Re: [c-nsp] Cisco ASA - Export rules

Teller, Robert Tue, 19 Aug 2008 16:20:45 -0700

'Created by Robert Teller
WScript.Echo "This script will take a minute or two to run" & vbCrLf &
"Please be patient"


Const ForReading = 1

'Looks for CF acl query
WSArg = Wscript.arguments.Count

If WSArg <> 1 Then
        WScript.Echo "Please select a valid source"
        WScript.Quit
End If

PixACL = Wscript.arguments.Item(0)

set ObjExcel = createobject("excel.application")
Set FSO = CreateObject("Scripting.FileSystemObject")
Set objTextFile = FSO.OpenTextFile(PixACL, ForReading)

'Names excel file
EName = Split(WScript.ScriptName, ".")(0) & ".xls"
EName = Replace(WScript.ScriptFullName,WScript.ScriptName,EName)


'Text files for output
OFiles = Split(WScript.ScriptName, ".")(0) & ".xls"

If fso.FileExists(Ename) Then fso.DeleteFile(Ename)


ObjExcel.workbooks.Add
ObjExcel.Worksheets.Add.Name = "Main"

XRules = 0

For Each Sheet In ObjExcel.Worksheets
        If sheet.name <> "Main" Then
        sheet.usedrange.delete
        sheet.delete
        End If
Next

                
        ObjExcel.Worksheets.Add.Name = "Rules"
        ObjExcel.Worksheets("Rules").move ObjExcel.Sheets(2)
        Rules "DMZ" ,"Line" ,"Action" ,"Protocol" ,"Source" ,"SrcPort"
,"dest" ,"DstPort" ,"HitC" ,"Inactive" ,"LogLevel" ,"LogInterval"
'               ObjExcel.Worksheets("Rules").activate
'               ObjExcel.Cells(1,1).value = "DMZ" 'acl_dmzname
'               ObjExcel.Cells(1,2).value = "Line #" 'line ###
'               ObjExcel.Cells(1,3).value = "Action" 'Permit/deny
'               ObjExcel.Cells(1,4).value = "Protocol" 'ICMP/TCP/UDP
'               ObjExcel.Cells(1,5).value = "Source"
'               ObjExcel.Cells(1,6).value = "Destination"
'               ObjExcel.Cells(1,7).value = "Port #" 'http/https.....
'               ObjExcel.Cells(1,8).value = "Hit Count" 'hitcnt=...
'               ObjExcel.Cells(1,9).value = "Inactive" 'hitcnt=...



Do Until objTextFile.AtEndOfStream
        If IsEmpty(text) Then
        Text = objTextFile.Readline 
        Text = Replace(Text,"access-list ","")
        Else
        Text = Text & objTextFile.Readline 
        End If
Loop


AclArray = Split(text,"access-list ")



x = 1
For Each AccessList In AclArray
        'Make sure the line Is a valid acl
        ACLCheck = Split(AccessList," ")
        If UBound(ACLCheck) > 3 Then
                If ACLCheck(3) <> "remark" Then 
                PixParse AccessList
                End If
        End If
Next

Sub PixParse(ACL)
        'Converts object-group to Group
        If InStr(ACL,"object-group") Then ACL =
Replace(ACL,"object-group","Group")
        
        'Checks of ACL is inactive
        If InStr(ACL," inactive ") Then
                Inactive = True
                ACL = Replace(ACL," inactive","")
        End If
        
        'Format and Remove logging information from variable Item
        If InStrRev(ACL," log ") And InStrRev(ACL," interval ") Then
'Checks for matching log level
                LoGLevelB = InStr(ACL," log ") + 5
                LoGLevelE = InStr(LogLevelB,ACL, " ")
                LogLevel = Mid(ACL,LogLevelB,LogLevelE - LogLevelB)

                
                LogIntervalB = InStr(LogLevelE,ACL, " interval ") + 10
                LogIntervalE = InStr(LogIntervalB,ACL, " ")             
                LogInterval = Mid(ACL,LogIntervalB, LogIntervalE -
LogIntervalB)
                
                ACL = Replace(ACL," log " & Loglevel & " interval " &
logInterval," ")
        End If 
        
