{"id":428706,"date":"2024-08-08T21:01:23","date_gmt":"2024-08-08T21:01:23","guid":{"rendered":"http:\/\/savepearlharbor.com\/?p=428706"},"modified":"-0001-11-30T00:00:00","modified_gmt":"-0001-11-29T21:00:00","slug":"","status":"publish","type":"post","link":"https:\/\/savepearlharbor.com\/?p=428706","title":{"rendered":"<span>Cisco ASA, \u0430\u0432\u0442\u043e\u043c\u0430\u0442\u0438\u0437\u0430\u0446\u0438\u044f \u043f\u043e\u0438\u0441\u043a\u0430 \u043d\u0443\u0436\u043d\u044b\u0445 \u0441\u0442\u0440\u043e\u043a \u0432 \u0430\u043a\u0441\u0435\u0441-\u043b\u0438\u0441\u0442\u0435 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e python<\/span>"},"content":{"rendered":"<div><!--[--><!--]--><\/div>\n<div id=\"post-content-body\">\n<div>\n<div class=\"article-formatted-body article-formatted-body article-formatted-body_version-2\">\n<div xmlns=\"http:\/\/www.w3.org\/1999\/xhtml\">\n<p>\u0415\u0441\u043b\u0438 \u0432\u044b \u0440\u0430\u0431\u043e\u0442\u0430\u0435\u0442\u0435 \u0432 \u043a\u0440\u0443\u043f\u043d\u043e\u043c \u0434\u0430\u0442\u0430-\u0446\u0435\u043d\u0442\u0440\u0435 \u0438 \u0432\u0430\u0448\u0430 \u0437\u0430\u0434\u0430\u0447\u0430 \u0437\u0430\u043a\u043b\u044e\u0447\u0430\u0435\u0442\u0441\u044f \u0432 \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0435 \u043c\u0435\u0436\u0441\u0435\u0442\u0435\u0432\u044b\u0445 \u044d\u043a\u0440\u0430\u043d\u043e\u0432 (Cisco ASA), \u0442\u043e \u0432\u044b \u043d\u0430\u0432\u0435\u0440\u043d\u044f\u043a\u0430 \u0441\u0442\u0430\u043b\u043a\u0438\u0432\u0430\u043b\u0438\u0441\u044c \u0441 \u043e\u0433\u0440\u043e\u043c\u043d\u044b\u043c \u043a\u043e\u043b\u0438\u0447\u0435\u0441\u0442\u0432\u043e\u043c \u0441\u0442\u0440\u043e\u043a \u0432 \u0438\u0445 \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u044f\u0445. \u042d\u0442\u0438 \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u0438 \u043c\u043e\u0433\u0443\u0442 \u0432\u043a\u043b\u044e\u0447\u0430\u0442\u044c \u0442\u044b\u0441\u044f\u0447\u0438 \u043e\u0431\u044a\u0435\u043a\u0442\u043e\u0432 \u0438 \u043f\u0440\u0430\u0432\u0438\u043b \u0434\u043e\u0441\u0442\u0443\u043f\u0430 (Access Lists).<\/p>\n<p>\u0414\u043b\u044f \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u0437\u0430\u0434\u0430\u0447 \u0430\u0443\u0434\u0438\u0442\u0430 \u0432\u0430\u043c \u0438\u043d\u043e\u0433\u0434\u0430 \u043d\u0443\u0436\u043d\u043e \u043d\u0430\u0439\u0442\u0438 \u0432\u0441\u0435 \u043f\u0440\u0430\u0432\u0438\u043b\u0430 \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u0434\u043b\u044f \u043e\u043f\u0440\u0435\u0434\u0435\u043b\u0451\u043d\u043d\u043e\u0433\u043e \u0441\u0435\u0440\u0432\u0435\u0440\u0430, \u043d\u0430\u043f\u0440\u0438\u043c\u0435\u0440, \u0441 IP-\u0430\u0434\u0440\u0435\u0441\u043e\u043c A.B.C.D. \u0412 \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u043b\u0443\u0447\u0430\u044f\u0445 \u0442\u0440\u0435\u0431\u0443\u0435\u0442\u0441\u044f \u0434\u043e\u0431\u0430\u0432\u0438\u0442\u044c \u043d\u043e\u0432\u043e\u0435 \u043f\u0440\u0430\u0432\u0438\u043b\u043e \u0434\u043e\u0441\u0442\u0443\u043f\u0430, \u043d\u043e \u043f\u0435\u0440\u0435\u0434 \u044d\u0442\u0438\u043c \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e \u0443\u0431\u0435\u0434\u0438\u0442\u044c\u0441\u044f, \u0447\u0442\u043e \u0443\u0436\u0435 \u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u0430\u043d\u0430\u043b\u043e\u0433\u0438\u0447\u043d\u043e\u0435 \u043f\u0440\u0430\u0432\u0438\u043b\u043e. \u041d\u0430\u043f\u0440\u0438\u043c\u0435\u0440, \u0435\u0441\u043b\u0438 \u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u0433\u0440\u0443\u043f\u043f\u0430 \u043a\u043b\u0438\u0435\u043d\u0442\u043e\u0432, \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0430\u044e\u0449\u0438\u0445\u0441\u044f \u043a \u043a\u0430\u043a\u043e\u043c\u0443-\u0442\u043e \u0441\u0435\u0440\u0432\u0435\u0440\u0443, \u0432\u0430\u043c \u043d\u0443\u0436\u043d\u043e \u043d\u0430\u0439\u0442\u0438 \u0441\u043e\u043e\u0442\u0432\u0435\u0442\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u0435 \u043f\u0440\u0430\u0432\u0438\u043b\u043e \u0438 \u0434\u043e\u0431\u0430\u0432\u0438\u0442\u044c \u043d\u043e\u0432\u043e\u0433\u043e \u043a\u043b\u0438\u0435\u043d\u0442\u0430 \u0432 \u044d\u0442\u0443 \u0433\u0440\u0443\u043f\u043f\u0443.