Delete Lines within a file

(imported topic written by jaz23)

Hello,

I am looking for an action statement that allows me to delete specific lines in a file. I have already determined the lines are there, and at what number they are.

My relevance statement = true whenever I audit the system -

Q: if (exists line whose (it contains “143.182.113.108” AND (it contains “atdscppweb01”)) of file “C:\hosts”) then “Audit passed” else “Audit failed”

I also know that the lines I want deleted are 20 and 21 of that file.

I have searched the action libraries and can not find anything on delete specific lines within a file…

thx

jason

(imported comment written by BenKus)

Hey jaz,

We don’t normally offer a large toolkit of actions like deleting lines from a file because we expect that scripting languages or shell commands will work better for you… But in this case, you can use the “appendfile” to make a new file that doesn’t include those lines:

// read through the file, but skip the specific lines (will write out a new file called “__appendfile”)
appendfile {concatenation “%0a%0d” of lines whose (line number of it != 20 AND line number of it != 21) of file “C:\hosts”}

// replace the old file with the new file that doesn’t contain the lines:
delete "C:\hosts"
copy __appendfile “C:\hosts”

I suggest you spend some time testing that to make sure it works the way you want without any side-effects… Also, make sure you have the appropriate relevance on this action like:

exists line whose (it contains “143.182.113.108” AND (it contains “atdscppweb01”)) of file “C:\hosts”

Ben

(imported comment written by JasonO91)

jaz,

You may also want to look at using the unix utilities for Win32. I’ve simply added them to the utilities and can call them like any other command.

I’ve found cat, head, tail, grep, diff, etc to be very helpful when dealing with files I want to modify.

Maybe we could twist Ben’s arm into getting permission to redistribute them with the server :wink:

Jason

(imported comment written by jaz23)

Excellent Idea, thanks for the info…

jaz

(imported comment written by SystemAdmin)

I came across this one while searching for something similar. Figured I’d post what we did, which improves on this a little.

I’d also suggest using “%0d%0a” (CRLF) rather than “%0a%0d” (LFCR). Simple editors like Notepad won’t display the file properly unless it’s CRLF.

I don’t think I’d agree with blindly deleting lines 20 and 21 in the above case without the relevence confirming those lines first. Here’s the way we did it, also backing up the hosts file first. I always keep the last hosts file as hosts-old, and if a hosts-old exists I’ll rename that to today’s date.

I’m also making sure that the name in the hosts file isn’t case sensitive, and I don’t care about lines commented out (properly or white space to the left)

Assuming you wanted to remove “143.182.113.108” AND “atdscppweb01”…

Relevance:

exists file “hosts” whose (exists lines whose (it as left trimmed string does not start with “#” and it contains “143.182.113.108” ) of it OR exists lines whose (it as left trimmed string does not start with “#” and it as lowercase contains “atdscppweb01” ) of it) of folder “drivers\etc” of system folder

Action:

// Remove entries from the HOSTS file. If HOSTS-OLD exists, back that up to HOSTS-mmDDDYYYY-hhmm

// Previous HOSTS will remain as HOSTS-OLD

if {exists file “hosts-old” of folder “drivers\etc” of system folder}

move “{pathname of system folder}\drivers\etc\hosts-old” “{pathname of system folder}\drivers\etc\hosts-{(first 2 of it & substring between " " of it & last 4 of it) of (following text of position 5 of preceding text of position 16 of (now as string)) & “-” & (first 2 of it & last 2 of it) of (following text of position 17 of preceding text of last “:” of (now as string))}”

endif

delete __appendfile

appendfile {concatenation “%0d%0a” of lines whose (it as left trimmed string starts with “#” OR (it as lowercase does not contain “atdscppweb01” and it does not contain “143.182.113.108” )) of file “hosts” of folder “drivers\etc” of system folder}

move “{pathname of system folder}\drivers\etc\hosts” “{pathname of system folder}\drivers\etc\hosts-old”

move __appendfile “{pathname of system folder}\drivers\etc\hosts”

(imported comment written by jessewk)

wow. every once in awhile I get to the point where I think I know every inspector in the relevance language and then somebody tips me off to a useful one I’ve never seen or used.

“as left trimmed string” is new to me. Thanks!

Also, very nice work. I think this will be useful to lots of people.

(imported comment written by bc6591)

Correct me if I am wrong here, but when we tried this we ran into one possible problem to be aware of. The move command seems to carry permissions from its source to its destination location (this may be a problem if the move is other than within the same folder). And the copy command seems to NOT carry permissions but rather inherit permissions from its new destination parent folder, assuming its set to inherit.

So this command: move __appendfile “{pathname of system folder}\drivers\etc\hosts” may cause a permissions problem. We had to change the move to a copy and it worked just fine.

Other than that this worked nicely ! Thanks.

(imported comment written by SystemAdmin)

That wouldn’t surprise me if that was true. Under Windows if the file itself has permissions set, then moving it (cut/paste) will carry the file permissions along. Copying the file is another story becuase your creating a whole new file and it takes the permissions of the destination folder. I’m not a fan of setting permissions on a file for that reason. I perfer setting folder permissions instead.

For us, we were making a backup copy of the hosts file in the “etc” folder as a just-in-case. So a move or copy was the same thing in our situation.

Glad it worked for you. That’s whay I like the forums, because chances are one of us has already done it (or something similar).

-Paul