24
Chapter 2
is a contraction of
stream editor. In its most basic form,
sed
operates like the
Find and Replace function in Windows.
Search
for the word mysql in the
snort.conf file using
grep
, like so:
kali >
cat /etc/snort/snort.conf | grep mysql
include $RULE_PATH/mysql.rules
#include $RULE_PATH/server-mysql.rules
You should see that the
grep
command
found two occurrences of mysql.
Let’s say you want
sed
to replace every occurrence of
mysql with
MySQL
(remember, most of Linux is case sensitive)
and then save the new file
to
snort2.conf. You could do this by entering the command shown in
Listing 2-6.
kali >
sed s/mysql/MySQL/g /etc/snort/snort.conf > snort2.conf
Listing 2-6: Using sed to find and replace keywords or phrases
The
s
command performs the substitution:
you first give the term you
are searching for (
mysql ) and then the term you want to replace it with
(
MySQL), separated by a slash (
/
). The
g
flag tells Linux that you want
the replacement performed globally. Then the result
is saved to a new file
named
snort2.conf.
Now, when you use
grep
with
snort2.conf to search for
mysql, you’ll see
that
no instances were found, but when you search for
MySQL, you’ll see
two occurrences.
kali >
cat snort2.conf | grep MySQL
include $RULE_PATH/MySQL.rules
#include $RULE_PATH/server-MySQL.rules
If you wanted to replace only the
first occurrence of the term mysql, you
would leave out the trailing
g
option.
kali >
sed s/mysql/MySQL/ snort.conf > snort2.conf
You can also use the
sed
command
to find and replace any specific occur-
rence of a word rather than all occurrences or just the first occurrence. For
instance, if you want to replace only the second occurrence of the word
mysql, simply place the number of the occurrence (in this case, 2) at the
end of the command:
kali >
sed s/mysql/MySQL/2 snort.conf > snort2.conf
This command affects only the second occurrence of
mysql.
