前几天公司有个监控系统要配策略文件,人工配!!!!!!!
通过端口来生成文件,麻烦啊
自己在大四最后弄完毕设后,看了下python,果断用python做!!!话说最然是做成功了(可以通过python来生成指定策略的对应文件)但是因为老大的分析是错的(对于其他策略不能通用。。),所以生成的也是错误的分析结果,我靠
这件事算是过去了
防火墙策略分析
尼玛,又是手工配,累死,累死,累死
看python大显神通
1 #!/usr/bin/env python 2 #coding=utf-8 3 import re 4 from xlwt import *; 5 6 print 'Begin:)'; 7 file=open("test.txt",'r'); 8 servport=[{'name':'AOL','tcp':'5190-5194','udp':''},{'name':'APPLE-ICHAT-SNATMAP','tcp':'','udp':'5678'},{'name':'BGP','tcp':'179'},{'name':'CHARGEN','tcp':'19','udp':'19'},{'name':'DHCP-Relay','tcp':'67','udp':'68'},{'name':'DISCARD','udp':'9','tcp':'9'},{'name':'DNS','tcp':'53','udp':'53'},{'name':"ECHO",'tcp':'7','udp':'7'},{'name':'FINGER','tcp':'79','udp':''},{'name':'FTP','tcp':'21','udp':''},{'name':'FTP-Get','tcp':'21','udp':''},{'name':'FTP-Put','tcp':'21','udp':''},{'name':'GNUTELLA','tcp':'6346-6347','udp':'6346-6347'},{'name':'GOPHER','tcp':'70','udp':''},{'name':'GRE','tcp':'ANY','udp':'ANY'},{'name':'GTP','tcp':'3386,2152,2123','udp':'3386,2152,2123'},{'name':'H.323','tcp':'1720,1503,389,522,1731','udp':'1719'},{'name':'HTTP','tcp':'80','udp':''},{'name':'HTTP-EXT','tcp':'8000-8001,8080-8081,8100,8200,8888,9080,3128','udp':''}]; 9 nameip=[]; 10 gnameip=[]; 11 policy=[]; 12 target=[]; 13 pattern1='set service "(.*)" protocol ([a-z]+) src-port ([0-9\-]+) dst-port ([0-9\-]+)'; 14 pattern2='set address "(.*)" "(.*)" ([\d\.\s]+)'; 15 pattern3='set group address "(.*)" "(.*)" add "(.*)"'; 16 pattern4='set policy id ([\d]*) from "([\w\-]*)" to "([\w\-]*)" "([\d\.aAnNyY]*)" "([\d\.aAnNyY]*)" "([\daAnNyY]*)" ([\w]+)'; 17 pattern5='^set policy id (.*)$'; 18 pattern6='^set service "(.*)"$'; 19 pattern7='^set src-address "(.*)"$'; 20 pattern8='^set dst-address "(.*)"$'; 21 pattern9='exit'; 22 temp={}; 23 doneinsert='x'; 24 line=file.readline() 25 while line: 26 m1=re.match(pattern1,line); 27 m2=re.match(pattern2,line); 28 m3=re.match(pattern3,line); 29 m4=re.match(pattern4,line); 30 m5=re.match(pattern5,line); 31 m6=re.match(pattern6,line); 32 m7=re.match(pattern7,line); 33 m8=re.match(pattern8,line); 34 m9=re.match(pattern9,line); 35 if(m1): 36 serv=m1.group(1); 37 protocol=m1.group(2); 38 port=m1.group(4); 39 if protocol == 'tcp': 40 dict={'name':serv,'tcp':port,'udp':''}; 41 else: 42 dict={'name':serv,'tcp':'','udp':port}; 43 servport.append(dict); 44 elif(m2): 45 name=m2.group(2); 46 ip=m2.group(3); 47 ip=ip.strip(); 48 ip=ip.strip('\n'); 49 dict={'name':name,'ip':ip} 50 nameip.append(dict); 51 elif(m3): 52 name=m3.group(2); 53 ipname=m3.group(3); 54 dict={'name':name,'ipname':ipname}; 55 done=0; 56 for i in gnameip: 57 if i['name']==name: 58 done=1; 59 ipnamelist=i['ipname']; 60 ipnamelist=ipnamelist.split(','); 61 ipnamelist.append(ipname); 62 ipnamelist=','.join(ipnamelist); 63 i['ipname']=ipnamelist; 64 else: 65 pass; 66 if done==0: 67 gnameip.append(dict); 68 69 elif(m4): 70 doneinsert=0; 71 id=m4.group(1); 72 sarea=m4.group(2); 73 darea=m4.group(3); 74 sip=m4.group(4); 75 dip=m4.group(5); 76 serv=m4.group(6); 77 guide=m4.group(7); 78 dict={'id':id,'sarea':sarea,'sip':sip,'dip':dip,'serv':serv,'guide':guide,'darea':darea}; 79 policy.append(dict); 80 elif(m5): 81 doneinsert=0; 82 id=m5.group(1); 83 temp['id']=id; 84 85 elif(m6): 86 newserv=m6.group(1); 87 if temp.has_key('serv'): 88 serv=temp['serv']; 89 servlist=serv.split(','); 90 servlist.append(newserv); 91 serv=",".join(servlist); 92 temp['serv']=serv; 93 else: 94 temp['serv']=newserv; 95 96 elif(m7): 97 if temp.has_key('sip'): 98 newsip=m7.group(1); 99 sip=temp['sip']; 100 sip=sip.split(','); 101 sip.append(newsip); 102 sip=','.join(sip); 103 temp['sip']=sip; 104 else: 105 newsip=m7.group(1); 106 temp['sip']=newsip; 107 108 109 elif(m8): 110 if temp.has_key('dip'): 111 newdip=m8.group(1); 112 dip=temp['dip']; 113 dip=dip.split(','); 114 dip.append(newdip); 115 dip=','.join(dip); 