Shell scripting question - incrementing
Paul Schmehl
pauls at utdallas.edu
Tue Feb 19 22:04:53 UTC 2008
--On Tuesday, February 19, 2008 12:41:43 -0600 Derek Ragona
<derek at computinginnovations.com> wrote:
Thanks to all who offered suggestions. Here's a working script that creates
snort rules *and* a sid-msg.map file:
#!/bin/sh
cat file.1 | cut -d',' -f9 | sort | uniq > file.nicks
i=2000002
j=`wc -l file.nicks | awk '{print $1}'`
k=$(( i + j - 1 ))
(read line; echo "alert ip \$HOME_NET any -> \$EXTERNAL_NET any ( sid:2000001;
msg:\" JOIN $line detected\"; classtype:trojan-activity; content:\"JOIN\";
content:$line; rev:1;)"; while read line && [ $i -le $k ]; do echo "alert ip
\$HOME_NET any -> \$EXTERNAL_NET any (sid:$i; msg:\" JOIN $line detected\";
classtype:trojan-activity; content:\"JOIN\"; content:$line; rev:1;)"; i=`expr
$i + 1`; done) < file.nicks > file.rules
cat file.rules | cut -d':' -f2,3 | cut -d';' -f1,2 | sed 's/; msg:/ || /g' >
file-sid-msg.map
--
Paul Schmehl (pauls at utdallas.edu)
Senior Information Security Analyst
The University of Texas at Dallas
http://www.utdallas.edu/ir/security/
More information about the freebsd-questions
mailing list