Hello,

I am trying to replace a string containing commas from a file with another string containing commas. I've exported the desired string to environment variable $tcpin. The file containing the string is /etc/csf/csf.conf.

root@server ~]# grep -i tcp_in /etc/csf/csf.conf
TCP_IN = "20,21,22,25,53,80,110,143,443,465,587,993,995,12112"
# and have removed 22 from the TCP_IN list so that connection attempts to the
# of those ports and uses the same format as TCP_IN. The default setting of
# to this port in TCP_IN
# to this port in TCP_IN

[root@server ~]# echo $tcpin
20,21,22,25,53,80,110,143,443,465,587,993,995,12112

[root@server ~]# sed -i 's/$tcpin/21,22,25,26,53,80,110,143,443,465,671,993,995,1167,2077,2078,2082,2083,2086,2087,2095,2096,3306,3784 ,10050/g' /etc/csf/csf.conf


But the string contained in the commas stays the same...


[root@server ~]# grep -i tcp_in /etc/csf/csf.conf
TCP_IN = "20,21,22,25,53,80,110,143,443,465,587,993,995,12112"

Any ideas would be appreciated.

By the way, the space after "3784" isn't intentional and is due to the formatting of this web page, apparently.

You used single quotes to embed the sed command: this prevents the variable substitution and the string $tcpin is interpreted literally by the shell. Change the single into double quotes and it should work properly.

Just a note:
formatting will be retained if you use code tags

Thank you!

Works like a charm.

Well, the command replaces the ports properly if I install CSF manually and run the sed -i command in bash after setting the tcpin environment variable...

[root@server csf]# grep -i tcp_in /etc/csf/csf.conf
TCP_IN = "20,21,22,25,53,80,110,143,443,465,587,993,995,12112"
# and have removed 22 from the TCP_IN list so that connection attempts to the
# of those ports and uses the same format as TCP_IN. The default setting of
# to this port in TCP_IN
# to this port in TCP_IN

[root@server csf]# echo $tcpin
20,21,22,25,53,80,110,143,443,465,587,993,995,12112

[root@server csf]# sed -i "s/$tcpin/21,22,25,26,53,80,110,143,443,465,671,993,995,1167,2077,2078,2082,2083,2086,2087,2095,2096,3306,3784 ,10050/g" /etc/csf/csf.conf

[root@server csf]# grep -i tcp_in /etc/csf/csf.confTCP_IN = "21,22,25,26,53,80,110,143,443,465,671,993,995,1167,2077,2078,2082,2083,2086,2087,2095,2096,3306,378 4,10050"
# and have removed 22 from the TCP_IN list so that connection attempts to the
# of those ports and uses the same format as TCP_IN. The default setting of
# to this port in TCP_IN
# to this port in TCP_IN



But when the sed -i command is invoked by the script I'm writing, the ports do not get replaced correctly...


( Port 21 is missing, instead of replacing with port 110 it replaced with 000, etc.)

root@server ~]# grep -i tcp_in /etc/csf/csf.conf
TCP_IN "20,22,25,26,53,80,000,043,443,465,670,993,995,0067,2077,2078,2082,2083,2086,2087,2095,2096,3306,378 4,00050"
# and have removed 22 from the TCP_IN list so that connection attempts to the
# of those ports and uses the same format as TCP_IN. The default setting of
# to this port in TCP_IN
# to this port in TCP_IN

Is there a particular reason for this?

Here is the script I am using:

#!/bin/bash
# CSF installation and auto-configuration script.
# arico -- 08/26/09
cd /usr/local
rm -fv csf.tgz
wget http://www.configserver.com/free/csf.tgz
tar -xzf csf.tgz
cd csf

