怕麻烦

前几天公司有个监控系统要配策略文件,人工配!!!!!!!

通过端口来生成文件,麻烦啊

自己在大四最后弄完毕设后,看了下python,果断用python做!!!话说最然是做成功了(可以通过python来生成指定策略的对应文件)但是因为老大的分析是错的(对于其他策略不能通用。。),所以生成的也是错误的分析结果,我靠

这件事算是过去了

防火墙策略分析

尼玛,又是手工配,累死,累死,累死

看python大显神通

  1 #!/usr/bin/env python
  2 #coding=utf-8
  3 import re
  4 from xlwt import *;
  5 
  6 print 'Begin:)';
  7 file=open("test.txt",'r');
  8 servport=[{'name':'AOL','tcp':'5190-5194','udp':''},{'name':'APPLE-ICHAT-SNATMAP','tcp':'','udp':'5678'},{'name':'BGP','tcp':'179'},{'name':'CHARGEN','tcp':'19','udp':'19'},{'name':'DHCP-Relay','tcp':'67','udp':'68'},{'name':'DISCARD','udp':'9','tcp':'9'},{'name':'DNS','tcp':'53','udp':'53'},{'name':"ECHO",'tcp':'7','udp':'7'},{'name':'FINGER','tcp':'79','udp':''},{'name':'FTP','tcp':'21','udp':''},{'name':'FTP-Get','tcp':'21','udp':''},{'name':'FTP-Put','tcp':'21','udp':''},{'name':'GNUTELLA','tcp':'6346-6347','udp':'6346-6347'},{'name':'GOPHER','tcp':'70','udp':''},{'name':'GRE','tcp':'ANY','udp':'ANY'},{'name':'GTP','tcp':'3386,2152,2123','udp':'3386,2152,2123'},{'name':'H.323','tcp':'1720,1503,389,522,1731','udp':'1719'},{'name':'HTTP','tcp':'80','udp':''},{'name':'HTTP-EXT','tcp':'8000-8001,8080-8081,8100,8200,8888,9080,3128','udp':''}];                                                                                                                 
  9 nameip=[];
 10 gnameip=[];
 11 policy=[];
 12 target=[];
 13 pattern1='set service "(.*)" protocol ([a-z]+) src-port ([0-9\-]+) dst-port ([0-9\-]+)';
 14 pattern2='set address "(.*)" "(.*)" ([\d\.\s]+)';
 15 pattern3='set group address "(.*)" "(.*)" add "(.*)"';
 16 pattern4='set policy id ([\d]*) from "([\w\-]*)" to "([\w\-]*)"  "([\d\.aAnNyY]*)" "([\d\.aAnNyY]*)" "([\daAnNyY]*)" ([\w]+)';
 17 pattern5='^set policy id (.*)$';
 18 pattern6='^set service "(.*)"$';
 19 pattern7='^set src-address "(.*)"$';
 20 pattern8='^set dst-address "(.*)"$';
 21 pattern9='exit';
 22 temp={};
 23 doneinsert='x';
 24 line=file.readline()
 25 while line:
 26             m1=re.match(pattern1,line);
 27             m2=re.match(pattern2,line);
 28             m3=re.match(pattern3,line);
 29             m4=re.match(pattern4,line);
 30             m5=re.match(pattern5,line);
 31             m6=re.match(pattern6,line);
 32             m7=re.match(pattern7,line);
 33             m8=re.match(pattern8,line);
 34             m9=re.match(pattern9,line); 
 35             if(m1):
 36                 serv=m1.group(1);
 37                 protocol=m1.group(2);
 38                 port=m1.group(4);
 39                 if protocol == 'tcp':                
 40                     dict={'name':serv,'tcp':port,'udp':''};
 41                 else:
 42                     dict={'name':serv,'tcp':'','udp':port};        
 43                 servport.append(dict);
 44             elif(m2):
 45                 name=m2.group(2);
 46                 ip=m2.group(3);
 47                 ip=ip.strip();
 48                 ip=ip.strip('\n');
 49                 dict={'name':name,'ip':ip}
 50                 nameip.append(dict);
 51             elif(m3):
 52                 name=m3.group(2);
 53                 ipname=m3.group(3);
 54                 dict={'name':name,'ipname':ipname};
 55                 done=0;
 56                 for i in gnameip:                
 57                     if i['name']==name:
 58                         done=1;
 59                         ipnamelist=i['ipname'];
 60                         ipnamelist=ipnamelist.split(',');
 61                         ipnamelist.append(ipname);
 62                         ipnamelist=','.join(ipnamelist);
 63                         i['ipname']=ipnamelist;
 64                     else:
 65                         pass;
 66                 if done==0:
