Python Forum

I am trying to modify the lines in a file. After the first few lines in a rules file, there are a lot of commented out rules, and it follows this format:
# alert tcp...
After running the script, I notice that the new file output is getting cut off. I checked the original file, and all of the content was there. So it seems somewhere my script is cutting text off at the end of the rules file. I've provided the function below that modifies such a rules file.

def updateFile (status, snortRulesFileName):
    print "working with file " + snortRulesFileName
    ruleFile = open(snortRulesFileName, 'r')
    w = open('output.txt', 'w')

    if status.lower() == "enable":
        for line in ruleFile:
            # Get the first 7 characters
            chars = line[:7]
            if chars == "# alert":
                    line = line[2:] # Remove first two beginning characters
            # Write the rule to another file
            w.write(line)

    if status.lower() == "disable":
        for line in ruleFile:
            # Add the comment chars
            # Get the first five characters of the line
            chars = line[:5]
            if chars == "alert":
                line = '# ' + line
                # print line
            w.write(line)

    # Copy the output file to the original file
    copyfile('output.txt', snortRulesFileName)
    # Then delete the output file
    os.remove('output.txt')
    w.close()

Can you provide sample input and output? It's not clear from your post what your expected vs. actual result is ("cut off" can mean each line, the whole file, or potentially something I'm not thinking of).

Sure

Error:
ERROR: /etc/snort/rules/protocol-voip.rules(336) Invalid configuration line: aler

In the modified file:


....
alert udp $EXTERNAL_NET any -> $SIP_SERVERS $SIP_PORTS (msg:"PROTOCOL-VOIP Known SIP scanner User-Agent detected"; flow:to_server; sip_header; content:"User-Agent: sipv"; fast_pattern:only; metadata:service sip; reference:url,blog.kolmisoft.com/sip-attack-friendly-scanner/; classtype:attempted-recon; sid:48317; rev:1;)
alert udp $EXTERNAL_NET any -> $SIP_SERVERS $SIP_PORTS (msg:"PROTOCOL-VOIP Known SIP scanner User-Agent detected"; flow:to_server; sip_header; content:"User-Agent: Gulp"; fast_pattern:only; metadata:service sip; reference:url,blog.kolmisoft.com/sip-attack-friendly-scanner/; classtype:attempted-recon; sid:48316; rev:1;)
aler[EOF]

In the original file:

...
# alert udp $EXTERNAL_NET any -> $SIP_SERVERS $SIP_PORTS (msg:"PROTOCOL-VOIP Known SIP scanner User-Agent detected"; flow:to_server; sip_header; content:"User-Agent: sipv"; fast_pattern:only; metadata:service sip; reference:url,blog.kolmisoft.com/sip-attack-friendly-scanner/; classtype:attempted-recon; sid:48317; rev:1;)
# alert udp $EXTERNAL_NET any -> $SIP_SERVERS $SIP_PORTS (msg:"PROTOCOL-VOIP Known SIP scanner User-Agent detected"; flow:to_server; sip_header; content:"User-Agent: Gulp"; fast_pattern:only; metadata:service sip; reference:url,blog.kolmisoft.com/sip-attack-friendly-scanner/; classtype:attempted-recon; sid:48316; rev:1;)
# alert udp $EXTERNAL_NET any -> $SIP_SERVERS $SIP_PORTS (msg:"PROTOCOL-VOIP Known SIP scanner User-Agent detected"; flow:to_server; sip_header; content:"User-Agent: SIVuS"; fast_pattern:only; metadata:service sip; reference:url,blog.kolmisoft.com/sip-attack-friendly-scanner/; classtype:attempted-recon; sid:48315; rev:1;)
...


*BUMP*