if [ -f /etc/init.d/cpanel ];
then
sh install.sh
tcpin=`grep TCP_IN /etc/csf/csf.conf | head -n 1 | cut -f 3 -d ' ' | cut -f 2 -d '"'`
tcpout=`grep TCP_OUT /etc/csf/csf.conf | head -n 1 | cut -f 3 -d ' ' | cut -f 2 -d '"'`
udpin=`grep UDP_IN /etc/csf/csf.conf | head -n 1 | cut -f 3 -d ' ' | cut -f 2 -d '"'`
udpout=`grep UDP_OUT /etc/csf/csf.conf | head -n 1 | cut -f 3 -d ' ' | cut -f 2 -d '"'`
testing=`grep TESTING /etc/csf/csf.conf | head -n 1 | cut -f 3 -d ' ' | cut -f 2 -d '"'`
cp -a /etc/csf/csf.conf /etc/csf/csf.conf.bak
sed -i "s/$tcpin/21,22,25,26,53,80,110,143,443,465,671,993,995,1167,2077,2078,2082,2083,2086,2087,2095,2096,3306,3784 ,10050/g" /etc/csf/csf.conf
sed -i "s/$tcpout/21,25,80,110,443,43/g" /etc/csf/csf.conf
sed -i "s/$udpin/53,631,665,668,3784/g" /etc/csf/csf.conf
sed -i "s/$udpout/20,21,53/g" /etc/csf/csf.conf
sed -i "s/$testing/0/g" /etc/csf/csf.conf
echo "The default CSF configuration has been backed up to the following location: /etc/csf/csf.conf.bak"
echo "SUCCESS! CSF has been installed and autoconfigured for cPanel."
echo "TESTING MODE: OFF"
echo "Please ensure that TCP inbound access is allowed for this server's SSH listening port. Once this is complete, start the firewall with '/etc/init.d/csf start'"
fi

The command should work from the script as from the command line. Maybe there is something unexpected in the subsequent sed statements. I don't know the original content of your /etc/csf/csf.conf so that I cannot test, but I can suggest to run the script using:
or add -x at the end of the sha-bang. In this way you will see the debugging output consisting of the serie of commands executed by the shell after substitution made. In this way you can check exactly what are the sed commands executed by the shell and maybe locate the bug. Show us the output of the above if in doubt, but please use CODE tags to preserve formatting.

The original content of /etc/csf/csf.conf is what's generated by the CSF installer. The only important string in that file is the one containing the auto-determined port numbers (basically, the variable $tcpin).

When installed manually (not via my script), the sed -i command successfully replaces the original port numbers.

Here is the output of bash -x $SCRIPT:

root@server ~]# bash -x csf2
+ cd /usr/local
+ rm -fv csf.tgz
removed `csf.tgz'
+ wget http://www.configserver.com/free/csf.tgz
--11:02:27-- http://www.configserver.com/free/csf.tgz
Resolving www.configserver.com... 85.13.195.235
Connecting to www.configserver.com|85.13.195.235|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 435029 (425K) [application/x-tar]
Saving to: `csf.tgz'

100%[===============================================================================>] 435,029 408K/s in 1.0s

11:02:28 (408 KB/s) - `csf.tgz' saved [435029/435029]