 67                     gnameip.append(dict);
 68     
 69             elif(m4):
 70                 doneinsert=0;
 71                 id=m4.group(1);
 72                 sarea=m4.group(2);
 73                 darea=m4.group(3);
 74                 sip=m4.group(4);
 75                 dip=m4.group(5);
 76                 serv=m4.group(6);
 77                 guide=m4.group(7);
 78                 dict={'id':id,'sarea':sarea,'sip':sip,'dip':dip,'serv':serv,'guide':guide,'darea':darea};
 79                 policy.append(dict);
 80             elif(m5):
 81                 doneinsert=0;
 82                 id=m5.group(1);
 83                 temp['id']=id;
 84                 
 85             elif(m6):
 86                 newserv=m6.group(1);
 87                 if temp.has_key('serv'):
 88                     serv=temp['serv'];
 89                     servlist=serv.split(',');
 90                     servlist.append(newserv);
 91                     serv=",".join(servlist);                       
 92                     temp['serv']=serv;
 93                 else: 
 94                     temp['serv']=newserv;                           
 95                 
 96             elif(m7): 
 97                 if temp.has_key('sip'):
 98                     newsip=m7.group(1);
 99                     sip=temp['sip'];
100                     sip=sip.split(',');
101                     sip.append(newsip);
102                     sip=','.join(sip);
103                     temp['sip']=sip;
104                 else:
105                     newsip=m7.group(1);
106                     temp['sip']=newsip;
107                 
108                 
109             elif(m8): 
110                 if temp.has_key('dip'):
111                     newdip=m8.group(1);
112                     dip=temp['dip'];
113                     dip=dip.split(',');
114                     dip.append(newdip);
115                     dip=','.join(dip);
116                     temp['dip']=dip;
117                 else:
118                     newdip=m8.group(1);
119                     temp['dip']=newdip;    
120                 
121             elif(m9 and doneinsert==0):
122                 
123                 for i in policy:
124                     if i['id']==temp['id']:
125                         doneinsert=1;
126                         
127                         if temp.has_key('serv'):
128                            serv=i['serv'];
129                            serv=serv.split(',');
130                            newserv=temp['serv'];
131                            serv.append(newserv);
132                            serv=','.join(serv);
133                            i['serv']=serv;
134                         if temp.has_key('sip'):
135                            sip=i['sip'];
136                            sip=sip.split(',');
137                            newsip=temp['sip'];
138                            sip.append(newsip);
139                            sip=','.join(sip);
140                            i['sip']=sip;
141                         if temp.has_key('dip'):
142                            dip=i['dip'];
143                            newdip=temp['dip'];
144                            dip=dip.split(',');
145                            dip.append(newdip);
146                            dip=','.join(dip);
147                            i['dip']=dip;
148                         temp={};
149                         break;
150             line=file.readline();                        
151 file.close();
152 source=[];
153 ip=[];
154 for i in gnameip:
155     ipname=i['ipname'];
156     ipnamelist=ipname.split(',');    
157     for j in ipnamelist:        
158         for k in nameip:
