怕麻烦
2016-04-11 10:34
519 查看
前几天公司有个监控系统要配策略文件,人工配!!!!!!!
通过端口来生成文件,麻烦啊
自己在大四最后弄完毕设后,看了下python,果断用python做!!!话说最然是做成功了(可以通过python来生成指定策略的对应文件)但是因为老大的分析是错的(对于其他策略不能通用。。),所以生成的也是错误的分析结果,我靠
这件事算是过去了
防火墙策略分析
尼玛,又是手工配,累死,累死,累死
看python大显神通
View Code
说实话,自己还没写过这么长的python,以前都是啥端口扫描什么的窘,这次写得也不算好,像很多方法可以写成函数.....没去管了,关键是脸上又长痘了,又长痘了,不要喝咖啡,不要熬夜,不要晚睡,要爱干净,干净,干净!!!!!!
通过端口来生成文件,麻烦啊
自己在大四最后弄完毕设后,看了下python,果断用python做!!!话说最然是做成功了(可以通过python来生成指定策略的对应文件)但是因为老大的分析是错的(对于其他策略不能通用。。),所以生成的也是错误的分析结果,我靠
这件事算是过去了
防火墙策略分析
尼玛,又是手工配,累死,累死,累死
看python大显神通
#!/usr/bin/env python
#coding=utf-8
import re
from xlwt import *;
print 'Begin:)';
file=open("test.txt",'r');
servport=[{'name':'AOL','tcp':'5190-5194','udp':''},{'name':'APPLE-ICHAT-SNATMAP','tcp':'','udp':'5678'},{'name':'BGP','tcp':'179'},{'name':'CHARGEN','tcp':'19','udp':'19'},{'name':'DHCP-Relay','tcp':'67','udp':'68'},{'name':'DISCARD','udp':'9','tcp':'9'},{'name':'DNS','tcp':'53','udp':'53'},{'name':"ECHO",'tcp':'7','udp':'7'},{'name':'FINGER','tcp':'79','udp':''},{'name':'FTP','tcp':'21','udp':''},{'name':'FTP-Get','tcp':'21','udp':''},{'name':'FTP-Put','tcp':'21','udp':''},{'name':'GNUTELLA','tcp':'6346-6347','udp':'6346-6347'},{'name':'GOPHER','tcp':'70','udp':''},{'name':'GRE','tcp':'ANY','udp':'ANY'},{'name':'GTP','tcp':'3386,2152,2123','udp':'3386,2152,2123'},{'name':'H.323','tcp':'1720,1503,389,522,1731','udp':'1719'},{'name':'HTTP','tcp':'80','udp':''},{'name':'HTTP-EXT','tcp':'8000-8001,8080-8081,8100,8200,8888,9080,3128','udp':''}];
nameip=[];
gnameip=[];
policy=[];
target=[];
pattern1='set service "(.*)" protocol ([a-z]+) src-port ([0-9\-]+) dst-port ([0-9\-]+)';
pattern2='set address "(.*)" "(.*)" ([\d\.\s]+)';
pattern3='set group address "(.*)" "(.*)" add "(.*)"';
pattern4='set policy id ([\d]*) from "([\w\-]*)" to "([\w\-]*)" "([\d\.aAnNyY]*)" "([\d\.aAnNyY]*)" "([\daAnNyY]*)" ([\w]+)';
pattern5='^set policy id (.*)$';
pattern6='^set service "(.*)"$';
pattern7='^set src-address "(.*)"$';
pattern8='^set dst-address "(.*)"$';
pattern9='exit';
temp={};
doneinsert='x';
line=file.readline()
while line:
m1=re.match(pattern1,line);
m2=re.match(pattern2,line);
m3=re.match(pattern3,line);
m4=re.match(pattern4,line);
m5=re.match(pattern5,line);
m6=re.match(pattern6,line);
m7=re.match(pattern7,line);
m8=re.match(pattern8,line);
m9=re.match(pattern9,line);
if(m1):
serv=m1.group(1);
protocol=m1.group(2);
port=m1.group(4);
if protocol == 'tcp':
dict={'name':serv,'tcp':port,'udp':''};
else:
dict={'name':serv,'tcp':'','udp':port};
servport.append(dict);
elif(m2):
name=m2.group(2);
ip=m2.group(3);
ip=ip.strip();
ip=ip.strip('\n');
dict={'name':name,'ip':ip}
nameip.append(dict);
elif(m3):
name=m3.group(2);
ipname=m3.group(3);
dict={'name':name,'ipname':ipname};
done=0;
for i in gnameip:
if i['name']==name:
done=1;
ipnamelist=i['ipname'];
ipnamelist=ipnamelist.split(',');
ipnamelist.append(ipname);
ipnamelist=','.join(ipnamelist);
i['ipname']=ipnamelist;
else:
pass;
if done==0:
gnameip.append(dict);
elif(m4):
doneinsert=0;
id=m4.group(1);
sarea=m4.group(2);
darea=m4.group(3);
sip=m4.group(4);
dip=m4.group(5);
serv=m4.group(6);
guide=m4.group(7);
dict={'id':id,'sarea':sarea,'sip':sip,'dip':dip,'serv':serv,'guide':guide,'darea':darea};
policy.append(dict);
elif(m5):
doneinsert=0;
id=m5.group(1);
temp['id']=id;
elif(m6):
newserv=m6.group(1);
if temp.has_key('serv'):
serv=temp['serv'];
servlist=serv.split(',');
servlist.append(newserv);
serv=",".join(servlist);
temp['serv']=serv;
else:
temp['serv']=newserv;
elif(m7):
if temp.has_key('sip'):
newsip=m7.group(1);
sip=temp['sip'];
sip=sip.split(',');
sip.append(newsip);
sip=','.join(sip);
temp['sip']=sip;
else:
newsip=m7.group(1);
temp['sip']=newsip;
elif(m8):
if temp.has_key('dip'):
newdip=m8.group(1);
dip=temp['dip'];