116 temp['dip']=dip; 117 else: 118 newdip=m8.group(1); 119 temp['dip']=newdip; 120 121 elif(m9 and doneinsert==0): 122 123 for i in policy: 124 if i['id']==temp['id']: 125 doneinsert=1; 126 127 if temp.has_key('serv'): 128 serv=i['serv']; 129 serv=serv.split(','); 130 newserv=temp['serv']; 131 serv.append(newserv); 132 serv=','.join(serv); 133 i['serv']=serv; 134 if temp.has_key('sip'): 135 sip=i['sip']; 136 sip=sip.split(','); 137 newsip=temp['sip']; 138 sip.append(newsip); 139 sip=','.join(sip); 140 i['sip']=sip; 141 if temp.has_key('dip'): 142 dip=i['dip']; 143 newdip=temp['dip']; 144 dip=dip.split(','); 145 dip.append(newdip); 146 dip=','.join(dip); 147 i['dip']=dip; 148 temp={}; 149 break; 150 line=file.readline(); 151 file.close(); 152 source=[]; 153 ip=[]; 154 for i in gnameip: 155 ipname=i['ipname']; 156 ipnamelist=ipname.split(','); 157 for j in ipnamelist: 158 for k in nameip: 159 if j==k['name']: 160 ip.append(k['ip']); 161 162 ip=','.join(ip); 163 dict={'name':i['name'],'ip':ip}; 164 nameip.append(dict); 165 166 for i in policy: 167 id=i['id']; 168 sip=i['sip']; 169 dip=i['dip']; 170 guide=i['guide']; 171 sarea=i['sarea']; 172 darea=i['darea']; 173 serv=i['serv']; 174 if sip.lower()=='any': 175 sourcesip='any'; 176 else: 177 ip=[]; 178 iplist=sip.split(','); 179 for j in iplist: 180 for k in nameip: 181 if j==k['name']: 182 ip.append(k['ip']); 183 ip=','.join(ip); 184 sourcesip=ip; 185 if dip.lower()=='any': 186 sourcedip='any'; 187 else: 188 ip=[]; 189 iplist=dip.split(','); 190 for j in iplist: 191 for k in nameip: 192 if j==k['name']: 193 ip.append(k['ip']); 194 ip=','.join(ip); 195 sourcedip=ip; 196 if serv.lower()=='any': 197 tcpport='any'; 198 udpport='any'; 199 else: 200 tcpport=[]; 201 udpport=[] 202 servlist=serv.split(','); 203 for j in servlist: 204 for k in servport: 205 if j==k['name']: 206 tcpport.append(k['tcp']); 207 udpport.append(k['udp']); 208 tcpport=','.join(tcpport); 209 udpport=','.join(udpport); 210 sourceguide=guide; 211 sourcesarea=sarea; 212 sourcedarea=darea; 213 sourceid=id; 214 dict={'id':sourceid,'sip':sourcesip,'dip':sourcedip,'sarea':sourcesarea,'darea':sourcedarea,'tcpport':tcpport,'udpport':udpport,'guide':sourceguide}; 215 source.append(dict); 216 font0=Font(); 217 font0.name='Times New Roman'; 218 font0.bold=True; 219 font0.colour_index=4; 220 style0=easyxf('align: wrap on'); 221 style0.font=font0; 222 w=Workbook(encoding='utf-8'); 223 ws=w.add_sheet('analysis'); 224 ws.write(0,1,'策略ID',style0); 225 ws.write(0,2,'源区域',style0); 226 ws.write(0,3,'目的区域',style0); 227 ws.write(0,4,'源地址',style0); 228 ws.write(0,5,'目的地址',style0); 229 ws.write(0,6,'端口',style0); 230 ws.write(0,7,'方针',style0); 231 i=1; 232 for k in source: 233 234 ws.write(i,1,k['id'],style0); 235 ws.write(i,2,k['sarea'],style0); 236 ws.write(i,3,k['darea'],style0); 237 content=k['sip']; 238 content=content.split(','); 239 content='\n'.join(content); 240 ws.write(i,4,content,style0); 241 content=k['dip']; 242 content=content.split(','); 243 content='\n'.join(content); 244 ws.write(i,5,content,style0); 245 content1=k['tcpport']; 246 content2=k['udpport']; 247 judge=0; 248 content1=content1.split(','); 249 content2=content2.split(','); 250 for x in content2: 251 if x!='': 252 judge=1 253 else: 254 pass; 255 if judge==0: 256 content2='无'; 257 else: 258 content2=','.join(content2); 259 judge=0; 260 for x in content1: 261 if x!='': 262 judge=1; 263 else: 264 pass; 265 if judge==0: 266 content1='无'; 267 else: 268 content1=','.join(content1); 269 content='TCP端口:'+content1+'\nUDP端口:'+content2; 270 ws.write(i,6,content,style0); 271 ws.write(i,7,k['guide'],style0); 272 i=i+1; 273 w.save('policy.xls'); 274 print 'end:)'; 275 276 277 278 279 280 281 282
说实话,自己还没写过这么长的python,以前都是啥端口扫描什么的窘,这次写得也不算好,像很多方法可以写成函数.....没去管了,关键是脸上又长痘了,又长痘了,不要喝咖啡,不要熬夜,不要晚睡,要爱干净,干净,干净!!!!!!