From owner-freebsd-questions@FreeBSD.ORG Tue Feb 19 18:42:10 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 7E9D216A421 for ; Tue, 19 Feb 2008 18:42:10 +0000 (UTC) (envelope-from derek@computinginnovations.com) Received: from betty.computinginnovations.com (mail.computinginnovations.com [64.81.227.250]) by mx1.freebsd.org (Postfix) with ESMTP id 1C58413C4E7 for ; Tue, 19 Feb 2008 18:42:09 +0000 (UTC) (envelope-from derek@computinginnovations.com) Received: from p28.computinginnovations.com (dhcp-10-20-30-100.computinginnovations.com [10.20.30.100]) (authenticated bits=0) by betty.computinginnovations.com (8.14.2/8.13.8) with ESMTP id m1JIfwum089161; Tue, 19 Feb 2008 12:41:59 -0600 (CST) (envelope-from derek@computinginnovations.com) Message-Id: <6.0.0.22.2.20080219123428.02425ec8@mail.computinginnovations.com> X-Sender: derek@mail.computinginnovations.com X-Mailer: QUALCOMM Windows Eudora Version 6.0.0.22 Date: Tue, 19 Feb 2008 12:41:43 -0600 To: Paul Schmehl , FreeBSD Questions From: Derek Ragona In-Reply-To: References: Mime-Version: 1.0 X-ComputingInnovations-MailScanner-Information: Please contact the ISP for more information X-ComputingInnovations-MailScanner: Found to be clean X-ComputingInnovations-MailScanner-From: derek@computinginnovations.com X-Spam-Status: No Content-Type: text/plain; charset="us-ascii"; format=flowed X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: Subject: Re: Shell scripting question - incrementing X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 19 Feb 2008 18:42:10 -0000 At 11:35 AM 2/19/2008, Paul Schmehl wrote: >I could do this in perl easily, but I'm trying to force myself to learn >shell scripting better. :-) > >I'm parsing a file to extract some elements from it, then writing the >results, embeded in long strings, into an output file. > >Here's the script: > >cat file.1 | cut -d',' -f9 | sort | uniq > file.nicks > >(read line; echo "alert ip \$HOME_NET any -> \$EXTERNAL_NET any >(msg:\"JOIN $line detected\"; classtype:trojan-activity; content:\"JOIN\"; >content:$line; sid:2000001; rev:1;)"; while read line; do echo "alert ip >\$HOME_NET any -> \$EXTERNAL_NET any (msg:\"JOIN $line >detected\"; classtype:trojan-activity; content:\"JOIN\"; content:$line; >sid:2000001; rev:1;)"; done) < file.nicks > file.rules > >The result is a file with a bunch of snort rules in it (I can't provide >the actual data because it's sensitive.) > >The rules look like this: >alert ip $HOME_NET any -> $EXTERNAL_NET any (msg:"JOIN "channel" >detected"; classtype:trojan-activity; content:"JOIN"; content:"channel"; >sid:2000001; rev:1;) >alert ip $HOME_NET any -> $EXTERNAL_NET any (msg:"JOIN "channel2" >detected"; classtype:trojan-activity; content:"JOIN"; content:"channel2"; >sid:2000001; rev:1;) > >Once this file is created (or ideally *while* it's being created!) I need >to increment the sid numbers. The first one is 2000001. The second needs >to be 2000002, and so forth. I don't know the total number of lines >ahead of time, but it's easy enough to get after the file is created. (wc >-l file.rules | awk '{print $1}') > >Is there a way to do this in shell scripting? In perl I'd use a for loop >and vars, but I'm not sure how to solve this problem in shell scripting. > >In pseudo code I would do: > >COUNT=`wc -l file.rules | awk '{print $1}'` >LAST_SID=$((2000000 + COUNT)) >for (i=2000001; i >= ${LAST_SID}; i++) { > sed 's/2000001/${i}/g < file.rules > rules.new' >} Similar to what other's have offered: for i in `cat file.rules`;do sed 's/2000001/${i}/g >> rules.new; done -Derek -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.