C# Windows IPSEC监控(仅此一家,别无分店)

Posted on 2017-10-18 13:52  #大囚长#  阅读(217)  评论(0编辑  收藏  举报

Windows IPSEC监控,使用C#编写,输出为一行字符串,可以按照既有IPSEC规则生成模板

using System;
using System.Diagnostics;
using System.IO;
using System.Text;

namespace WindowsIPSecMonitor
{
    class WindowsIPSecMonitor
    {
        //*****颜色提示*****
        //红色警告
        private static void RedError(string text)
        {
            Console.ForegroundColor = ConsoleColor.Red;
            Console.WriteLine(text);
            Console.ForegroundColor = ConsoleColor.White;
        }

        //黄色提示
        private static void YellowWarn(string text)
        {
            Console.ForegroundColor = ConsoleColor.Yellow;
            Console.WriteLine(text);
            Console.ForegroundColor = ConsoleColor.White;
        }

        //绿色提示
        private static void GreenPrint(string text)
        {
            Console.ForegroundColor = ConsoleColor.Green;
            Console.WriteLine(text);
            Console.ForegroundColor = ConsoleColor.White;
        }

        //系统命令执行函数
        private static string Execute(string command, int seconds)
        {
            string output = ""; //输出字符串  
            if (command != null && !command.Equals(""))
            {
                Process process = new Process();//创建进程对象  
                ProcessStartInfo startInfo = new ProcessStartInfo();
                startInfo.FileName = "cmd.exe";//设定需要执行的命令  
                startInfo.Arguments = "/C " + command;//“/C”表示执行完命令后马上退出  
                startInfo.UseShellExecute = false;//不使用系统外壳程序启动  
                startInfo.RedirectStandardInput = false;//不重定向输入  
                startInfo.RedirectStandardOutput = true; //重定向输出  
                startInfo.CreateNoWindow = true;//不创建窗口  
                process.StartInfo = startInfo;
                try
                {
                    if (process.Start())//开始进程  
                    {
                        if (seconds == 0)
                        {
                            process.WaitForExit();//这里无限等待进程结束  
                        }
                        else
                        {
                            process.WaitForExit(seconds); //等待进程结束,等待时间为指定的毫秒  
                        }
                        output = process.StandardOutput.ReadToEnd();//读取进程的输出  
                    }
                }
                catch
                {
                }
                finally
                {
                    if (process != null)
                        process.Close();
                }
            }
            return output;
        }

        //追加写入文件函数
        private static void FileRec(string input, string filename)
        {
            FileStream fs = new FileStream(filename, FileMode.Append);
            StreamWriter sw = new StreamWriter(fs, Encoding.GetEncoding("GB2312"));
            //开始写入
            sw.Write(input);
            //清空缓冲区
            sw.Flush();
            //关闭流
            sw.Close();
            fs.Close();
        }

        //追加一个文件到另一个文件末尾
        private static void AppendFile(string Filenamesrc, string Filenamedst)
        {
            string command = "type " + Filenamesrc + ">>" + Filenamedst;
            Execute(command, 1);
        }

        //生成机器当前操作模板用作比对
        private static void GenCurrentLocalTemplates()
        {
            //命令全局变量
            string cmd;

            //获取所有的策略名
            //cmd = "netsh ipsec static show policy all | findstr \"策略名称\" 2>&1"; //适用中文简体语言环境
            cmd = "netsh ipsec static show policy all | findstr \"Policy name\" 2>&1";//适用于英文环境
            string[] policy = Execute(cmd, 1).Replace("策略名称", "").Replace("Policy Name", "").Replace("\r\n", "").Replace(":", "").Split(new string[] { " " }, StringSplitOptions.RemoveEmptyEntries);
            foreach (string policyname in policy)
            {
                //执行命令生成文件
                cmd = "netsh ipsec static show rule all policy = " + policyname + " level = Verbose Format = table>CurrentFullIPSec.log 2>&1";
                Execute(cmd, 1);

                //处理文件
                try
                {
                    //int Counter = 0;
                    string line;
                    //处理文件中“是”/“YES”开头不连续的行
                    StreamReader file1 = new StreamReader("CurrentFullIPSec.log", Encoding.GetEncoding("GB2312"));
                    while ((line = file1.ReadLine()) != null)
                    {
                        //if (line.StartsWith("是"))//适用于中文简体语言环境
                        if (line.StartsWith("YES"))//适用于英文环境
                        {
                            string ProcessedData = Environment.NewLine + line.TrimEnd();
                            FileRec(ProcessedData, "Temp1.log");
                        }
                        else
                        {
                            FileRec(line + Environment.NewLine, "Temp1.log");
                        }
                        //Counter++;//计数
                    }
                    file1.Close();//关闭文件读取流

