|
|
Sponsored Content
Top Forums
UNIX for Dummies Questions & Answers
insert multiple characters in string
Post 302635807 by shadyuk on Sunday 6th of May 2012 10:25:01 AM
05-06-2012
|
|
10 More Discussions You Might Find Interesting
1. Programming
I have a problem that I want to insert and delete some chars in the middle of a file. fopen() and fdopen() just allow to append at the end.
Is there any simple method or existing library that allow these actions? Thanks in advance.:confused: (7 Replies)
Discussion started by: ivancheung
7 Replies
2. Shell Programming and Scripting
Hi,
I want to test a unix file by inserting greek characters in to vi editor.
Can anyone please suggest how to insert greek characters in to vi editor. (2 Replies)
Discussion started by: DSDexter
2 Replies
3. Shell Programming and Scripting
Input:
Youcaneasilydothisbyhighlightingyourcode.
Putting space after three characters.
You can eas ily dot his byh igh lig hti ngy our cod e.
How can i do this using sed? (10 Replies)
Discussion started by: cola
10 Replies
4. Shell Programming and Scripting
Hello Folks..
I need your help ..
here the example of my problem..i know its easy..i don't all the commands in unix to do this especiallly sed...here my string..
dwc2_dfg_ajja_dfhhj_vw_dec2_dfgh_dwq
desired output is..
dwc2_dfg_ajja_dfhhj
it's a simple task with tail... (5 Replies)
Discussion started by: victor369
5 Replies
5. Shell Programming and Scripting
A file contains: abcdef
I need : a b c d e f
It's easy with sed
sed 's/./& /g'but this is embedded linux that doesn't have sed/awk. The shell is unknown but it's bashlike. Parameter expansion works and seems promising and. A question mark seems to work as a wildcard, but there doesn't seem... (5 Replies)
Discussion started by: fubaya
5 Replies
6. Shell Programming and Scripting
i have written a shell script that reads a csv file and inserts tokenized strings into the database.
the problem comes when the csv file has cyrillic characters.
how do i set the parameters in my shell script(korn shell) so that any characters can be inserted into the database. (3 Replies)
Discussion started by: vkca
3 Replies
7. Shell Programming and Scripting
Hello all,
I have a directory with 2000+ files. I need to look in each file for an invoice number. To identify this, i can search for the string 'BIG' and then retrieve the next 30 characters. I was thinking awk for this, but not sure how to do it. Each file contains one long string and in... (8 Replies)
Discussion started by: jdinero
8 Replies
8. Shell Programming and Scripting
I need to read a text file and insert a string every n lines, but also have the line counter restart when I come across a header string.
Line repeating working every 3 lines using code:
sed '0~3 s/$/\nINSERT/g' < INPUT/PATH/FILE_NAME.txt > OUTPUT/PATH/FILE_NAME.txt
I cannot seem to find... (1 Reply)
Discussion started by: Skonectthedots
1 Replies
9. Shell Programming and Scripting
i am having file like this
#!/bin/bash
read -p 'Username: ' uservar
match='<color="red" />'
text='this is only a test
so please be patient
<color="red" />'
echo "$text" | sed "s/$match/&$uservar\g"
so desireble output what i want is if user type MARIA
this is only a test
so please... (13 Replies)
Discussion started by: tomislav91
13 Replies
10. Shell Programming and Scripting
I have this fastq file:
@M04961:22:000000000-B5VGJ:1:1101:9280:7106 1:N:0:86
GGGGGGGGGGGGCATGAAAACATACAAACCGTCTTTCCAGAAATTGTTCCAAGTATCGGCAACAGCTTTATCAATACCATGAAAAATATCAACCACACCA
+test-1
GGGGGGGGGGGGGGGGGCCGGGGGFF,EDFFGEDFG,@DGGCGGEGGG7DCGGGF68CGFFFGGGG@CGDGFFDFEFEFF:30CGAFFDFEFF8CAF;;8... (10 Replies)
Discussion started by: Xterra
10 Replies
LEARN ABOUT DEBIAN
ike.config
ike.config(4) ike.config(4) NAME
ike.config - configuration file for IKE policy SYNOPSIS