+ tar -xzf csf.tgz
+ cd csf
+ '[' -f /etc/init.d/cpanel ']'
+ sh install.sh

Configuring for OS

Checking for perl modulesok

Running csf generic installer

Installing generic csf and lfd

Check we're running as root

mkdir: created directory `/etc/csf'
mkdir: created directory `/etc/csf/zone'
mkdir: created directory `/etc/csf/stats'
`csf.generic.conf' -> `/etc/csf/csf.conf'
`csf.allow' -> `/etc/csf/./csf.allow'
`csf.deny' -> `/etc/csf/./csf.deny'
`csf.dirwatch' -> `/etc/csf/./csf.dirwatch'
`csf.ignore' -> `/etc/csf/./csf.ignore'
`csf.generic.pignore' -> `/etc/csf/csf.pignore'
`csf.rignore' -> `/etc/csf/./csf.rignore'
`csf.fignore' -> `/etc/csf/./csf.fignore'
`csf.signore' -> `/etc/csf/./csf.signore'
`csf.suignore' -> `/etc/csf/./csf.suignore'
`csf.mignore' -> `/etc/csf/./csf.mignore'
`csf.sips' -> `/etc/csf/./csf.sips'
`csf.dyndns' -> `/etc/csf/./csf.dyndns'
`alert.txt' -> `/etc/csf/./alert.txt'
`logfloodalert.txt' -> `/etc/csf/./logfloodalert.txt'
`integrityalert.txt' -> `/etc/csf/./integrityalert.txt'
`exploitalert.txt' -> `/etc/csf/./exploitalert.txt'
`tracking.txt' -> `/etc/csf/./tracking.txt'
`connectiontracking.txt' -> `/etc/csf/./connectiontracking.txt'
`processtracking.txt' -> `/etc/csf/./processtracking.txt'
`accounttracking.txt' -> `/etc/csf/./accounttracking.txt'
`usertracking.txt' -> `/etc/csf/./usertracking.txt'
`sshalert.txt' -> `/etc/csf/./sshalert.txt'
`sualert.txt' -> `/etc/csf/./sualert.txt'
`scriptalert.txt' -> `/etc/csf/./scriptalert.txt'
`filealert.txt' -> `/etc/csf/./filealert.txt'
`watchalert.txt' -> `/etc/csf/./watchalert.txt'
`loadalert.txt' -> `/etc/csf/./loadalert.txt'
`resalert.txt' -> `/etc/csf/./resalert.txt'
`portscan.txt' -> `/etc/csf/./portscan.txt'
`permblock.txt' -> `/etc/csf/./permblock.txt'
`netblock.txt' -> `/etc/csf/./netblock.txt'
`messenger' -> `/etc/csf/./messenger'
`messenger/csf_small.png' -> `/etc/csf/./messenger/csf_small.png'
`messenger/index.html' -> `/etc/csf/./messenger/index.html'
`messenger/index.text' -> `/etc/csf/./messenger/index.text'
`lfd.logrotate' -> `/etc/logrotate.d/lfd'
`csfcron.sh' -> `/etc/cron.d/csfcron.sh'
`lfdcron.sh' -> `/etc/cron.d/lfdcron.sh'
`csf.pl' -> `/etc/csf/csf.pl'
`csfui.pl' -> `/etc/csf/csfui.pl'
`csftest.pl' -> `/etc/csf/csftest.pl'
`lfd.pl' -> `/etc/csf/lfd.pl'
`regex.pm' -> `/etc/csf/regex.pm'
`servercheck.pm' -> `/etc/csf/servercheck.pm'
`readme.txt' -> `/etc/csf/readme.txt'
`sanity.txt' -> `/etc/csf/sanity.txt'
`changelog.txt' -> `/etc/csf/changelog.txt'
`install.txt' -> `/etc/csf/install.txt'
`version.txt' -> `/etc/csf/version.txt'
`license.txt' -> `/etc/csf/license.txt'