        '########### DMZ ###########
        DMZ = InStr(ACL," ")
        DMZ = Left(ACL,DMZ)
        '########### DMZ ###########
        
        '########### Line ###########
        LineB = InStr(ACL," line ") + 6
        LineE = InStr(LineB,ACL, " ")
        Line = "Line " & Mid(ACL,LineB, LineE - LineB)
        '########### Line ###########
        
        '########### Action ###########
        If InStr(ACL,"deny") Then 
                Action = "Deny"
        ElseIf InStr(ACL,"permit") Then 
                Action = "Permit"
        Else
                Action = "Other"
        End If
        '########### Action ###########
        
        '########### Protocol ###########
        Protocol = Split(ACL," ")(5)
        '########### Protocol ###########
        
        '########### Src Host ###########
        'Determine if src is Host,Subnet or Any
        SrcHost = Split(ACL," ")(6)
                Select Case SrcHost
                        Case "host"
                                SourceB = InStr(ACL, " host ") + 6
                                SourceE = InStr(SourceB,ACL, " ")
                                Source = "Host " & Mid(ACL, SourceB,
SourceE - SourceB)
                        Case "Group"
                                SourceB = InStr(ACL, " Group ") + 7
                                SourceE = InStr(SourceB,ACL, " ")
                                Source = "Group " & Mid(ACL, SourceB,
SourceE - SourceB)
                        Case "any"
                                Source = "Any"
                                SourceE = InStr(ACL,SrcHost) +
Len(SrcHost)
                        Case Else
                                SourceB = InStr(ACL, SrcHost)
                                SourceE = InStr(SourceB, ACL, " ") + 1
                                SourceE = InStr(SourceE, ACL, " ")
                                Source = Mid(ACL, SourceB, SourceE -
SourceB)
                End Select
        '########### Src Host ###########
        
        '########### Src Port ###########
        If Source = "Any" Then 
                If Split(ACL," ")(7) = "eq" Then
                        SrcPortB = InStr(SourceE, ACL, " eq ") + 4
                        SrcPortE = InStr(SrcPortB, ACL, " ")
                        SrcPort = "eq " & Mid(ACL,SrcPortB, SrcPortE -
SrcPortB)
                ElseIf Split(ACL," ")(7) = "range" Then
                        SrcPortB = InStr(SourceE, ACL, " range ") + 7
                        SrcPortE = InStr(SrcPortB, ACL, " ") +1
                        SrcPortE = InStr(SrcPortE, ACL, " ")
                        SrcPort = "range " & Mid(ACL,SrcPortB, SrcPortE
- SrcPortB)
                Else
                        SrcPortE = SourceE
                        SrcPort = "Any"
                End If
        ElseIf  Split(ACL," ")(8) = "eq" Or Split(ACL," ")(8) = "range"
Then
                If Split(ACL," ")(8) = "eq" Then
                        SrcPortB = InStr(SourceE, ACL, " eq ") + 4
                        SrcPortE = InStr(SrcPortB, ACL, " ")
                        SrcPort = "eq " & Mid(ACL,SrcPortB, SrcPortE -
SrcPortB)
                ElseIf Split(ACL," ")(8) = "range" Then
                        SrcPortB = InStr(SourceE, ACL, " range ") + 7
                        SrcPortE = InStr(SrcPortB, ACL, " ") +1
                        SrcPortE = InStr(SrcPortE, ACL, " ")
                        SrcPort = "range " & Mid(ACL,SrcPortB, SrcPortE
- SrcPortB)
                End If  
        Else
                SrcPortE = SourceE
                SrcPort = "Any"
        End If
        '########### Src Port ###########
        