/etc/inet/ike/config The /etc/inet/ike/config file contains rules for matching inbound IKE requests. It also contains rules for preparing outbound IKE requests. You can test the syntactic correctness of an /etc/inet/ike/config file by using the -c or -f options of in.iked(1M). You must use the -c option to test a config file. You may need to use the -f option if it is not in /etc/inet/ike/config. Lexical Components On any line, an unquoted # character introduces a comment. The remainder of that line is ignored. Additionally, on any line, an unquoted // sequence introduces a comment. The remainder of that line is ignored. There are several types of lexical tokens in the ike.config file: num A decimal, hex, or octal number representation is as in 'C'. IPaddr/prefix/range An IPv4 or IPv6 address with an optional /NNN suffix, (where NNN is a num) that indicates an address (CIDR) prefix (for example, 10.1.2.0/24). An optional /ADDR suffix (where ADDR is a second IP address) indicates an address/mask pair (for example, 10.1.2.0/255.255.255.0). An optional -ADDR suffix (where ADDR is a second IPv4 address) indicates an inclusive range of addresses (for example, 10.1.2.0-10.1.2.255). The / or - can be surrounded by an arbitrary amount of white space. XXX | YYY | ZZZ Either the words XXX, YYY, or ZZZ, for example, {yes,no}. p1-id-type An IKE phase 1 identity type. IKE phase 1 identity types include: dn, DN dns, DNS fqdn, FQDN gn, GN ip, IP ipv4 ipv4_prefix ipv4_range ipv6 ipv6_prefix ipv6_range mbox, MBOX user_fqdn "string" A quoted string. Examples include:"Label foo", or "C=US, OU=Sun Microsystems, Inc., N=olemcd@eng.example.com" A backslash () is an escape character. If the string needs an actual backslash, two must be specified. cert-sel A certificate selector, a string which specifies the identities of zero or more certificates. The specifiers can conform to X.509 naming conventions. A cert-sel can also use various shortcuts to match either subject alternative names, the filename or slot of a certificate in /etc/inet/ike/publickeys, or even the ISSUER. For example: "SLOT=0" "EMAIL=postmaster@domain.org" "webmaster@domain.org" # Some just work w/o TYPE= "IP=10.0.0.1" "10.21.11.11" # Some just work w/o TYPE= "DNS=www.domain.org" "mailhost.domain.org" # Some just work w/o TYPE= "ISSUER=C=US, O=Sun Microsystems, Inc., CN=Sun CA" Any cert-sel preceded by the character ! indicates a negative match, that is, not matching this specifier. These are the same kind of strings used in ikecert(1M). ldap-list A quoted, comma-separated list of LDAP servers and ports. For example, "ldap1.example.com", "ldap1.example.com:389", "ldap1.example.com:389,ldap2.example.com". The default port for LDAP is 389. parameter-list A list of parameters. File Body Entries There are four main types of entries: o global parameters o IKE phase 1 transform defaults o IKE rule defaults o IKE rules The global parameter entries are as follows: cert_root cert-sel The X.509 distinguished name of a certificate that is a trusted root CA certificate.It must be encoded in a file in the /etc/inet/ike/publickeys directory. It must have a CRL in /etc/inet/ike/crls. Multiple cert_root parameters aggregate. cert_trust cert-sel Specifies an X.509 distinguished name of a certificate that is self-signed, or has otherwise been verified as trustworthy for signing IKE exchanges. It must be encoded in a file in /etc/inet/ike/publickeys. Multiple cert_trust parameters aggregate. expire_timer integer The number of seconds to let a not-yet-complete IKE Phase I (Main Mode) negotiation linger before deleting it. Default value: 300 sec- onds. ignore_crls If this keyword is present in the file, in.iked(1M) ignores Certificate Revocation Lists (CRLs) for root CAs (as given in cert_root) ldap_server ldap-list A list of LDAP servers to query for certificates. The list can be additive. pkcs11_path string The string that follows is a pathname to a shared object (.so) that implements the PKCS#11 standard. If this setting is not present, the default value of /usr/lib/libpkcs11.so will be used. Most cryptographic providers go through the default library, and this parame- ter should only be used if a specialized provider of