`uninstall.generic.sh' -> `/etc/csf/uninstall.sh'
`remove_apf_bfd.sh' -> `/etc/csf/remove_apf_bfd.sh'
`lfd.sh' -> `/etc/init.d/lfd'
`csf.sh' -> `/etc/init.d/csf'
`Net' -> `/etc/csf/Net'
`Net/CIDR' -> `/etc/csf/Net/CIDR'
`Net/CIDR/Lite.pm' -> `/etc/csf/Net/CIDR/Lite.pm'
`Sys' -> `/etc/csf/Sys'
`Sys/Hostname' -> `/etc/csf/Sys/Hostname'
`Sys/Hostname/Long.pm' -> `/etc/csf/Sys/Hostname/Long.pm'
`File' -> `/etc/csf/File'
`File/Type.pm' -> `/etc/csf/File/Type.pm'
`File/Type' -> `/etc/csf/File/Type'
`File/Type/Builder.pm' -> `/etc/csf/File/Type/Builder.pm'
`IP' -> `/etc/csf/IP'
`IP/Country.pm' -> `/etc/csf/IP/Country.pm'
`IP/._Authority.pm' -> `/etc/csf/IP/._Authority.pm'
`IP/Authority.pm' -> `/etc/csf/IP/Authority.pm'
`IP/Authority' -> `/etc/csf/IP/Authority'
`IP/Authority/ipauth.gif' -> `/etc/csf/IP/Authority/ipauth.gif'
`IP/Authority/auth.gif' -> `/etc/csf/IP/Authority/auth.gif'
`IP/Authority/._ipauth.gif' -> `/etc/csf/IP/Authority/._ipauth.gif'
`IP/Authority/._auth.gif' -> `/etc/csf/IP/Authority/._auth.gif'
`IP/Country' -> `/etc/csf/IP/Country'
`IP/Country/._Medium.pm' -> `/etc/csf/IP/Country/._Medium.pm'
`IP/Country/._MaxMind.pm' -> `/etc/csf/IP/Country/._MaxMind.pm'
`IP/Country/._Slow.pm' -> `/etc/csf/IP/Country/._Slow.pm'
`IP/Country/._Fast.pm' -> `/etc/csf/IP/Country/._Fast.pm'
`IP/Country/MaxMind.pm' -> `/etc/csf/IP/Country/MaxMind.pm'
`IP/Country/Slow.pm' -> `/etc/csf/IP/Country/Slow.pm'
`IP/Country/Fast.pm' -> `/etc/csf/IP/Country/Fast.pm'
`IP/Country/Fast' -> `/etc/csf/IP/Country/Fast'
`IP/Country/Fast/._ip.gif' -> `/etc/csf/IP/Country/Fast/._ip.gif'
`IP/Country/Fast/ip.gif' -> `/etc/csf/IP/Country/Fast/ip.gif'
`IP/Country/Fast/cc.gif' -> `/etc/csf/IP/Country/Fast/cc.gif'
`IP/Country/Fast/._cc.gif' -> `/etc/csf/IP/Country/Fast/._cc.gif'
`IP/Country/Medium.pm' -> `/etc/csf/IP/Country/Medium.pm'
`IP/Countries.pm' -> `/etc/csf/IP/Countries.pm'
mode of `/etc/csf/uninstall.sh' changed to 0700 (rwx------)
mode of `/etc/csf/csf.pl' changed to 0700 (rwx------)
mode of `/etc/csf/csfui.pl' changed to 0700 (rwx------)
mode of `/etc/csf/csftest.pl' changed to 0700 (rwx------)
mode of `/etc/csf/servercheck.pm' changed to 0700 (rwx------)
mode of `/etc/csf/lfd.pl' changed to 0700 (rwx------)
mode of `/etc/init.d/lfd' changed to 0700 (rwx------)
mode of `/etc/init.d/csf' changed to 0700 (rwx------)
mode of `/etc/cron.d/lfdcron.sh' changed to 0644 (rw-r--r--)
mode of `/etc/cron.d/csfcron.sh' changed to 0644 (rw-r--r--)
create symbolic link `/usr/sbin/csf' to `/etc/csf/csf.pl'
create symbolic link `/usr/sbin/lfd' to `/etc/csf/lfd.pl'

