
classtype:trojan-activity; content:"JOIN"; content:"channel2"; sid:2000001; 
rev:1;)

Once this file is created (or ideally *while* it's being created!) I need to 
increment the sid numbers.  The first one is 2000001.  The second needs to be 
2000002, and so forth.   I don't know the total number of lines ahead of time, 
but it's easy enough to get after the file is created.  (wc -l file.rules | awk 
'{print $1}')

Is there a way to do this in shell scripting?  In perl I'd use a for loop and 
vars, but I'm not sure how to solve this problem in shell scripting.

In pseudo code I would do:

COUNT=`wc -l file.rules | awk '{print $1}'`
LAST_SID=$((2000000 + COUNT))
for (i=2000001; i >= ${LAST_SID}; i++) {
    sed 's/2000001/${i}/g < file.rules > rules.new'
}

-- 
Paul Schmehl (pauls@utdallas.edu)
Senior Information Security Analyst
The University of Texas at Dallas
http://www.utdallas.edu/ir/security/




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?B4C4A8D8DF6EFE8801895F53>