IKE-useful cryptographic services cannot interface with the Solaris Cryptographic Framework (see cryptoadm(1M). retry_limit integer The number of retransmits before any IKE negotiation is aborted. Default value: 5 times. retry_timer_init integer or float The initial interval (in seconds) between retransmits. This interval is doubled until the retry_timer_max value (see below) is reached. Default value: 0.5 seconds. retry_timer_max integer or float The maximum interval (in seconds) between retransmits. The doubling retransmit interval will stop growing at this limit. Default value: 30 seconds. Note - This value is never reached with the default configuration. The longest interval will be 8 (0.5 * 2 ^ (5 - 1)) seconds. proxy string The string following this keyword must be a URL for an HTTP proxy, for example, http://proxy:8080. socks string The string following this keyword must be a URL for a SOCKS proxy, for example, socks://socks-proxy. use_http If this keyword is present in the file, in.iked(1M) uses HTTP to retrieve Certificate Revocation Lists (CRLs). The following IKE phase 1 transform parameters can be prefigured using file-level defaults. Values specified within any given transform override these defaults. The IKE phase 1 transform defaults are as follows: p1_lifetime_secs num The proposed default lifetime, in seconds, of an IKE phase 1 security association (SA). p1_nonce_len num The length in bytes of the phase 1 (quick mode) nonce data. This cannot be specified on a per-rule basis. The following IKE rule parameters can be prefigured using file-level defaults. Values specified within any given rule override these defaults, unless a rule cannot. p2_nonce_len num The length in bytes of the phase 2 (quick mode) nonce data. This cannot be specified on a per-rule basis. local_id_type p1-id-type The local identity for IKE requires a type. This identity type is reflected in the IKE exchange. The type can be one of the following: o an IP address (for example, 10.1.1.2) o DNS name (for example, test.domain.com) o MBOX RFC 822 name (for example, root@domain.com) o DNX.509 distinguished name (for example, C=US, O=Sun Microsystems Inc., CN=Sun Test cert) p1_xform '{' parameter-list '} A phase 1 transform specifies a method for protecting an IKE phase 1 exchange. An initiator offers up lists of phase 1 transforms, and a receiver is expected to only accept such an entry if it matches one in a phase 1 rule. There can be several of these, and they are additive. There must be either at least one phase 1 transform in a rule or a global default phase 1 transform list. In a configuration file without a global default phase 1 transform list and a rule without a phase, transform list is an invalid file. Unless specified as optional, elements in the parameter-list must occur exactly once within a given transform's parameter-list: oakley_group number The Oakley Diffie-Hellman group used for IKE SA key derivation. Acceptable values are currently 1 (768-bit), 2 (1024-bit), or 5 (1536-bit). encr_alg {3des, 3des-cbc, blowfish, des, des-cbc} An encryption algorithm. auth_alg {md5, sha, sha1} An authentication algorithm. Note - Use ipsecalgs(1M) with the -l option to list the IPsec protocols and algorithms currently defined on a system. The cryp- toadm list -l command diplays a list of installed providers and their mechanisms. See cryptoadm(1M). auth_method {preshared, rsa_sig, rsa_encrypt, dss_sig} The authentication method used for IKE phase 1. p1_lifetime_secs num Optional. The lifetime for a phase 1 SA. p2_lifetime_secs num If configuring the kernel defaults is not sufficient for different tasks, this parameter can be used on a per-rule basis to set the IPsec SA lifetimes in seconds. p2_pfs num The Oakley Diffie-Hellman group used for IPsec SA key derivation. Acceptable values are 0 (do not use Perfect Forward Secrecy for IPsec SAs), 1 (768-bit), 2 (1024-bit), and 5 (1536-bit). An IKE rule starts with a right-curly-brace ({), ends with a left-curly-brace (}), and has the following parameters in between: label string Required parameter. The administrative interface to in.iked looks up phase 1 policy rules with the label as the search string. The administrative interface also converts the label into an index, suitable for an extended ACQUIRE message from PF_KEY - effectively tying IPsec policy to IKE policy in the case of a node initiating traffic. Only one label parameter is allowed per rule. local_addr <IPaddr/prefix/range> Required parameter. The local address, address prefix, or address range for this phase 1 rule. Multiple local_addr parameters accumu- late within a given rule. remote_addr <IPaddr/prefix/range> Required parameter. The remote address, address prefix, or address range for this phase 1 rule. Multiple remote_addr parameters accumu- late within a given rule. local_id_type p1-id-type Which phase 1 identity type I uses. This is needed because a single certificate can contain multiple values for use in IKE phase 1. Within a given rule, all phase 1 transforms must either use preshared or non-preshared authentication (they cannot be mixed). For rules with preshared authentication, the local_id_type parameter is optional, and defaults to IP. For rules which use non-preshared authenti- cation, the 'local_id_type' parameter is required. Multiple 'local_id_type' parameters within a rule are not allowed. local_id cert-sel Disallowed for preshared authentication method; required parameter for non-preshared authentication method. The local identity string or certificate selector. Only one local identity per rule is used, the first one stated. remote_id cert-sel Disallowed for preshared authentication method; required parameter for non-preshared authentication method. Selector for which remote phase 1 identities are allowed by this rule. Multiple remote_id parameters accumulate within a given rule. If a single empty string ("") is given, then this accepts any remote ID for phase 1. It is recommended that certificate trust chains or address enforcement be configured strictly to prevent a breakdown in security if this value for remote_id is used. p2_lifetime_secs num If configuring the kernel defaults is not sufficient for different tasks, this parameter can be used on a per-rule basis to set the IPsec SA lifetimes in seconds. p2_pfs num Use perfect forward secrecy for phase 2 (quick mode). If selected, the oakley group specified is used for phase 2 PFS. Acceptable val- ues are 0 (do not use Perfect Forward Secrecy for IPsec SAs), 1 (768-bit), 2 (1024-bit), and 5 (1536-bit). p1_xform { parameter-list } A phase 1 transform specifies a method for protecting an IKE phase 1 exchange. An initiator offers up lists of phase 1 transforms, and a receiver is expected to only accept such an entry if it matches one in a phase 1 rule. There can be several of these, and they are additive. There must be either at least one phase 1 transform in a rule or a global default phase 1 transform list. A ike.config file without a global default phase 1transform list and a rule without a phase 1 transform list is an invalid file. Elements within the parameter-list; unless specified as optional, must occur exactly once within a given transform's parameter-list: oakley_group number The Oakley Diffie-Hellman group used for IKE SA key derivation. Acceptable values are currently 1 (768-bit), 2 (1024-bit), or 5 (1536-bit). encr_alg {3des, 3des-cbc, blowfish, des, des-cbc} An encryption algorithm, as in ipsecconf(1M). auth_alg {md5, sha, sha1} An authentication algorithm, as specified in ipseckey(1M). auth_method {preshared, rsa_sig, rsa_encrypt, dss_sig} The authentication method used for IKE phase 1. p1_lifetime_secs num Optional. The lifetime for a phase 1 SA. Example 1: A Sample ike.config File The following is an example of an ike.config file: ### BEGINNING OF FILE ### First some global parameters... ### certificate parameters... # Root certificates. I SHOULD use a full Distinguished Name. # I must have this certificate