<\/p>\n<p>\u0414\u043b\u044f \u0440\u0435\u0448\u0435\u043d\u0438\u044f \u0442\u0430\u043a\u0438\u0445 \u0437\u0430\u0434\u0430\u0447 \u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u044e\u0442 \u043a\u043e\u043c\u043c\u0435\u0440\u0447\u0435\u0441\u043a\u0438\u0435 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u044b, \u0442\u0430\u043a\u0438\u0435 \u043a\u0430\u043a Algosec, Tufin \u0438 \u0434\u0440. \u041e\u0434\u043d\u0430\u043a\u043e \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u043e Python-\u0441\u043a\u0440\u0438\u043f\u0442\u043e\u0432 \u043c\u043e\u0433\u0443\u0442 \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u044d\u0442\u0438 \u0437\u0430\u0434\u0430\u0447\u0438 \u043d\u0435 \u043c\u0435\u043d\u0435\u0435 \u044d\u0444\u0444\u0435\u043a\u0442\u0438\u0432\u043d\u043e. \u0414\u0430\u043b\u0435\u0435 \u044f \u043f\u043e\u043a\u0430\u0436\u0443 \u043f\u0440\u0438\u043c\u0435\u0440\u044b \u0442\u0430\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u043d\u0430 Python.<\/p>\n<p>\u041d\u0430\u043f\u043e\u043c\u043d\u044e, \u0447\u0442\u043e Python \u043f\u0440\u0435\u0434\u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043b\u0435\u043d \u0432 \u043b\u044e\u0431\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438 Linux \u0438 \u0434\u043e\u0441\u0442\u0443\u043f\u0435\u043d \u0431\u0435\u0441\u043f\u043b\u0430\u0442\u043d\u043e.<\/p>\n<p>\u042f \u0440\u0430\u0437\u0434\u0435\u043b\u0438\u043b \u043f\u0440\u043e\u0446\u0435\u0441\u0441 \u043d\u0430 \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u043e \u043f\u0440\u043e\u0441\u0442\u044b\u0445 \u0448\u0430\u0433\u043e\u0432:<\/p>\n<ol>\n<li>\n<p>\u041f\u0440\u0435\u043e\u0431\u0440\u0430\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0430\u043a\u0441\u0435\u0441-\u043b\u0438\u0441\u0442\u043e\u0432 \u0438 \u0441\u0435\u0442\u0435\u0432\u044b\u0445 \u043e\u0431\u044a\u0435\u043a\u0442\u043e\u0432 \u0432 CSV-\u0444\u0430\u0439\u043b.<\/p>\n<\/li>\n<li>\n<p>\u041f\u043e\u0438\u0441\u043a \u0432\u0441\u0435\u0445 \u043f\u0440\u0430\u0432\u0438\u043b, \u0440\u0430\u0437\u0440\u0435\u0448\u0430\u044e\u0449\u0438\u0445  \u0434\u043e\u0441\u0442\u0443\u043f \u043e\u0442 \u0430\u0434\u0440\u0435\u0441\u0430 10.0.3.10 \u043a \u0430\u0434\u0440\u0435\u0441\u0443 5.5.15.100. \u0414\u043b\u044f \u044d\u0442\u043e\u0433\u043e \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e \u043d\u0430\u0439\u0442\u0438 \u0432\u0441\u0435 \u043f\u043e\u0434\u0441\u0435\u0442\u0438, \u0441\u043e\u0434\u0435\u0440\u0436\u0430\u0449\u0438\u0435 \u0434\u0430\u043d\u043d\u044b\u0435 IP-\u0430\u0434\u0440\u0435\u0441\u0430.<\/p>\n<\/li>\n<\/ol>\n<p>\u0412 \u0430\u043a\u0441\u0435\u0441 \u043b\u0438\u0441\u0442\u0435 Cisco ASA \u043c\u043e\u0436\u043d\u043e \u0443\u043a\u0430\u0437\u0430\u0442\u044c IP \u0430\u0434\u0440\u0435\u0441\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0430 \u0438 \u043d\u0430\u0437\u043d\u0430\u0447\u0435\u043d\u0438\u044f, \u043d\u043e \u0442\u0430\u043a\u0436\u0435 \u043c\u043e\u0436\u043d\u043e \u0443\u043a\u0430\u0437\u044b\u0432\u0430\u0442\u044c \u0441\u0435\u0442\u0435\u0432\u043e\u0439 \u043e\u0431\u044a\u0435\u043a\u0442 \u0438\u043b\u0438 \u0433\u0440\u0443\u043f\u043f\u0443 \u043e\u0431\u044a\u0435\u043a\u0442\u043e\u0432. \u0413\u0440\u0443\u043f\u043f\u0430 \u043e\u0431\u044a\u0435\u043a\u0442\u043e\u0432 \u043c\u043e\u0436\u0435\u0442 \u0432\u043a\u043b\u044e\u0447\u0430\u0442\u044c \u0432 \u0441\u0435\u0431\u044f \u0434\u0440\u0443\u0433\u0438\u0435 \u0433\u0440\u0443\u043f\u043f\u044b \u043e\u0431\u044a\u0435\u043a\u0442\u043e\u0432. \u0415\u0441\u043b\u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043a\u043e\u043c\u0430\u043d\u0434\u0443 show access-list, \u0442\u043e \u0443\u0432\u0438\u0434\u0438\u043c \u0440\u0430\u0441\u0448\u0438\u0444\u0440\u043e\u0432\u043a\u0443 \u0432\u0441\u0435\u0445 \u043e\u0431\u044a\u0435\u043a\u0442\u043e\u0432 \u0432 IP \u043f\u0440\u0435\u0444\u0438\u043a\u0441\u044b, \u0447\u0442\u043e \u0443\u043f\u0440\u043e\u0449\u0430\u0435\u0442 \u043a\u043e\u043d\u0432\u0435\u0440\u0442\u0430\u0446\u0438\u044e \u0432 CSV \u0444\u0430\u0439\u043b<\/p>\n<pre><code>ciscoasa# show access-list access-list gl1 line 1 extended permit tcp object-group og1 object-group og12 eq ssh (hitcnt=0) 0xf57a470f   access-list gl1 line 1 extended permit tcp 10.0.3.0 255.255.255.0 host 10.0.0.3 eq ssh (hitcnt=0) 0x23c38b59   access-list gl1 line 1 extended permit tcp 10.0.3.0 255.255.255.0 10.0.0.0 255.255.255.0 eq ssh (hitcnt=0) 0x3bc77b3d   access-list gl1 line 1 extended permit tcp 10.0.41.0 255.255.255.0 host 10.0.0.3 eq ssh (hitcnt=0) 0xed8dff32   access-list gl1 line 1 extended permit tcp 10.0.41.0 255.255.255.0 10.0.0.0 255.255.255.0 eq ssh (hitcnt=0) 0xcde224d1 access-list gl1 line 2 extended permit tcp host 10.0.0.3 host 100.100.100.1 eq www (hitcnt=0) 0xf80a10d6 access-list gl1 line 3 extended permit tcp object on1 object on2 eq ssh (hitcnt=0) 0x70f8adb4   access-list gl1 line 3 extended permit tcp host 10.0.0.3 10.0.0.0 255.255.255.0 eq ssh (hitcnt=0) 0x70f8adb4 access-list gl2 line 1 extended permit tcp object-group og1 object-group og12 eq https (hitcnt=0) 0xd0d468b5   access-list gl2 line 1 extended permit tcp 10.0.3.0 255.255.255.0 host 10.0.0.3 eq https (hitcnt=0) 0xae19c8fe   access-list gl2 line 1 extended permit tcp 10.0.3.0 255.255.255.0 10.0.0.0 255.255.255.0 eq https (hitcnt=0) 0x93b63bc0   access-list gl2 line 1 extended permit tcp 10.0.41.0 255.255.255.0 host 10.0.0.3 eq https (hitcnt=0) 0x07c7a712   access-list gl2 line 1 extended permit tcp 10.0.41.0 255.255.255.0 10.0.0.0 255.255.255.0 eq https (hitcnt=0) 0xa7ced8a9 access-list gl2 line 2 extended permit ip object-group og1 object-group og12 (hitcnt=0) 0x516db3da   access-list gl2 line 2 extended permit ip 10.0.3.0 255.255.255.0 host 10.0.0.3 (hitcnt=0) 0x258b842a   access-list gl2 line 2 extended permit ip 10.0.3.0 255.255.255.0 10.0.0.0 255.255.255.0 (hitcnt=0) 0xd82afa19   access-list gl2 line 2 extended permit ip 10.0.41.0 255.255.255.0 host 10.0.0.3 (hitcnt=0) 0x3d4864ae   access-list gl2 line 2 extended permit ip 10.0.41.0 255.255.255.0 10.0.0.0 255.255.255.0 (hitcnt=0) 0xf4e436ba access-list gl2 line 3 extended permit tcp object on1 object on2 eq 121 (hitcnt=0) 0xac470d2c   access-list gl2 line 3 extended permit tcp host 10.0.0.3 10.0.0.0 255.255.255.0 eq 121 (hitcnt=0) 0xac470d2c access-list gl2 line 4 extended permit tcp host 10.0.0.3 10.0.0.0 255.255.255.0 eq ssh (hitcnt=0) 0x5ce66931 access-list gl2 line 5 extended permit tcp object on4_16 object on4_8 eq https (hitcnt=0) 0xd1faa964   access-list gl2 line 5 extended permit tcp 10.0.0.0 255.255.0.0 10.0.0.0 255.0.0.0 eq https (hitcnt=0) 0xd1faa964 access-list gl2 line 6 extended permit tcp object on4_16 object-group og5 eq https (hitcnt=0) 0x99c5cc7d   access-list gl2 line 6 extended permit tcp 10.0.0.0 255.255.0.0 host 1.1.1.1 eq https (hitcnt=0) 0xe802825a   access-list gl2 line 6 extended permit tcp 10.0.0.0 255.255.0.0 host 5.5.5.1 eq https (hitcnt=0) 0x80a1e5b3   access-list gl2 line 6 extended permit tcp 10.0.0.0 255.255.0.0 5.5.15.0 255.255.255.0 eq https (hitcnt=0) 0x25de07fd <\/code><\/pre>\n<p>\u0434\u0430\u043b\u0435\u0435 python \u043f\u0440\u0435\u043e\u0431\u0440\u0430\u0437\u0443\u0435\u0442 \u0430\u043a\u0441\u0435\u0441 \u043b\u0438\u0441\u0442 \u0432 CSV \u0444\u0430\u0439\u043b:<\/p>\n<pre><code>gl1,1,10.0.3.0,255.255.255.0,10.0.0.3,255.255.255.255,ssh gl1,1,10.0.3.0,255.255.255.0,10.0.0.0,255.255.255.0,ssh gl1,1,10.0.41.0,255.255.255.0,10.0.0.3,255.255.255.255,ssh gl1,1,10.0.41.0,255.255.255.0,10.0.0.0,255.255.255.0,ssh gl1,2,10.0.0.3,255.255.255.255,100.100.100.1,255.255.255.255,www gl1,3,10.0.0.3,255.255.255.255,10.0.0.0,255.255.255.0,ssh gl2,1,10.0.3.0,255.255.255.0,10.0.0.3,255.255.255.255,https gl2,1,10.0.3.0,255.255.255.0,10.0.0.0,255.255.255.0,https gl2,1,10.0.41.0,255.255.255.0,10.0.0.3,255.255.255.255,https gl2,1,10.0.41.0,255.255.255.0,10.0.0.0,255.255.255.0,https gl2,2,10.0.3.0,255.255.255.0,10.0.0.3,255.255.255.255,ip gl2,2,10.0.3.0,255.255.255.0,10.0.0.0,255.255.255.0,ip gl2,2,10.0.41.0,255.255.255.0,10.0.0.3,255.255.255.255,ip gl2,2,10.0.41.0,255.255.255.0,10.0.0.0,255.255.255.0,ip gl2,3,10.0.0.3,255.255.255.255,10.0.0.0,255.255.255.0,121 gl2,4,10.0.0.3,255.255.255.255,10.0.0.0,255.255.255.0,ssh gl2,5,10.0.0.0,255.255.0.0,10.0.0.0,255.0.0.0,https gl2,6,10.0.0.0,255.255.0.0,1.1.1.1,255.255.255.255,https gl2,6,10.0.0.0,255.255.0.0,5.5.5.1,255.255.255.255,https gl2,6,10.0.0.0,255.255.0.0,5.5.15.0,255.255.255.0,https<\/code><\/pre>\n<p>\u041e\u0431\u044b\u0447\u043d\u044b\u043c \u0442\u0435\u043a\u0441\u0442\u043e\u0432\u044b\u043c \u043f\u043e\u0438\u0441\u043a\u043e\u043c \u043c\u043e\u0436\u043d\u043e \u043d\u0430\u0439\u0442\u0438 \u0438\u0441\u043a\u043e\u043c\u044b\u0439 IP \u0430\u0434\u0440\u0435\u0441, \u043d\u043e \u043d\u0435\u043b\u044c\u0437\u044f \u043d\u0430\u0439\u0442\u0438 \u0432\u0441\u0435 \u043f\u0440\u0435\u0444\u0438\u043a\u0441\u044b \u0432 \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0432\u0445\u043e\u0434\u0438\u0442 \u044d\u0442\u043e\u0442 IP \u0430\u0434\u0440\u0435\u0441. \u0414\u043b\u044f \u044d\u0442\u043e\u0439 \u0446\u0435\u043b\u0438 \u0435\u0441\u0442\u044c \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0430 ipaddress. \u0421\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u0439 Python \u0441\u043a\u0440\u0438\u043f\u0442 \u0434\u0435\u043b\u0430\u0435\u0442 \u044d\u0442\u043e\u0442 \u043f\u043e\u0438\u0441\u043a:<\/p>\n<pre><code>#!