Shell scripting question - incrementing
Paul Schmehl
pauls at utdallas.edu
Tue Feb 19 17:35:30 UTC 2008
I could do this in perl easily, but I'm trying to force myself to learn shell
scripting better. :-)
I'm parsing a file to extract some elements from it, then writing the results,
embeded in long strings, into an output file.
Here's the script:
cat file.1 | cut -d',' -f9 | sort | uniq > file.nicks
(read line; echo "alert ip \$HOME_NET any -> \$EXTERNAL_NET any (msg:\"JOIN
$line detected\"; classtype:trojan-activity; content:\"JOIN\"; content:$line;
sid:2000001; rev:1;)"; while read line; do echo "alert ip \$HOME_NET any ->
\$EXTERNAL_NET any (msg:\"JOIN $line
detected\"; classtype:trojan-activity; content:\"JOIN\"; content:$line;
sid:2000001; rev:1;)"; done) < file.nicks > file.rules
The result is a file with a bunch of snort rules in it (I can't provide the
actual data because it's sensitive.)
The rules look like this:
alert ip $HOME_NET any -> $EXTERNAL_NET any (msg:"JOIN "channel" detected";
classtype:trojan-activity; content:"JOIN"; content:"channel"; sid:2000001;
rev:1;)
alert ip $HOME_NET any -> $EXTERNAL_NET any (msg:"JOIN "channel2" detected";
classtype:trojan-activity; content:"JOIN"; content:"channel2"; sid:2000001;
rev:1;)
Once this file is created (or ideally *while* it's being created!) I need to
increment the sid numbers. The first one is 2000001. The second needs to be
2000002, and so forth. I don't know the total number of lines ahead of time,
but it's easy enough to get after the file is created. (wc -l file.rules | awk
'{print $1}')
Is there a way to do this in shell scripting? In perl I'd use a for loop and
vars, but I'm not sure how to solve this problem in shell scripting.
In pseudo code I would do:
COUNT=`wc -l file.rules | awk '{print $1}'`
LAST_SID=$((2000000 + COUNT))
for (i=2000001; i >= ${LAST_SID}; i++) {
sed 's/2000001/${i}/g < file.rules > rules.new'
}
--
Paul Schmehl (pauls at utdallas.edu)
Senior Information Security Analyst
The University of Texas at Dallas
http://www.utdallas.edu/ir/security/
More information about the freebsd-questions
mailing list