        '########### Dst Host ###########
        'Check if source ports are used
        If SourceE = SrcPortE Then
                'Determine if dst is Host,Subnet or Any
                If Source = "Any" Then 
                        DstHost = Split(ACL," ")(7)
                        Select Case DstHost
                                Case "host"
                                        DestB = InStr(SrcPortE,ACL, "
host ") + 6
                                        DestE = InStr(DestB,ACL, " ")
                                        Dest = "Host " & Mid(ACL, DestB,
DestE - DestB)
                                Case "Group"
                                        DestB = InStr(SrcPortE,ACL, "
Group ") + 7
                                        DestE = InStr(DestB,ACL, " ")
                                        Dest = "Group " & Mid(ACL,
DestB, DestE - DestB)
                                Case "any"
                                        Dest = "Any"
                                        DestE =
InStr(SrcPortE,ACL,DstHost) + Len(DstHost)
                                Case Else
                                        DestB = InStr(SrcPortE,ACL,
DstHost)
                                        DestE = InStr(DestB, ACL, " ") +
1
                                        DestE = InStr(DestE, ACL, " ")
                                        Dest = Mid(ACL, DestB, DestE -
DestB)
                                End Select
                Else'If Left(Source,4) = "Host" Then
                        DstHost = Split(ACL," ")(8)
                        Select Case DstHost
                                Case "host"
                                        DestB = InStr(SrcPortE,ACL, "
host ") + 6
                                        DestE = InStr(DestB,ACL, " ")
                                        Dest = "Host " & Mid(ACL, DestB,
DestE - DestB)
                                Case "Group"
                                        DestB = InStr(SrcPortE,ACL, "
Group ") + 7
                                        DestE = InStr(DestB,ACL, " ")
                                        Dest = "Group " & Mid(ACL,
DestB, DestE - DestB)
                                Case "any"
                                        Dest = "Any"
                                        DestE =
InStr(SrcPortE,ACL,DstHost) + Len(DstHost)
                                Case Else
                                        DestB = InStr(SrcPortE,ACL,
DstHost)
                                        DestE = InStr(DestB, ACL, " ") +
1
                                        DestE = InStr(DestE, ACL, " ")
                                        Dest = Mid(ACL, DestB, DestE -
DestB)
                                End Select
                End If
        End If
        
        If SourceE <> SrcPortE Then
                DestB = InStr(SrcPortE, ACL, " ") + 1
                DestE = InStr(DestB,ACL, " ")
                DstHost = Mid(ACL,DestB, DestE - DestB)
                Select Case DstHost
                                Case "host"
                                        DestB = InStr(DestE,ACL, " ") +
1
                                        DestE = InStr(DestB,ACL, " ")
                                        Dest = "Host " & Mid(ACL, DestB,
DestE - DestB)
                                        DestE = DestE - 1
                                Case "Group"
                                        DestB = InStr(DestE,ACL, " ") +
1
                                        DestE = InStr(DestB,ACL, " ")
                                        Dest = "Group " & Mid(ACL,
DestB, DestE - DestB)
                                        DestE = DestE - 1
                                Case "any"
'
If DMZ = "acl_guest " Then
'
WScript.Echo "DST HOST"
'
WScript.Echo DestE & vbTab & Len(DstHost)
'
Test = InStr(DestE,ACL,DstHost) 
'
WScript.Echo Test
'
End If
                                        Dest = "Any"
                                        'DestE =
InStr(DestE,ACL,DstHost) + Len(DstHost)
                                Case Else
                                        DestB = InStr(DestE,ACL,
DstHost)
                                        DestE = InStr(DestB, ACL, " ") +
1
                                        DestE = InStr(DestE, ACL, " ")
                                        Dest = Mid(ACL, DestB, DestE -
DestB)
                                End Select
        End If
        '########### Dst Host ###########
        
        '########### Hit Count ###########
        If InStr(ACL,"(hitcnt=") Then
                HitB = InStr(ACL,"(hitcnt=") + 8
                HitE = InStr(ACL, ")")
                HitC = Mid(ACL,HitB,HitE - HitB)
                HitB = HitB - 8
        Else
                HitB = InStrRev(ACL," ")
                HitC = "N/A"
        End If
        '########### Hit Count ###########
        
        '########### Dst Port ###########
        DstPortB = DestE + 1
        DstPortE = HitB
        DstPort = Mid(ACL,DstPortB, DstPortE - DstPortB)
'
If DMZ = "acl_guest " Then
'
WScript.Echo DstPortB & vbTab & DstPortE
'
End If
        If IsEmpty(DstPort) Then DstPort = "Any"
        If IsNull(DstPort) Then DstPort = "Any"
        '########### Dst Port ###########
        