\/usr\/bin\/python3 #  usage \" python asa_ip_check.py fw_name src_ip dst_ip\"  import csv import ipaddress import sys from sys import argv  args = sys.argv csv_file_src = args[1]+'.csv'    # \" ip_src = args[2]                 #  ip_dst = args[3]                                  #app = args[4]  with open(csv_file_src, 'r') as file:           # ip_src     reader = csv.reader(file, delimiter=\",\")     for row in reader:         if (ipaddress.ip_address(ip_src) in ipaddress.ip_network(f\"{row[2]}\/{row[3]}\", strict=False) and ipaddress.ip_address(ip_dst) in ipaddress.ip_network(f\"{row[4]}\/{row[5]}\", strict=False)):             print ( ip_src ,\" and \", ip_dst , ' in ', row) <\/code><\/pre>\n<p>\u0412 \u043a\u0430\u043a\u043e\u0439 \u0441\u0442\u0440\u043e\u043a\u0435 \u0440\u0430\u0437\u0440\u0435\u0448\u0435\u043d \u0434\u043e\u0441\u0442\u0443\u043f \u043e\u0442 \u0430\u0434\u0440\u0435\u0441\u0430 10.0.3.10 \u043a \u0430\u0434\u0440\u0435\u0441\u0443 5.5.15.100 ?<\/p>\n<pre><code>E:\\asa_rules_test&gt;python asa_ip_check.py asa 10.0.3.10 5.5.15.100 10.0.3.10  and  5.5.15.100  in  ['gl2', '6', '10.0.0.0', '255.255.0.0', '5.5.15.0', '255.255.255.0', 'https']<\/code><\/pre>\n<p>\u0434\u0430\u043b\u0435\u0435 python \u043f\u0440\u0435\u043e\u0431\u0440\u0430\u0437\u0443\u044e\u0449\u0438\u0439 \u0432\u044b\u0445\u043e\u0434 \u043a\u043e\u043c\u0430\u043d\u0434\u044b show access-list \u0432 CSV \u0444\u0430\u0439\u043b<\/p>\n<pre><code> #!\/usr\/bin\/python3 #  usage \" python asa_acl_to_csv.py fw_name \" it will open configuration file fw_name.conf  import csv import sys from sys import argv  args = sys.argv  # Set the input and output file names input_file = args[1] + '.conf'                           # asa show access-list to file fw_name.conf output_file = args[1] + '.csv'                           # address-set  to   fw_name.csv\"  # Open the input and output files with open(input_file, \"r\") as f, open(output_file, \"w\", newline=\"\") as out_file:     reader = csv.reader(f, delimiter=\" \")     writer = csv.writer(out_file)      add_name = None     for row in reader:          aclname = ''         aclline = ''         aclsrc  = ''         aclspr  = ''         acldst  = ''         acldpr  = ''         aclapp  = ''         try:             if ( not (\"object\" in row) and not (\"object-group\" in row) and not (\"remark\" in row) ):                 if ((row[0] == \"access-list\") and (row[2] == \"line\") and (row[5] == \"permit\") ):                     aclname = row[1]                     aclline = row[3]                     if (row[7] == \"host\"):                         aclsrc  = row[8]                         aclspr  = '255.255.255.255'                         if (row[9] == \"host\"):                             acldst  = row[10]                             acldpr  = '255.255.255.255'                             aclapp  = row[12]                         else:                             acldst  = row[9]                             acldpr  = row[10]                             aclapp  = row[12]                                                 else:                         aclsrc  = row[7]                         aclspr  = row[8]                         if (row[9] == \"host\"):                             acldst  = row[10]                             acldpr  = '255.255.255.255'                             aclapp  = row[12]                              else:                             acldst  = row[9]                             acldpr  = row[10]                             aclapp  = row[12]                     if (row[6] == \"ip\"):                             aclapp  = row[6]                                       elif ((row[2] == \"access-list\") and (row[4] == \"line\") and (row[7] == \"permit\") ):                     aclname = row[3]                     aclline = row[5]                          if (row[9] == \"host\"):                         aclsrc  = row[10]                         aclspr  = '255.255.255.255'                         if (row[11] == \"host\"):                             acldst  = row[12]                             acldpr  = '255.255.255.255'                               else:                             acldst  = row[11]                             acldpr  = row[12]                             aclapp  = row[14]                                                 else:                         aclsrc  = row[9]                         aclspr  = row[10]                         if (row[11] == \"host\"):                             acldst  = row[12]                             acldpr  = '255.255.255.255'                             aclapp  = row[14]                              else:                             acldst  = row[11]                             acldpr  = row[12]                                                     aclapp  = row[14]                     if (row[8] == \"ip\"):                             aclapp  = row[8]                                                                     print(aclname,aclline,aclsrc,aclspr,acldst,acldpr,aclapp)                 writer.writerow([aclname,aclline,aclsrc,aclspr,acldst,acldpr,aclapp])          except:             print(row) out_file.close()<\/code><\/pre>\n<\/p>\n<\/div>\n<\/div>\n<\/div>\n<p><!----><!----><\/div>\n<p><!----><!----><br \/> \u0441\u0441\u044b\u043b\u043a\u0430 \u043d\u0430 \u043e\u0440\u0438\u0433\u0438\u043d\u0430\u043b \u0441\u0442\u0430\u0442\u044c\u0438 <a href=\"https:\/\/habr.com\/ru\/articles\/834874\/\"> https:\/\/habr.com\/ru\/articles\/834874\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<div><!--[--><!--]--><\/div>\n<div id=\"post-content-body\">\n<div>\n<div class=\"article-formatted-body article-formatted-body article-formatted-body_version-2\">\n<div xmlns=\"http:\/\/www.w3.org\/1999\/xhtml\">\n<p>\u0415\u0441\u043b\u0438 \u0432\u044b \u0440\u0430\u0431\u043e\u0442\u0430\u0435\u0442\u0435 \u0432 \u043a\u0440\u0443\u043f\u043d\u043e\u043c \u0434\u0430\u0442\u0430-\u0446\u0435\u043d\u0442\u0440\u0435 \u0438 \u0432\u0430\u0448\u0430 \u0437\u0430\u0434\u0430\u0447\u0430 \u0437\u0430\u043a\u043b\u044e\u0447\u0430\u0435\u0442\u0441\u044f \u0432 \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0435 \u043c\u0435\u0436\u0441\u0435\u0442\u0435\u0432\u044b\u0445 \u044d\u043a\u0440\u0430\u043d\u043e\u0432 (Cisco ASA), \u0442\u043e \u0432\u044b \u043d\u0430\u0432\u0435\u0440\u043d\u044f\u043a\u0430 \u0441\u0442\u0430\u043b\u043a\u0438\u0432\u0430\u043b\u0438\u0441\u044c \u0441 \u043e\u0433\u0440\u043e\u043c\u043d\u044b\u043c \u043a\u043e\u043b\u0438\u0447\u0435\u0441\u0442\u0432\u043e\u043c \u0441\u0442\u0440\u043e\u043a \u0432 \u0438\u0445 \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u044f\u0445. \u042d\u0442\u0438 \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u0438 \u043c\u043e\u0433\u0443\u0442 \u0432\u043a\u043b\u044e\u0447\u0430\u0442\u044c \u0442\u044b\u0441\u044f\u0447\u0438 \u043e\u0431\u044a\u0435\u043a\u0442\u043e\u0432 \u0438 \u043f\u0440\u0430\u0432\u0438\u043b \u0434\u043e\u0441\u0442\u0443\u043f\u0430 (Access Lists).<\/p>\n<p>\u0414\u043b\u044f \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u0437\u0430\u0434\u0430\u0447 \u0430\u0443\u0434\u0438\u0442\u0430 \u0432\u0430\u043c \u0438\u043d\u043e\u0433\u0434\u0430 \u043d\u0443\u0436\u043d\u043e \u043d\u0430\u0439\u0442\u0438 \u0432\u0441\u0435 \u043f\u0440\u0430\u0432\u0438\u043b\u0430 \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u0434\u043b\u044f \u043e\u043f\u0440\u0435\u0434\u0435\u043b\u0451\u043d\u043d\u043e\u0433\u043e \u0441\u0435\u0440\u0432\u0435\u0440\u0430, \u043d\u0430\u043f\u0440\u0438\u043c\u0435\u0440, \u0441 IP-\u0430\u0434\u0440\u0435\u0441\u043e\u043c A.B.C.D. \u0412 \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u043b\u0443\u0447\u0430\u044f\u0445 \u0442\u0440\u0435\u0431\u0443\u0435\u0442\u0441\u044f \u0434\u043e\u0431\u0430\u0432\u0438\u0442\u044c \u043d\u043e\u0432\u043e\u0435 \u043f\u0440\u0430\u0432\u0438\u043b\u043e \u0434\u043e\u0441\u0442\u0443\u043f\u0430, \u043d\u043e \u043f\u0435\u0440\u0435\u0434 \u044d\u0442\u0438\u043c \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e \u0443\u0431\u0435\u0434\u0438\u0442\u044c\u0441\u044f, \u0447\u0442\u043e \u0443\u0436\u0435 \u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u0430\u043d\u0430\u043b\u043e\u0433\u0438\u0447\u043d\u043e\u0435 \u043f\u0440\u0430\u0432\u0438\u043b\u043e. \u041d\u0430\u043f\u0440\u0438\u043c\u0435\u0440, \u0435\u0441\u043b\u0438 \u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u0433\u0440\u0443\u043f\u043f\u0430 \u043a\u043b\u0438\u0435\u043d\u0442\u043e\u0432, \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0430\u044e\u0449\u0438\u0445\u0441\u044f \u043a \u043a\u0430\u043a\u043e\u043c\u0443-\u0442\u043e \u0441\u0435\u0440\u0432\u0435\u0440\u0443, \u0432\u0430\u043c \u043d\u0443\u0436\u043d\u043e \u043d\u0430\u0439\u0442\u0438 \u0441\u043e\u043e\u0442\u0432\u0435\u0442\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u0435 \u043f\u0440\u0430\u0432\u0438\u043b\u043e \u0438 \u0434\u043e\u0431\u0430\u0432\u0438\u0442\u044c \u043d\u043e\u0432\u043e\u0433\u043e \u043a\u043b\u0438\u0435\u043d\u0442\u0430 \u0432 \u044d\u0442\u0443 \u0433\u0440\u0443\u043f\u043f\u0443.