                    //截取所有YES开头的行保存到文件
                    //Counter = 0;
                    StreamReader file2 = new StreamReader("Temp1.log", Encoding.GetEncoding("GB2312"));
                    while ((line = file2.ReadLine()) != null)
                    {
                        //if (line.StartsWith("是") || line.StartsWith("YES") || line.StartsWith("筛选器列表名称") || line.StartsWith("Rule Name") || line.StartsWith("筛选器操作名称") || line.StartsWith("FilterAction Name") || line.StartsWith("操作") || line.StartsWith("Action") || line.StartsWith("筛选器数目") || line.StartsWith("No. of Filters"))
                        if (line.StartsWith("是") || line.StartsWith("YES") || line.StartsWith("操作") || line.StartsWith("Action"))
                        {
                            string ProcessedData = line.Trim() + Environment.NewLine;
                            ProcessedData = ProcessedData.Replace(" ", "").Replace("\t", "");
                            FileRec(ProcessedData, "LocalTemplate.log");
                        }
                        //Counter++;//计数
                    }
                    file2.Close();//关闭文件读取流

                    //删除临时文件
                    File.Delete("Temp1.log");
                    File.Delete("CurrentFullIPSec.log");

                    //Counter = 0;
                    StreamReader file3 = new StreamReader("LocalTemplate.log", Encoding.GetEncoding("GB2312"));
                    while ((line = file3.ReadLine()) != null)
                    {
                        if (line.StartsWith("操作") || line.StartsWith("Action"))
                        {
                            //用操作名作为文件名
                            string NewFilename = line.Trim() + ".txt";
                            //将文件内容读取进操作名文件
                            AppendFile("Temp2.log", NewFilename);
                            File.Delete("Temp2.log");
                        }
                        else
                        {
                            FileRec(line + Environment.NewLine, "Temp2.log");
                        }
                        //Counter++;//计数
                    }
                    file3.Close();//关闭文件读取流
                    File.Delete("LocalTemplate.log");
                }
                catch (IOException)
                {
                    Console.WriteLine("IO Error! Please consult the programmer!" + Environment.NewLine);
                }
            }
        }

        //根据监控模板生成比对文件
        private static void GenMonitorTemplates(string TemplateFile)
        {
            string line;
            try
            {
                StreamReader file = new StreamReader(TemplateFile, Encoding.GetEncoding("GB2312"));
                line = file.ReadToEnd();
                string[] policylines = line.Split(new string[] { "BLOCK", "PERMIT" }, StringSplitOptions.RemoveEmptyEntries);
                FileRec(policylines[0], "MonitorPermitTemplate.txt");
                FileRec(policylines[1], "MonitorBlockTemplate.txt");
                file.Close();//关闭文件读取流
            }
            catch (Exception)
            {
                Console.WriteLine("File IO Error!");
            }
        }

        //比对文件
        private static string CompareFile(string FileSRC, string FileDST)
        {
            //int Counter = 0;
            string lineA;
            string lineB;
            string lineC = "";
            if (!File.Exists(FileSRC) || !File.Exists(FileDST))
            {
                return "Files don't exist! Comparation failed!";
            }
            else
            {
                try
                {
                    StreamReader fileA = new StreamReader(FileSRC, Encoding.GetEncoding("GB2312"));
                    StreamReader fileB = new StreamReader(FileDST, Encoding.GetEncoding("GB2312"));
                    lineB = fileB.ReadToEnd();
                    while ((lineA = fileA.ReadLine()) != null)
                    {
                        if (!lineB.Contains(lineA.Trim()))
                        {
                            lineC += lineA + Environment.NewLine;
                        }
                        //Counter++;//计数
                    }
                    fileA.Close();//关闭文件读取流
                    fileB.Close();//关闭文件读取流               
                }
                catch (Exception)
                {
                    Console.WriteLine("File IO error!");
                }
                return lineC;
            }
        }

        //删除临时文件
        private static void DeleteFile()
        {
            //File.Delete("操作允许.txt");//中文简体环境
            //File.Delete("操作阻止.txt");//中文简体环境
            File.Delete("ActionPERMIT.txt");//英文环境
            File.Delete("ActionBLOCK.txt");//英文环境
            File.Delete("MonitorPermitTemplate.txt");//删除根据监控模板生成的PERMIT对比文件
            File.Delete("MonitorBlockTemplate.txt");//删除根据监控模板生成的BLOCK对比文件
        }

        //数据类
        public class Data
        {
            public string time;
            public string result;
            public string status;
            public string JobID;
            public void Print_data()
            {
                Console.WriteLine("{\"result\":\"" + result + "\",\"status\":\"" + status + "\",\"time\":\"" + time + "\",\"id\":\"" + JobID + "\",\"info\":\"\"}");
            }

        }

        //主函数
        static void Main(string[] args)
        {
            string Current_Path = AppDomain.CurrentDomain.BaseDirectory;

