Text Manipulation
21
kali >
head -20 /etc/snort/snort.conf
#-------------------------------------------------
# VRT Rule Packages Snort.conf
#
# For more information visit us at:
--
snip--
# Options : --enable-gre --enable-mpls --enable-targetbased
--enable-ppm --enable-perfprofiling enable-zlib --enable-act
live-response --enable-normalizer --enable-reload --enable-react
Listing 2-2: Displaying the first 20 lines of snort.conf
in the terminal window
You should see only the first 20 lines of
snort.conf displayed in your
terminal window.
Finding the Tail
The
tail
command is similar to the
head
command, but it’s
used to view the
last lines of a file. Let’s use it on
snort.conf:
kali >
tail /etc/snort/snort.conf
#include $SO_RULE_PATH/smtp.rules
#include $SO_RULE_PATH/specific-threats.rules
#include $SO_RULE_PATH/web-activex.rules
#include $SO_RULE_PATH/web-client.rules
#include $SO_RULE_PATH/web-iis.rules
#include $SO_RULE_PATH/web-miscp.rules
#Event thresholding and suppression commands. See threshold.conf
Notice that this command displays some of the last
include
lines of the
rules files, but not all of them,
because similar to
head
, the default for
tail
is to show 10 lines. You can display more lines by grabbing the last 20 lines
of
snort.conf. As with the
head
command, you can tell
tail
how
many lines
to display by entering a dash (
-
) and then the number of lines between the
command and the filename, as shown in Listing 2-3.
kali >
tail -20 /etc/snort/snort.conf
#include $SO_RULE_PATH/chat.rules
#include $SO_RULE_PATH/dos.rules
#include $SO_RULE_PATH/exploit.rules
--
snip--
#Event thresholding or suppression commands. See theshold.conf
Listing 2-3: Displaying the last 20 lines of snort.conf
in the terminal window
Now
we can view nearly all the
include
lines of the
rules files on one
screen.