159             if j==k['name']:
160                 ip.append(k['ip']);
161                 
162     ip=','.join(ip);            
163     dict={'name':i['name'],'ip':ip};
164     nameip.append(dict);    
165 
166 for i in policy:
167     id=i['id'];
168     sip=i['sip'];
169     dip=i['dip'];
170     guide=i['guide'];
171     sarea=i['sarea'];
172     darea=i['darea'];
173     serv=i['serv'];        
174     if sip.lower()=='any':
175         sourcesip='any';
176     else:
177         ip=[];
178         iplist=sip.split(',');
179         for j in iplist:
180             for k in nameip:
181                 if j==k['name']:
182                     ip.append(k['ip']);
183         ip=','.join(ip);
184         sourcesip=ip;
185     if dip.lower()=='any':
186         sourcedip='any';
187     else:
188         ip=[];
189         iplist=dip.split(',');
190         for j in iplist:
191             for k in nameip:
192                 if j==k['name']:
193                     ip.append(k['ip']);
194         ip=','.join(ip);
195         sourcedip=ip;    
196     if serv.lower()=='any':
197         tcpport='any';
198         udpport='any';
199     else:
200         tcpport=[];
201         udpport=[]
202         servlist=serv.split(',');
203         for j in servlist:
204             for k in servport:
205                 if j==k['name']:
206                     tcpport.append(k['tcp']);
207                     udpport.append(k['udp']);
208         tcpport=','.join(tcpport);
209         udpport=','.join(udpport);
210     sourceguide=guide;
211     sourcesarea=sarea;
212     sourcedarea=darea;
213     sourceid=id;
214     dict={'id':sourceid,'sip':sourcesip,'dip':sourcedip,'sarea':sourcesarea,'darea':sourcedarea,'tcpport':tcpport,'udpport':udpport,'guide':sourceguide};
215     source.append(dict);
216 font0=Font();
217 font0.name='Times New Roman';
218 font0.bold=True;
219 font0.colour_index=4;
220 style0=easyxf('align: wrap on');
221 style0.font=font0;
222 w=Workbook(encoding='utf-8');
223 ws=w.add_sheet('analysis');
224 ws.write(0,1,'策略ID',style0);
225 ws.write(0,2,'源区域',style0);
226 ws.write(0,3,'目的区域',style0);
227 ws.write(0,4,'源地址',style0);
228 ws.write(0,5,'目的地址',style0);
229 ws.write(0,6,'端口',style0);
230 ws.write(0,7,'方针',style0);
231 i=1;
232 for k in source:
233     
234     ws.write(i,1,k['id'],style0);
235     ws.write(i,2,k['sarea'],style0);
236     ws.write(i,3,k['darea'],style0);
237     content=k['sip'];
238     content=content.split(',');
239     content='\n'.join(content);
240     ws.write(i,4,content,style0);
241     content=k['dip'];
242     content=content.split(',');
243     content='\n'.join(content);
244     ws.write(i,5,content,style0);
245     content1=k['tcpport'];
246     content2=k['udpport'];
247     judge=0;
248     content1=content1.split(',');
249     content2=content2.split(',');
250     for x in content2:
251         if x!='':
252             judge=1
253         else:
254             pass;
255     if judge==0:
256         content2='';
257     else:
258         content2=','.join(content2);
259     judge=0;
260     for x in content1:
261         if x!='':
262             judge=1;
263         else:
264             pass;
265     if judge==0:
266         content1='';
267     else:
268         content1=','.join(content1);
269     content='TCP端口:'+content1+'\nUDP端口:'+content2;
270     ws.write(i,6,content,style0);
271     ws.write(i,7,k['guide'],style0);
272     i=i+1;    
273 w.save('policy.xls');
274 print 'end:)';    
275     
276     
277     
278     
279     
280     
281     
282     
View Code

说实话,自己还没写过这么长的python,以前都是啥端口扫描什么的窘,这次写得也不算好,像很多方法可以写成函数.....没去管了,关键是脸上又长痘了,又长痘了,不要喝咖啡,不要熬夜,不要晚睡,要爱干净,干净,干净!!!!!!

 

posted @ 2016-04-11 10:34  平何去何  阅读(238)  评论(0编辑  收藏  举报