Kali Linux - Text Editor(01)

▶ cat 명령어를 이용하여 파일의 내용 살펴보기 

┌──(kali㉿kali)-[~]
└─$ sudo cat /etc/snort/snort.conf
[sudo] password for kali: 
#--------------------------------------------------
#   VRT Rule Packages Snort.conf
#
#   For more information visit us at:
#     http://www.snort.org                   Snort Website
#     http://vrt-blog.snort.org/    Sourcefire VRT Blog
#
#     Mailing list Contact:      snort-sigs@lists.sourceforge.net
#     False Positive reports:    fp@sourcefire.com
#     Snort bugs:                bugs@snort.org
#
#     Compatible with Snort Versions:
#     VERSIONS : 2.9.7.0
#
#     Snort build options:
~~~~~~

특히 파일의 마지막 부분을 살펴보고자 할때 불편하다.

▶ head & tail

┌──(kali㉿kali)-[~]
└─$ sudo head /etc/snort/snort.conf
#--------------------------------------------------
#   VRT Rule Packages Snort.conf
#
#   For more information visit us at:
#     http://www.snort.org                   Snort Website
#     http://vrt-blog.snort.org/    Sourcefire VRT Blog
#
#     Mailing list Contact:      snort-sigs@lists.sourceforge.net
#     False Positive reports:    fp@sourcefire.com
#     Snort bugs:                bugs@snort.org

┌──(kali㉿kali)-[~]
└─$ sudo tail /etc/snort/snort.conf
# include $SO_RULE_PATH/smtp.rules
# include $SO_RULE_PATH/snmp.rules
# include $SO_RULE_PATH/specific-threats.rules
# include $SO_RULE_PATH/web-activex.rules
# include $SO_RULE_PATH/web-client.rules
# include $SO_RULE_PATH/web-iis.rules
# include $SO_RULE_PATH/web-misc.rules

# Event thresholding or suppression commands. See threshold.conf 
include threshold.conf

파일의 처음 20줄을 보려면

┌──(kali㉿kali)-[~]
└─$ sudo head -20 /etc/snort/snort.conf
#--------------------------------------------------
#   VRT Rule Packages Snort.conf
#
#   For more information visit us at:
#     http://www.snort.org                   Snort Website
#     http://vrt-blog.snort.org/    Sourcefire VRT Blog
#
#     Mailing list Contact:      snort-sigs@lists.sourceforge.net
#     False Positive reports:    fp@sourcefire.com
#     Snort bugs:                bugs@snort.org
#
#     Compatible with Snort Versions:
#     VERSIONS : 2.9.7.0
#
#     Snort build options:
#     OPTIONS : --enable-gre --enable-mpls --enable-targetbased --enable-ppm --enable-perfprofiling --enable-zlib --enable-active-response --enable-normalizer --enable-reload --enable-react --enable-flexresp3
#
#     Additional information:
#     This configuration file enables active response, to run snort in
#     test mode -T you are required to supply an interface -i <interface>

▶ 줄 번호를 붙여 파일의 내용 보기

┌──(kali㉿kali)-[~]
└─$ sudo nl /etc/snort/snort.conf
 1  #--------------------------------------------------
     2  #   VRT Rule Packages Snort.conf
     3  #
     4  #   For more information visit us at:
     5  #     http://www.snort.org                   Snort Website
     6  #     http://vrt-blog.snort.org/    Sourcefire VRT Blog
     7  #
     8  #     Mailing list Contact:      snort-sigs@lists.sourceforge.net
     9  #     False Positive reports:    fp@sourcefire.com
    10  #     Snort bugs:                bugs@snort.org
    11  #
    12  #     Compatible with Snort Versions:
    13  #     VERSIONS : 2.9.7.