        'wscript.echo DMZ & vbtab &  Line  & vbtab & Action  & vbtab &
Protocol  & vbtab & Source  & vbtab & SrcPort  & vbtab & dest  & vbtab &
DstPort  & vbtab & HitC  & vbtab & Inactive  & vbtab & LogLevel  & vbtab
& LogInterval
                Rules DMZ, Line ,Action ,Protocol ,Source ,SrcPort ,dest
,DstPort ,HitC ,Inactive ,LogLevel ,LogInterval

        LogIntervalB = Null
        LogIntervalE = Null
        LogInterval = Null
        LogLevelB = Null
        LogLevelE = Null
        LogLevel = Null
        DMZ = Null
        Action = Null
        Port = Null
        PortB = Null
        PortE = Null
        SrcHost = Null
        SourceB = Null
        SourceE = Null
        Source = Null
        SrcPortB = Null
        SrcPortE = Null
        SrcPort = Null
        DstHost = Null
        DestB = Null
        DestE = Null
        Dest = Null
        DstPortB = Null
        DstPortE = Null
        DstPort = Null
        HitB = Null
        HitE = Null
        HitC = Null
        Inactive = False
End Sub

                
Sub Rules(DMZ, Line ,Action ,Protocol ,Source ,SrcPort ,dest ,DstPort
,HitC ,Inactive ,LogLevel ,LogInterval)
XRules = 1 + XRules
                ObjExcel.Worksheets("Rules").activate
                ObjExcel.Cells(XRules,1).value =  DMZ 'DMZ Rule is
applied to
                ObjExcel.Cells(XRules,2).value = Line 'Line Number
                ObjExcel.Cells(XRules,3).value = Action 'Action
                ObjExcel.Cells(XRules,4).value = Protocol 'Protocol
                ObjExcel.Cells(XRules,5).value = Source 'Source
                ObjExcel.Cells(XRules,6).value = SrcPort 'Source port
                ObjExcel.Cells(XRules,7).value = dest 'Destination
                ObjExcel.Cells(XRules,8).value = DstPort 'Destination
Port
                ObjExcel.Cells(XRules,9).value = HitC 'Hit Count
                ObjExcel.Cells(XRules,10).value = Inactive 'status of
rule
                ObjExcel.Cells(XRules,11).value = LogLevel 'logging
level
                ObjExcel.Cells(XRules,12).value = LogInterval 'Logging
Interval        
End Sub

finish

Sub finish
                objTextFile.Close
                ObjExcel.Worksheets("Main").usedrange.delete
                ObjExcel.Worksheets("Main").delete
        For Each Sheet In ObjExcel.Worksheets
                ObjExcel.Worksheets(Sheet.Name).activate
                ObjExcel.Worksheets(sheet.name).Rows(1).Font.Bold = True
                ObjExcel.Worksheets(sheet.name).Rows(1).AutoFilter 
        
ObjExcel.Worksheets(sheet.name).Rows(1).HorizontalAlignment = -4108
        
ObjExcel.Worksheets(sheet.name).usedrange.EntireColumn.AutoFit()
                ObjExcel.Worksheets(sheet.name).Range("B2").Select
                ObjExcel.ActiveWindow.FreezePanes = True 
                ObjExcel.Worksheets(sheet.name).Range("A1").Select
        Next
ObjExcel.Worksheets("Rules").activate
ObjExcel.activeworkbook.saveas EName
ObjExcel.activeworkbook.close
ObjExcel.Quit

WScript.Echo "END"

WScript.Quit
End Sub

#########################################################
The information contained in this e-mail and subsequent attachments may be 
privileged, 
confidential and protected from disclosure.  This transmission is intended for 
the sole 
use of the individual and entity to whom it is addressed.  If you are not the 
intended 
recipient, any dissemination, distribution or copying is strictly prohibited.  
If you 
think that you have received this message in error, please e-mail the sender at 
the above 
e-mail address.
#########################################################

_______________________________________________
cisco-nsp mailing list  [email protected]
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] Cisco ASA - Export rules

Reply via email to