*** SSH port 12112 added to the TCP_IN port list


TCP ports currently listening for incoming connections:
80,111,12112

UDP ports currently listening for incoming connections:
68,111,123,631,5353,46552,47137

Note: The port details above are for information only, csf hasn't been auto-configured.

Don't forget to:
1. Configure the TCP_IN, TCP_OUT, UDP_IN and UDP_OUT options in the csf configuration to suite your server
2. Restart csf and lfd
3. Set TESTING to 0 once you're happy with the firewall

Adding current SSH session IP address to the csf whitelist in csf.allow:
Parameter to use lib must be directory, not file at /etc/csf/csf.pl line 138
Adding 68.79.1.214 to csf.allow only while in TESTING mode (not iptables ACCEPT)
*WARNING* TESTING mode is enabled - do not forget to disable it in the configuration

Installation Completed

++ head -n 1
++ cut -f 3 -d ' '
++ grep TCP_IN /etc/csf/csf.conf
++ cut -f 2 -d '"'
+ tcpin=20,21,22,25,53,80,110,143,443,465,587,993,995,12112
++ grep TCP_OUT /etc/csf/csf.conf
++ head -n 1
++ cut -f 3 -d ' '
++ cut -f 2 -d '"'
+ tcpout=20,21,22,25,53,80,110,113,443
++ grep UDP_IN /etc/csf/csf.conf
++ head -n 1
++ cut -f 3 -d ' '
++ cut -f 2 -d '"'
+ udpin=20,21,53
++ grep UDP_OUT /etc/csf/csf.conf
++ head -n 1
++ cut -f 3 -d ' '
++ cut -f 2 -d '"'
+ udpout=20,21,53,113,123
++ grep TESTING /etc/csf/csf.conf
++ head -n 1
++ cut -f 3 -d ' '
++ cut -f 2 -d '"'
+ testing=1
+ cp -a /etc/csf/csf.conf /etc/csf/csf.conf.bak
+ sed -i s/20,21,22,25,53,80,110,143,443,465,587,993,995,12112/21,22,25,26,53,80,110,143,443,465,671,993,995,1167,2077,2078,2082,2083,2086,2087,2095,2096,3306,3784 ,10050/g /etc/csf/csf.conf
+ sed -i s/20,21,22,25,53,80,110,113,443/21,25,80,110,443,43/g /etc/csf/csf.conf
+ sed -i s/20,21,53/53,631,665,668,3784/g /etc/csf/csf.conf
+ sed -i s/20,21,53,113,123/20,21,53/g /etc/csf/csf.conf
+ sed -i s/1/0/g /etc/csf/csf.conf
+ echo 'The default CSF configuration has been backed up to the following location: /etc/csf/csf.conf.bak'
The default CSF configuration has been backed up to the following location: /etc/csf/csf.conf.bak
+ echo 'SUCCESS! CSF has been installed and autoconfigured for cPanel.'
SUCCESS! CSF has been installed and autoconfigured for cPanel.
+ echo 'TESTING MODE: OFF'
TESTING MODE: OFF
+ echo 'Please ensure that TCP inbound access is allowed for this server'\''s SSH listening port. Once this is complete, start the firewall with '\''/etc/init.d/csf start'\'''
Please ensure that TCP inbound access is allowed for this server's SSH listening port. Once this is complete, start the firewall with '/etc/init.d/csf start'
[root@server ~]#

As you can see from this output, the tcpin variable is calculated properly but when the sed command substitute's the variable's value, the replace is done incorrectly. The sed -i command (+ sed -i s/20,21,22,25,53,80,110,143,443,465,587,993,995,12112/21,22,25,26,53,80,110,143,443,465,671,993,995,1167,2077,2078,2082,2083,2086,2087,2095,2096,3306,3784 ,10050/g /etc/csf/csf.conf) messes up the formatting by not including 21, changing 1's to zero's, etc.

BTW: I'm not sure what you mean by code tags as this is my first script and my Bash scripting experience is minimal at best. Some examples would be great.

Well, the wrong (?) statement is:
which corresponds to
in your script. It actually substitutes the 1 with 0 and the 21 is changed into 20. Maybe you have to review the assignment of the testing variable in your script, if it is not what you expect.

Regarding CODE tags, they are a feature of LinuxQuestions, not bash. See the lines of code in my posts, they are enclosed in a box. They have the advantage to preserve text formatting, useful to post lines of code and have the indentation and the spacing preserved. They improve readability. To use them, you have to go in Advanced Mode (see the button "Go Advanced" below) then select a block of text you have written and push the # button in the toolbar. To speed up the insertion of code tags, I do it manually by enclosing the text between [CODE] and [/CODE].

colucix, how did you manage to prevent the last piece of your above post to treated as a code block? I've been looking for that for a long time.

I saw the [noparse] when I opened you post for quoting so wondered where you found the 'button' to achieve this or how you found it out?

I now know how to achieve it, thanks.

There is no specific button. I remember that someone told me about NOPARSE, so I use it typing the tags directly in my posts. As I do to speed up the instertion of CODE tags without switching to advanced mode.

I think that was me!

Really? My memory begins to have holes! Ok... I'll spill a beer!

Attached Images

 

So do I. I usually only see advanced mode when I quote

Thanks for the link.