    ~~~~
    ~~~~
    ~~~~
   621  # include $SO_RULE_PATH/multimedia.rules
   622  # include $SO_RULE_PATH/netbios.rules
   623  # include $SO_RULE_PATH/nntp.rules
   624  # include $SO_RULE_PATH/p2p.rules
   625  # include $SO_RULE_PATH/smtp.rules
   626  # include $SO_RULE_PATH/snmp.rules
   627  # include $SO_RULE_PATH/specific-threats.rules
   628  # include $SO_RULE_PATH/web-activex.rules
   629  # include $SO_RULE_PATH/web-client.rules
   630  # include $SO_RULE_PATH/web-iis.rules
   631  # include $SO_RULE_PATH/web-misc.rules
       
   632  # Event thresholding or suppression commands. See threshold.conf 
   633  include threshold.conf

▶ grep 으로 파일 내용에서 원하는 단어 검색

 -- snort.conf에서 output 단어가 들어가 줄만 보기

┌──(kali㉿kali)-[~]
└─$ sudo cat /etc/snort/snort.conf | grep output
#  6) Configure output plugins
# Step #6: Configure output plugins
# output unified2: filename merged.log, limit 128, nostamp, mpls_event_types, vlan_event_types
output unified2: filename snort.log, limit 128, nostamp, mpls_event_types, vlan_event_types
# output alert_unified2: filename snort.alert, limit 128, nostamp
# output log_unified2: filename snort.log, limit 128, nostamp 
# output alert_syslog: LOG_AUTH LOG_ALERT
# output log_tcpdump: tcpdump.log

┌──(kali㉿kali)-[~]
└─$ sudo nl /etc/snort/snort.conf | grep output 
    33  #  6) Configure output plugins
   445  # Step #6: Configure output plugins
   450  # output unified2: filename merged.log, limit 128, nostamp, mpls_event_types, vlan_event_types
   451  output unified2: filename snort.log, limit 128, nostamp, mpls_event_types, vlan_event_types
   453  # output alert_unified2: filename snort.alert, limit 128, nostamp
   454  # output log_unified2: filename snort.log, limit 128, nostamp 
   456  # output alert_syslog: LOG_AUTH LOG_ALERT
   458  # output log_tcpdump: tcpdump.log

Ex) snort.conf 파일에서 "# Step #6: Configure output plugins" 라고 쓰여진 줄 바로 앞에 5줄을 표시하고 싶다.

1) 빈줄까지 포함하여 라인 넘버링하기

┌──(kali㉿kali)-[~]
└─$ sudo nl -ba /etc/snort/snort.conf
     1  #--------------------------------------------------
     2  #   VRT Rule Packages Snort.conf
     3  #
     4  #   For more information visit us at:
     5  #     http://www.snort.org                   Snort Website
     6  #     http://vrt-blog.snort.org/    Sourcefire VRT Blog
     7  #
     8  #     Mailing list Contact:      snort-sigs@lists.sourceforge.net
     9  #     False Positive reports:    fp@sourcefire.com
    10  #     Snort bugs:                bugs@snort.org
    11  #
    12  #     Compatible with Snort Versions:
    13  #     VERSIONS : 2.9.7.0
    14  #
    15  #     Snort build options:
    16  #     OPTIONS : --enable-gre --enable-mpls --enable-targetbased --enable-ppm --enable-perfprofiling --enable-zlib --enable-active-response --enable-normalizer --enable-reload --enable-react --enable-flexresp3
    17  #
    18  #     Additional information:
    19  #     This configuration file enables active response, to run snort in
    20  #     test mode -T you are required to supply an interface -i <interface>
    21  #     or test mode will fail to fully validate the configuration and
    22  #     exit with a FATAL error
    23  #--------------------------------------------------
    24
    25  ###################################################
    ~~~~
    ~~~~
    ~~~~

2) output 들어간 줄번호 확인(빈줄 포함하여 라인 넘버링)

┌──(kali㉿kali)-[~]
└─$ sudo nl -ba /etc/snort/snort.conf | grep output   
    34  #  6) Configure output plugins
   529  # Step #6: Configure output plugins
   535  # output unified2: filename merged.log, limit 128, nostamp, mpls_event_types, vlan_event_types
   536  output unified2: filename snort.log, limit 128, nostamp, mpls_event_types, vlan_event_types
   539  # output alert_unified2: filename snort.alert, limit 128, nostamp
   540  # output log_unified2: filename snort.log, limit 128, nostamp 
   543  # output alert_syslog: LOG_AUTH LOG_ALERT
   546  # output log_tcpdump: tcpdump.log

                                                                                                                                                        
┌──(kali㉿kali)-[~]
└─$ sudo tail -n+524 /etc/snort/snort.conf | head -n 6
#   nested_ip inner, \
#   whitelist $WHITE_LIST_PATH/white_list.rules, \
#   blacklist $BLACK_LIST_PATH/black_list.rules

###################################################
# Step #6: Configure output plugins

                                                                                              
┌──(kali㉿kali)-[~]
└─$