            //一次赋值使用的全局变量,用于接收命令行字符串
            string cmd;

            try
            {
                //*****帮助*****
                if (args[0] == "-h" || args[0] == "--help")
                {
                    GreenPrint("Usage:");
                    GreenPrint("Use WindowsIPSecMonitor.exe --Backup to backup current localmachine's IPSec");
                    GreenPrint("Use WindowsIPSecMonitor.exe --GCLMT to generate current localmachine's IPSec monitor tempalte");
                    GreenPrint("Use WindowsIPSecMonitor.exe --Investigate --idle [MonitorTemplateFileName] to see the IPSec comparation result");
                    GreenPrint("Use WindowsIPSecMonitor.exe [JobID] [Server] [MonitorTemplateFileName] to see the monitor result");
                    Environment.Exit(0);
                }
                //备份IPSec
                if (args[0] == "--Backup")
                {
                    string time = DateTime.Now.ToString("yyyy-MM-dd#HH.mm.ss");
                    cmd = "netsh ipsec static exportpolicy file=" + time;
                    Execute(cmd, 1);
                    YellowWarn("IPSec has been backed up as " + time + ".ipsec!");
                    Environment.Exit(0);
                }
                //生成当前机器用作监控的模板
                if (args[0] == "--GCLMT")
                {
                    //生成用作对比的当前机器模板
                    GenCurrentLocalTemplates();
                    //cmd = "(echo PERMIT&type 操作允许.txt&echo BLOCK&type 操作阻止.txt)>NewlyGeneratedTempalteForMonitor.txt";//简体中文环境
                    cmd = "(echo PERMIT&type ActionPERMIT.txt&echo BLOCK&type ActionBLOCK.txt)>NewlyGeneratedTempalteForMonitor.txt";//英文环境
                    Execute(cmd, 1);
                    YellowWarn("Template generated! Filename is NewlyGeneratedTempalteForMonitor.txt.");
                    //File.Delete("操作允许.txt");//简体中文环境
                    //File.Delete("操作阻止.txt");//简体中文环境
                    File.Delete("ActionPERMIT.txt");//英文环境
                    File.Delete("ActionBLOCK.txt");//英文环境
                    Environment.Exit(0);
                }
            }
            catch (Exception)
            {
                RedError("Parameter error! Use -h or --help for help");
                Environment.Exit(0);
            }

            //实例化类
            Data D = new Data();
            D.status = "2";
            D.result = "IPSec is fine!";
            D.time = DateTime.Now.ToString("yyyy-MM-dd HH:mm:ss");
            try
            {
                D.JobID = args[0];
            }
            catch (Exception)
            {
                RedError("Parameter error! Use -h or --help for help");
                Environment.Exit(0);
            }

            //检查IPSec是否开启           
            cmd = "netsh ipsec static show policy all";
            bool NotAssigned1 = Execute(cmd, 1).Contains("Assigned               : NO");
            bool NotAssigned2 = Execute(cmd, 1).Contains("已分配                 : 否");
            if (NotAssigned1 || NotAssigned2)
            {
                D.status = "4";
                D.result = "Policy is not assigned!";
                D.Print_data();
                Environment.Exit(0);
            }

            //生成用作对比的当前机器模板
            GenCurrentLocalTemplates();

            try
            {
                //处理生成监控模板对比文件,使用命令行参数做文件名
                GenMonitorTemplates(Current_Path + args[2]);
                //比对文件
                //string result1 = CompareFile("MonitorPermitTemplate.txt", "操作允许.txt");//中文简体环境
                //string result2 = CompareFile("操作允许.txt", "MonitorPermitTemplate.txt");//中文简体环境
                //string result3 = CompareFile("MonitorBlockTemplate.txt", "操作阻止.txt");//中文简体环境
                //string result4 = CompareFile("操作阻止.txt", "MonitorBlockTemplate.txt");//中文简体环境
                string result1 = CompareFile("MonitorPermitTemplate.txt", "ActionPERMIT.txt");//英文环境
                string result2 = CompareFile("ActionPERMIT.txt", "MonitorPermitTemplate.txt");//英文环境
                string result3 = CompareFile("MonitorBlockTemplate.txt", "ActionBLOCK.txt");//英文环境
                string result4 = CompareFile("ActionBLOCK.txt", "MonitorBlockTemplate.txt");//英文环境

                //显示调试信息
                if (args[0] == "--Investigate")
                {
                    YellowWarn("LocalPermit lacks the following line(s):");
                    Console.WriteLine(result1);
                    YellowWarn("MonitorPermit lacks the fowllowing line(s):");
                    Console.WriteLine(result2);
                    YellowWarn("LocalBlock lakcs the following line(s):");
                    Console.WriteLine(result3);
                    YellowWarn("MonitorBlock lacks the following line(s):");
                    Console.WriteLine(result4);
                    DeleteFile();
                }
                else
                {
                    if (result1 != "" || result2 != "" || result3 != "" || result4 != "")
                    {
                        D.status = "4";
                        D.result = "IPSec error!";
                        D.Print_data();
                        DeleteFile();
                        Environment.Exit(0);
                    }
                    //如果没有错误则输出正确结果
                    D.Print_data();
                    DeleteFile();
                    Environment.Exit(0);
                }
            }
            catch (Exception)
            {
                RedError("Error! No filename parameter provided!");
                DeleteFile();
            }
        }
    }
}