<\/p>\n<p>\u0414\u043b\u044f \u0440\u0435\u0448\u0435\u043d\u0438\u044f \u0442\u0430\u043a\u0438\u0445 \u0437\u0430\u0434\u0430\u0447 \u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u044e\u0442 \u043a\u043e\u043c\u043c\u0435\u0440\u0447\u0435\u0441\u043a\u0438\u0435 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u044b, \u0442\u0430\u043a\u0438\u0435 \u043a\u0430\u043a Algosec, Tufin \u0438 \u0434\u0440. \u041e\u0434\u043d\u0430\u043a\u043e \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u043e Python-\u0441\u043a\u0440\u0438\u043f\u0442\u043e\u0432 \u043c\u043e\u0433\u0443\u0442 \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u044d\u0442\u0438 \u0437\u0430\u0434\u0430\u0447\u0438 \u043d\u0435 \u043c\u0435\u043d\u0435\u0435 \u044d\u0444\u0444\u0435\u043a\u0442\u0438\u0432\u043d\u043e. \u0414\u0430\u043b\u0435\u0435 \u044f \u043f\u043e\u043a\u0430\u0436\u0443 \u043f\u0440\u0438\u043c\u0435\u0440\u044b \u0442\u0430\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u043d\u0430 Python.<\/p>\n<p>\u041d\u0430\u043f\u043e\u043c\u043d\u044e, \u0447\u0442\u043e Python \u043f\u0440\u0435\u0434\u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043b\u0435\u043d \u0432 \u043b\u044e\u0431\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438 Linux \u0438 \u0434\u043e\u0441\u0442\u0443\u043f\u0435\u043d \u0431\u0435\u0441\u043f\u043b\u0430\u0442\u043d\u043e.<\/p>\n<p>\u042f \u0440\u0430\u0437\u0434\u0435\u043b\u0438\u043b \u043f\u0440\u043e\u0446\u0435\u0441\u0441 \u043d\u0430 \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u043e \u043f\u0440\u043e\u0441\u0442\u044b\u0445 \u0448\u0430\u0433\u043e\u0432:<\/p>\n<ol>\n<li>\n<p>\u041f\u0440\u0435\u043e\u0431\u0440\u0430\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0430\u043a\u0441\u0435\u0441-\u043b\u0438\u0441\u0442\u043e\u0432 \u0438 \u0441\u0435\u0442\u0435\u0432\u044b\u0445 \u043e\u0431\u044a\u0435\u043a\u0442\u043e\u0432 \u0432 CSV-\u0444\u0430\u0439\u043b.<\/p>\n<\/li>\n<li>\n<p>\u041f\u043e\u0438\u0441\u043a \u0432\u0441\u0435\u0445 \u043f\u0440\u0430\u0432\u0438\u043b, \u0440\u0430\u0437\u0440\u0435\u0448\u0430\u044e\u0449\u0438\u0445  \u0434\u043e\u0441\u0442\u0443\u043f \u043e\u0442 \u0430\u0434\u0440\u0435\u0441\u0430 10.0.3.10 \u043a \u0430\u0434\u0440\u0435\u0441\u0443 5.5.15.100. \u0414\u043b\u044f \u044d\u0442\u043e\u0433\u043e \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e \u043d\u0430\u0439\u0442\u0438 \u0432\u0441\u0435 \u043f\u043e\u0434\u0441\u0435\u0442\u0438, \u0441\u043e\u0434\u0435\u0440\u0436\u0430\u0449\u0438\u0435 \u0434\u0430\u043d\u043d\u044b\u0435 IP-\u0430\u0434\u0440\u0435\u0441\u0430.<\/p>\n<\/li>\n<\/ol>\n<p>\u0412 \u0430\u043a\u0441\u0435\u0441 \u043b\u0438\u0441\u0442\u0435 Cisco ASA \u043c\u043e\u0436\u043d\u043e \u0443\u043a\u0430\u0437\u0430\u0442\u044c IP \u0430\u0434\u0440\u0435\u0441\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0430 \u0438 \u043d\u0430\u0437\u043d\u0430\u0447\u0435\u043d\u0438\u044f, \u043d\u043e \u0442\u0430\u043a\u0436\u0435 \u043c\u043e\u0436\u043d\u043e \u0443\u043a\u0430\u0437\u044b\u0432\u0430\u0442\u044c \u0441\u0435\u0442\u0435\u0432\u043e\u0439 \u043e\u0431\u044a\u0435\u043a\u0442 \u0438\u043b\u0438 \u0433\u0440\u0443\u043f\u043f\u0443 \u043e\u0431\u044a\u0435\u043a\u0442\u043e\u0432. \u0413\u0440\u0443\u043f\u043f\u0430 \u043e\u0431\u044a\u0435\u043a\u0442\u043e\u0432 \u043c\u043e\u0436\u0435\u0442 \u0432\u043a\u043b\u044e\u0447\u0430\u0442\u044c \u0432 \u0441\u0435\u0431\u044f \u0434\u0440\u0443\u0433\u0438\u0435 \u0433\u0440\u0443\u043f\u043f\u044b \u043e\u0431\u044a\u0435\u043a\u0442\u043e\u0432. \u0415\u0441\u043b\u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043a\u043e\u043c\u0430\u043d\u0434\u0443 show access-list, \u0442\u043e \u0443\u0432\u0438\u0434\u0438\u043c \u0440\u0430\u0441\u0448\u0438\u0444\u0440\u043e\u0432\u043a\u0443 \u0432\u0441\u0435\u0445 \u043e\u0431\u044a\u0435\u043a\u0442\u043e\u0432 \u0432 IP \u043f\u0440\u0435\u0444\u0438\u043a\u0441\u044b, \u0447\u0442\u043e \u0443\u043f\u0440\u043e\u0449\u0430\u0435\u0442 \u043a\u043e\u043d\u0432\u0435\u0440\u0442\u0430\u0446\u0438\u044e \u0432 CSV \u0444\u0430\u0439\u043b<\/p>\n<pre><code>ciscoasa# show