dip=dip.split(',');
dip.append(newdip);
dip=','.join(dip);
temp['dip']=dip;
else:
newdip=m8.group(1);
temp['dip']=newdip;
elif(m9 and doneinsert==0):
for i in policy:
if i['id']==temp['id']:
doneinsert=1;
if temp.has_key('serv'):
serv=i['serv'];
serv=serv.split(',');
newserv=temp['serv'];
serv.append(newserv);
serv=','.join(serv);
i['serv']=serv;
if temp.has_key('sip'):
sip=i['sip'];
sip=sip.split(',');
newsip=temp['sip'];
sip.append(newsip);
sip=','.join(sip);
i['sip']=sip;
if temp.has_key('dip'):
dip=i['dip'];
newdip=temp['dip'];
dip=dip.split(',');
dip.append(newdip);
dip=','.join(dip);
i['dip']=dip;
temp={};
break;
line=file.readline();
file.close();
source=[];
ip=[];
for i in gnameip:
ipname=i['ipname'];
ipnamelist=ipname.split(',');
for j in ipnamelist:
for k in nameip:
if j==k['name']:
ip.append(k['ip']);
ip=','.join(ip);
dict={'name':i['name'],'ip':ip};
nameip.append(dict);
for i in policy:
id=i['id'];
sip=i['sip'];
dip=i['dip'];
guide=i['guide'];
sarea=i['sarea'];
darea=i['darea'];
serv=i['serv'];
if sip.lower()=='any':
sourcesip='any';
else:
ip=[];
iplist=sip.split(',');
for j in iplist:
for k in nameip:
if j==k['name']:
ip.append(k['ip']);
ip=','.join(ip);
sourcesip=ip;
if dip.lower()=='any':
sourcedip='any';
else:
ip=[];
iplist=dip.split(',');
for j in iplist:
for k in nameip:
if j==k['name']:
ip.append(k['ip']);
ip=','.join(ip);
sourcedip=ip;
if serv.lower()=='any':
tcpport='any';
udpport='any';
else:
tcpport=[];
udpport=[]
servlist=serv.split(',');
for j in servlist:
for k in servport:
if j==k['name']:
tcpport.append(k['tcp']);
udpport.append(k['udp']);
tcpport=','.join(tcpport);
udpport=','.join(udpport);
sourceguide=guide;
sourcesarea=sarea;
sourcedarea=darea;
sourceid=id;
dict={'id':sourceid,'sip':sourcesip,'dip':sourcedip,'sarea':sourcesarea,'darea':sourcedarea,'tcpport':tcpport,'udpport':udpport,'guide':sourceguide};
source.append(dict);
font0=Font();
font0.name='Times New Roman';
font0.bold=True;
font0.colour_index=4;
style0=easyxf('align: wrap on');
style0.font=font0;
w=Workbook(encoding='utf-8');
ws=w.add_sheet('analysis');
ws.write(0,1,'策略ID',style0);
ws.write(0,2,'源区域',style0);
ws.write(0,3,'目的区域',style0);
ws.write(0,4,'源地址',style0);
ws.write(0,5,'目的地址',style0);
ws.write(0,6,'端口',style0);
ws.write(0,7,'方针',style0);
i=1;
for k in source:
ws.write(i,1,k['id'],style0);
ws.write(i,2,k['sarea'],style0);
ws.write(i,3,k['darea'],style0);
content=k['sip'];
content=content.split(',');
content='\n'.join(content);
ws.write(i,4,content,style0);
content=k['dip'];
content=content.split(',');
content='\n'.join(content);
ws.write(i,5,content,style0);
content1=k['tcpport'];
content2=k['udpport'];
judge=0;
content1=content1.split(',');
content2=content2.split(',');
for x in content2:
if x!='':
judge=1
else:
pass;
if judge==0:
content2='无';
else:
content2=','.join(content2);
judge=0;
for x in content1:
if x!='':
judge=1;
else:
pass;
if judge==0:
content1='无';
else:
content1=','.join(content1);
content='TCP端口:'+content1+'\nUDP端口:'+content2;
ws.write(i,6,content,style0);
ws.write(i,7,k['guide'],style0);
i=i+1;
w.save('policy.xls');
print 'end:)';View Code
说实话,自己还没写过这么长的python,以前都是啥端口扫描什么的窘,这次写得也不算好,像很多方法可以写成函数.....没去管了,关键是脸上又长痘了,又长痘了,不要喝咖啡,不要熬夜,不要晚睡,要爱干净,干净,干净!!!!!!
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 
相关文章推荐
- SharePoint 2013 修改AD密码及一系列问题的解决方法
- opencv 人脸识别 (一)训练样本的处理
- MySQL主从复制
- 运算符重载之转换运算符
- rundeck Web页面配置node节点
- delphi socket客户端连接服务端时的错误
- 卸载Visual Studio Professional 2013
- Ping服务
- Oracle 10g RAC修改IP/VIP地址示例
- shell具体执行过程及自主实现shell解释器
- 安装配置gerrit
- sql小计合计
- 动态规划之0-1背包问题
- linux撰写策略路由
- Matlab与C/C++混合编程接口应用总结
- 3月国内电脑分辨率十强:1366*768亚军 占比破10%
- 使用jsoup完成模拟登陆
- 写给步入网络门槛中入门级别工程师中相关Vlan、trunk、hybrid的理解
- leetcode 237. Delete Node in a Linked List
- 字符串整理 1