Possible to speed this while read bash script up?

Question

I'm still VERY new to the whole linux bash scripting and I've come up with this little bit of code, unfortunately, its execution time is kinda long for a small file (193 KiB)

real 0m7.234s user 0m6.772s sys 0m3.486s

If you could take a look at it, pass some improvements or tips, would be appreciated!

#!/bin/bash
#
while read line; do
    RNAME=$(echo $line | grep -w "ET CINS Active Threat Intelligence Poor Reputation" | sed 's/^.*\(ET CINS Active Threat Intelligence Poor Reputation.*\)/\1/g' | sed 's/".*//') 
    RSID=$(echo $line | grep -w "ET CINS Active Threat Intelligence Poor Reputation" | grep -o "sid:.*" | awk '{print $1}' | rev | cut -c 2- | rev | cut -c 5-)
    echo $line | grep -w "ET CINS Active Threat Intelligence Poor Reputation" | awk '{print  "'"$RSID"'" " " "\"[;][)]\"" " " "\"" "; fwsam: src[either], 1 hour;)\"; # " "'"$RNAME"'" }'#  >> /tmp/snortsam-rules.txt
    echo $line | grep -w "ET CINS Active Threat Intelligence Poor Reputation" | awk '{print  "'"$RSID"'" " " "\"\\(msg:\"\" \"(msg:\"[SNORTSAM] \"; # " "'"$RNAME"'" }'  >> /tmp/snortsam-rules.txt
done < /etc/snort.d/rules/emerging-threats/emerging-ciarmy.rules

Contents of the Input file:

alert tcp [1.11.244.148,1.119.129.16,1.119.133.214,1.119.144.196,1.163.25.190,1.170.159.97,1.173.65.136,1.177.142.203,1.177.220.170,1.177.251.214,1.180.189.18,1.180.208.131,1.180.208.132,1.180.233.23,1.186.176.220,1.186.176.246,1.186.220.92,1.186.235.187,1.192.123.218,1.192.145.246,1.202.225.53,1.202.65.39,1.215.230.46,1.221.225.138,1.228.102.199,1.230.44.160,1.232.113.151,1.234.1.70,1.234.4.14,1.239.35.88,1.24.156.110,1.245.107.90,1.247.184.111,1.251.177.206,1.253.135.172,1.254.20.189,1.254.47.75,1.28.202.11,1.28.202.16,1.31.87.35,1.32.200.123,1.32.216.88,1.32.47.74,1.33.73.100,1.34.113.192,1.34.158.177,1.34.209.99,1.34.21.27,1.34.2.152,1.34.28.244] any -> $HOME_NET any (msg:"ET CINS Active Threat Intelligence Poor Reputation IP TCP group 1"; flags:S; reference:url,www.cinsscore.com; reference:url,www.networkcloaking.com/cins; threshold: type limit, track by_src, seconds 3600, count 1; classtype:misc-attack; sid:2403300; rev:40471;)

Output Sample Code:

2403300 "[;][)]" "; fwsam: src, 1 hour;)"; # ET CINS Active Threat Intelligence Poor Reputation IP TCP group 1

Basically, what i want to do is, take some parts of the input contents, and save them into a file, like the above output sample code, if that makes sense?

Answer 1

Note:

1. Reading individual lines from a file and the running multiple programs on each line multiple times is going be to excruciatingly slow.
2. See above for each time you do echo $line | ....

Most of this can be done by awk itself:

awk -v fmt1='%s "[;][)]" "; fwsam: src, 1 hour;)"; # %s\n' -v fmt2='%s "\\(msg:"" "(msg:"[SNORTSAM] "; # %s\n' '/ET CINS Active Threat Intelligence Poor Reputation/ {
  rname = gensub(/.*(ET CINS Active Threat Intelligence Poor Reputation [^"]*).*/, "\\1", 1)
  rsid = gensub(/.*ET CINS Active Threat Intelligence Poor Reputation.*sid:(.*); .*/, "\\1", 1)
  printf fmt1, rsid, rname
  printf fmt2, rsid, rname
}' input-file

Notes:

1. Instead of doing complex escaping to get a particular output format, use printf with a format string. I Used two awk variables defined externally (-v fmt1=..., -v fmt2=...) as the format strings, thereby avoiding a lot of quoting.
2. You have used echo ... | grep ... | awk to print only if the grep pattern is matched. This is easily done in awk itself by using /pattern/ { action } to run actions only on lines matching the pattern.
3. The rev | cut | rev | cut and sed ... | sed commands' work is done easily enough in regex by keeping only the group of characters you need.