in my local filesystem, see ikecert(1m). cert_root "C=US, O=Sun Microsystems, Inc., CN=Sun CA" # Explicitly trusted certs that need no signatures, or perhaps self-signed # ones. Like root certificates, use full DNs for them for now. cert_trust "EMAIL=root@domain.org" # Where do I send LDAP requests? ldap_server "ldap1.domain.org,ldap2.domain.org:389" ## phase 1 transform defaults... p1_lifetime_secs 14400 p1_nonce_len 20 ## Parameters that may also show up in rules. p1_xform { auth_method preshared oakley_group 5 auth_alg sha encr_alg 3des } p2_pfs 2 ### Now some rules... { label "simple inheritor" local_id_type ip local_addr 10.1.1.1 remote_addr 10.1.1.2 } { label "simple inheritor IPv6" local_id_type ipv6 local_addr fe80::a00:20ff:fe7d:6 remote_addr fe80::a00:20ff:fefb:3780 } { # an index-only rule. If I'm a receiver, and all I # have are index-only rules, what do I do about inbound IKE requests? # Answer: Take them all! label "default rule" # Use whatever "host" (e.g. IP address) identity is appropriate local_id_type ipv4 local_addr 0.0.0.0/0 remote_addr 0.0.0.0/0 p2_pfs 5 # Now I'm going to have the p1_xforms p1_xform {auth_method preshared oakley_group 5 auth_alg md5 encr_alg blowfish } p1_xform {auth_method preshared oakley_group 5 auth_alg md5 encr_alg 3des } # After said list, another keyword (or a '}') will stop xform parsing. } { # Let's try something a little more conventional. label "host to .80 subnet" local_id_type ip local_id "10.1.86.51" remote_id "" # Take any, use remote_addr for access control. local_addr 10.1.86.51 remote_addr 10.1.80.0/24 p1_xform { auth_method rsa_sig oakley_group 5 auth_alg md5 encr_alg 3des } p1_xform { auth_method rsa_sig oakley_group 5 auth_alg md5 encr_alg blowfish } p1_xform { auth_method rsa_sig oakley_group 5 auth_alg sha1 encr_alg 3des } p1_xform { auth_method rsa_sig oakley_group 5 auth_alg sha1 encr_alg blowfish } } { # Let's try something a little more conventional, but with ipv6. label "host to fe80::/10 subnet" local_id_type ip local_id "fe80::a00:20ff:fe7d:6" remote_id "" # Take any, use remote_addr for access control. local_addr fe80::a00:20ff:fe7d:6 remote_addr fe80::/10 p1_xform { auth_method rsa_sig oakley_group 5 auth_alg md5 encr_alg 3des } p1_xform { auth_method rsa_sig oakley_group 5 auth_alg md5 encr_alg blowfish } p1_xform { auth_method rsa_sig oakley_group 5 auth_alg sha1 encr_alg 3des } p1_xform { auth_method rsa_sig oakley_group 5 auth_alg sha1 encr_alg blowfish } } { # How 'bout something with a different cert type and name? label "punchin-point" local_id_type mbox local_id "ipsec-wizard@domain.org" remote_id "10.5.5.128" local_addr 0.0.0.0/0 remote_addr 10.5.5.128 p1_xform { auth_method rsa_sig oakley_group 5 auth_alg md5 encr_alg blowfish } } { label "receiver side" remote_id "ipsec-wizard@domain.org" local_id_type ip local_id "10.5.5.128" local_addr 10.5.5.128 remote_addr 0.0.0.0/0 p1_xform { auth_method rsa_sig oakley_group 5 auth_alg md5 encr_alg blowfish } # NOTE: Specifying preshared null-and-voids the remote_id/local_id # fields. p1_xform { auth_method preshared oakley_group 5 auth_alg md5 encr_alg blowfish} } See attributes(5) for descriptions of the following attributes: +-----------------------------+-----------------------------+ | ATTRIBUTE TYPE | ATTRIBUTE VALUE | +-----------------------------+-----------------------------+ |Availability |SUNWcsr | +-----------------------------+-----------------------------+ cryptoadm(1M), ikeadm(1M), in.iked(1M), ikecert(1M), ipseckey(1M), ipsecalgs(1M), ipsecconf(1M), attributes(5), random(7D) Harkins, Dan and Carrel, Dave. RFC 2409, Internet Key Exchange (IKE). Cisco Systems., November 1998. Maughan, Douglas et. al. RFC 2408, Internet Security Association and Key Management Protocol (ISAKMP). National Security Agency, Ft. Meade, MD. November 1998. Piper, Derrell. RFC 2407, The Internet IP Security Domain of Interpretation for ISAKMP. Network Alchemy. Santa Cruz, California. November 1998. 17 Oct 2005 ike.config(4)