Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 19 Feb 2008 12:41:43 -0600
From:      Derek Ragona <derek@computinginnovations.com>
To:        Paul Schmehl <pauls@utdallas.edu>, FreeBSD Questions <freebsd-questions@freebsd.org>
Subject:   Re: Shell scripting question - incrementing
Message-ID:  <6.0.0.22.2.20080219123428.02425ec8@mail.computinginnovations.com>
In-Reply-To: <B4C4A8D8DF6EFE8801895F53@utd59514.utdallas.edu>
References:  <B4C4A8D8DF6EFE8801895F53@utd59514.utdallas.edu>

next in thread | previous in thread | raw e-mail | index | archive | help
At 11:35 AM 2/19/2008, Paul Schmehl wrote:
>I could do this in perl easily, but I'm trying to force myself to learn 
>shell scripting better.  :-)
>
>I'm parsing a file to extract some elements from it, then writing the 
>results, embeded in long strings, into an output file.
>
>Here's the script:
>
>cat file.1 | cut -d',' -f9 | sort | uniq > file.nicks
>
>(read line; echo "alert ip \$HOME_NET any -> \$EXTERNAL_NET any 
>(msg:\"JOIN $line detected\"; classtype:trojan-activity; content:\"JOIN\"; 
>content:$line; sid:2000001; rev:1;)"; while read line; do echo "alert ip 
>\$HOME_NET any -> \$EXTERNAL_NET any (msg:\"JOIN $line
>detected\"; classtype:trojan-activity; content:\"JOIN\"; content:$line; 
>sid:2000001; rev:1;)"; done) < file.nicks > file.rules
>
>The result is a file with a bunch of snort rules in it (I can't provide 
>the actual data because it's sensitive.)
>
>The rules look like this:
>alert ip $HOME_NET any -> $EXTERNAL_NET any (msg:"JOIN "channel" 
>detected"; classtype:trojan-activity; content:"JOIN"; content:"channel"; 
>sid:2000001; rev:1;)
>alert ip $HOME_NET any -> $EXTERNAL_NET any (msg:"JOIN "channel2" 
>detected"; classtype:trojan-activity; content:"JOIN"; content:"channel2"; 
>sid:2000001; rev:1;)
>
>Once this file is created (or ideally *while* it's being created!) I need 
>to increment the sid numbers.  The first one is 2000001.  The second needs 
>to be 2000002, and so forth.   I don't know the total number of lines 
>ahead of time, but it's easy enough to get after the file is created.  (wc 
>-l file.rules | awk '{print $1}')
>
>Is there a way to do this in shell scripting?  In perl I'd use a for loop 
>and vars, but I'm not sure how to solve this problem in shell scripting.
>
>In pseudo code I would do:
>
>COUNT=`wc -l file.rules | awk '{print $1}'`
>LAST_SID=$((2000000 + COUNT))
>for (i=2000001; i >= ${LAST_SID}; i++) {
>    sed 's/2000001/${i}/g < file.rules > rules.new'
>}

Similar to what other's have offered:

for i in `cat file.rules`;do
         sed 's/2000001/${i}/g >> rules.new;
done

         -Derek

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6.0.0.22.2.20080219123428.02425ec8>