access-list access-list gl1 line 1 extended permit tcp object-group og1 object-group og12 eq ssh (hitcnt=0) 0xf57a470f   access-list gl1 line 1 extended permit tcp 10.0.3.0 255.255.255.0 host 10.0.0.3 eq ssh (hitcnt=0) 0x23c38b59   access-list gl1 line 1 extended permit tcp 10.0.3.0 255.255.255.0 10.0.0.0 255.255.255.0 eq ssh (hitcnt=0) 0x3bc77b3d   access-list gl1 line 1 extended permit tcp 10.0.41.0 255.255.255.0 host 10.0.0.3 eq ssh (hitcnt=0) 0xed8dff32   access-list gl1 line 1 extended permit tcp 10.0.41.0 255.255.255.0 10.0.0.0 255.255.255.0 eq ssh (hitcnt=0) 0xcde224d1 access-list gl1 line 2 extended permit tcp host 10.0.0.3 host 100.100.100.1 eq www (hitcnt=0) 0xf80a10d6 access-list gl1 line 3 extended permit tcp object on1 object on2 eq ssh (hitcnt=0) 0x70f8adb4   access-list gl1 line 3 extended permit tcp host 10.0.0.3 10.0.0.0 255.255.255.0 eq ssh (hitcnt=0) 0x70f8adb4 access-list gl2 line 1 extended permit tcp object-group og1 object-group og12 eq https (hitcnt=0) 0xd0d468b5   access-list gl2 line 1 extended permit tcp 10.0.3.0 255.255.255.0 host 10.0.0.3 eq https (hitcnt=0) 0xae19c8fe   access-list gl2 line 1 extended permit tcp 10.0.3.0 255.255.255.0 10.0.0.0 255.255.255.0 eq https (hitcnt=0) 0x93b63bc0   access-list gl2 line 1 extended permit tcp 10.0.41.0 255.255.255.0 host 10.0.0.3 eq https (hitcnt=0) 0x07c7a712   access-list gl2 line 1 extended permit tcp 10.0.41.0 255.255.255.0 10.0.0.0 255.255.255.0 eq https (hitcnt=0) 0xa7ced8a9 access-list gl2 line 2 extended permit ip object-group og1 object-group og12 (hitcnt=0) 0x516db3da   access-list gl2 line 2 extended permit ip 10.0.3.0 255.255.255.0 host 10.0.0.3 (hitcnt=0) 0x258b842a   access-list gl2 line 2 extended permit ip 10.0.3.0 255.255.255.0 10.0.0.0 255.255.255.0 (hitcnt=0) 0xd82afa19   access-list gl2 line 2 extended permit ip 10.0.41.0 255.255.255.0 host 10.0.0.3 (hitcnt=0) 0x3d4864ae   access-list gl2 line 2 extended permit ip 10.0.41.0 255.255.255.0 10.0.0.0 255.255.255.0 (hitcnt=0) 0xf4e436ba access-list gl2 line 3 extended permit tcp object on1 object on2 eq 121 (hitcnt=0) 0xac470d2c   access-list gl2 line 3 extended permit tcp host 10.0.0.3 10.0.0.0 255.255.255.0 eq 121 (hitcnt=0) 0xac470d2c access-list gl2 line 4 extended permit tcp host 10.0.0.3 10.0.0.0 255.255.255.0 eq ssh (hitcnt=0) 0x5ce66931 access-list gl2 line 5 extended permit tcp object on4_16 object on4_8 eq https (hitcnt=0) 0xd1faa964   access-list gl2 line 5 extended permit tcp 10.0.0.0 255.255.0.0 10.0.0.0 255.0.0.0 eq https (hitcnt=0) 0xd1faa964 access-list gl2 line 6 extended permit tcp object on4_16 object-group og5 eq https (hitcnt=0) 0x99c5cc7d   access-list gl2 line 6 extended permit tcp 10.0.0.0 255.255.0.0 host 1.1.1.1 eq https (hitcnt=0) 0xe802825a   access-list gl2 line 6 extended permit tcp 10.0.0.0 255.255.0.0 host 5.5.5.1 eq https (hitcnt=0) 0x80a1e5b3   access-list gl2 line 6 extended permit tcp 10.0.0.0 255.255.0.0 5.5.15.0 255.255.255.0 eq https (hitcnt=0) 0x25de07fd <\/code><\/pre>\n<p>\u0434\u0430\u043b\u0435\u0435 python \u043f\u0440\u0435\u043e\u0431\u0440\u0430\u0437\u0443\u0435\u0442 \u0430\u043a\u0441\u0435\u0441 \u043b\u0438\u0441\u0442 \u0432 CSV \u0444\u0430\u0439\u043b:<\/p>\n<pre><code>gl1,1,10.0.3.0,255.255.255.0,10.0.0.3,255.255.255.255,ssh gl1,1,10.0.3.0,255.255.255.0,10.0.0.0,255.255.255.0,ssh gl1,1,10.0.41.0,255.255.255.0,10.0.0.3,255.255.255.255,ssh gl1,1,10.0.41.0,255.255.255.0,10.0.0.0,255.255.255.0,ssh gl1,2,10.0.0.3,255.255.255.255,100.100.100.1,255.255.255.255,www gl1,3,10.0.0.3,255.255.255.255,10.0.0.0,255.255.255.0,ssh gl2,1,10.0.3.0,255.255.255.0,10.0.0.3,255.255.255.255,https gl2,1,10.0.3.0,255.255.255.0,10.0.0.0,255.255.255.0,https gl2,1,10.0.41.0,255.255.255.0,10.0.0.3,255.255.255.255,https gl2,1,10.0.41.0,255.255.255.0,10.0.0.0,255.255.255.0,https gl2,2,10.0.3.0,255.255.255.0,10.0.0.3,255.255.255.255,ip gl2,2,10.0.3.0,255.255.255.0,10.0.0.0,255.255.255.0,ip gl2,2,10.0.41.0,255.255.255.0,10.0.0.3,255.255.255.255,ip gl2,2,10.0.41.0,255.255.255.0,10.0.0.0,255.255.255.0,ip gl2,3,10.0.0.3,255.255.255.255,10.0.0.0,255.255.255.0,121 gl2,4,10.0.0.3,255.255.255.255,10.0.0.0,255.255.255.0,ssh gl2,5,10.0.0.0,255.255.0.0,10.0.0.0,255.0.0.0,https gl2,6,10.0.0.0,255.255.0.0,1.1.1.1,255.255.255.255,https gl2,6,10.0.0.0,255.255.0.0,5.5.5.1,255.255.255.255,https gl2,6,10.0.0.0,255.255.0.0,5.5.15.0,255.255.255.0,https<\/code><\/pre>\n<p>\u041e\u0431\u044b\u0447\u043d\u044b\u043c \u0442\u0435\u043a\u0441\u0442\u043e\u0432\u044b\u043c \u043f\u043e\u0438\u0441\u043a\u043e\u043c \u043c\u043e\u0436\u043d\u043e \u043d\u0430\u0439\u0442\u0438 \u0438\u0441\u043a\u043e\u043c\u044b\u0439 IP \u0430\u0434\u0440\u0435\u0441, \u043d\u043e \u043d\u0435\u043b\u044c\u0437\u044f \u043d\u0430\u0439\u0442\u0438 \u0432\u0441\u0435 \u043f\u0440\u0435\u0444\u0438\u043a\u0441\u044b \u0432 \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0432\u0445\u043e\u0434\u0438\u0442 \u044d\u0442\u043e\u0442 IP \u0430\u0434\u0440\u0435\u0441. \u0414\u043b\u044f \u044d\u0442\u043e\u0439 \u0446\u0435\u043b\u0438 \u0435\u0441\u0442\u044c \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0430 ipaddress. \u0421\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u0439 Python \u0441\u043a\u0440\u0438\u043f\u0442 \u0434\u0435\u043b\u0430\u0435\u0442 \u044d\u0442\u043e\u0442 \u043f\u043e\u0438\u0441\u043a:<\/p>\n<pre><code>#!\/usr\/bin\/python3 #  usage \" python asa_ip_check.py fw_name src_ip dst_ip\"  import csv import ipaddress import sys from sys import argv  args = sys.argv csv_file_src = args[1]+'.csv'    # \" ip_src = args[2]                 #  ip_dst = args[3]                                  #app = args[4]  with open(csv_file_src, 'r') as file:           # ip_src     reader = csv.reader(file, delimiter=\",\")     for row in reader:         if (ipaddress.ip_address(ip_src) in ipaddress.ip_network(f\"{row[2]}\/{row[3]}\", strict=False) and ipaddress.ip_address(ip_dst) in ipaddress.ip_network(f\"{row[4]}\/{row[5]}\", strict=False)):             print ( ip_src ,\" and \", ip_dst , ' in ', row) <\/code><\/pre>\n<p>\u0412 \u043a\u0430\u043a\u043e\u0439 \u0441\u0442\u0440\u043e\u043a\u0435 \u0440\u0430\u0437\u0440\u0435\u0448\u0435\u043d \u0434\u043e\u0441\u0442\u0443\u043f \u043e\u0442 \u0430\u0434\u0440\u0435\u0441\u0430 10.0.3.10 \u043a \u0430\u0434\u0440\u0435\u0441\u0443 5.5.15.100 ?<\/p>\n<pre><code>E:\\asa_rules_test&gt;python asa_ip_check.py asa 10.0.3.10 5.5.15.100 10.0.3.10  and  5.5.15.100  in  ['gl2', '6', '10.0.0.0', '255.255.0.0', '5.5.15.0', '255.255.255.0', 'https']<\/code><\/pre>\n<p>\u0434\u0430\u043b\u0435\u0435 python \u043f\u0440\u0435\u043e\u0431\u0440\u0430\u0437\u0443\u044e\u0449\u0438\u0439 \u0432\u044b\u0445\u043e\u0434 \u043a\u043e\u043c\u0430\u043d\u0434\u044b show access-list \u0432 CSV \u0444\u0430\u0439\u043b<\/p>\n<pre><code> #!\/usr\/bin\/python3 #  usage \" python asa_acl_to_csv.py fw_name \" it will open configuration file fw_name.conf  import csv import sys from sys import argv  args = sys.argv  # Set the input and output file names input_file = args[1] + '.conf'                           # asa show access-list to file fw_name.conf output_file = args[1] + '.csv'                           # address-set  to   fw_name.csv\"  # Open the input and output files with open(input_file, \"r\") as f, open(output_file, \"w\", newline=\"\") as out_file:     reader = csv.reader(f, delimiter=\" \")     writer = csv.writer(out_file)      add_name = None     for row in reader:          aclname = ''         aclline = ''         aclsrc  = ''         aclspr  = ''         acldst  = ''         acldpr  = ''         aclapp  = ''         try:             if ( not (\"object\" in row) and not (\"object-group\" in row) and not (\"remark\" in row) ):                 if ((row[0] == \"access-list\") and (row[2] == \"line\") and (row[5] == \"permit\") ):                     aclname = row[1]                     aclline = row[3]                     if (row[7] == \"host\"):                         aclsrc  = row[8]                         aclspr  = '255.255.255.255'                         if (row[9] == \"host\"):                             acldst  = row[10]                             acldpr  = '255.255.255.255'                             aclapp  = row[12]                         else:                             acldst  = row[9]                             acldpr  = row[10]                             aclapp  = row[12]                                                 else:                         aclsrc  = row[7]                         aclspr  = row[8]                         if (row[9] == \"host\"):                             acldst  = row[10]                             acldpr  = '255.255.255.255'                             aclapp  = row[12]                              else:                             acldst  = row[9]                             acldpr  = row[10]                             aclapp  = row[12]                     if (row[6] == \"ip\"):                             aclapp  = row[6]                                       elif ((row[2] == \"access-list\") and (row[4] == \"line\") and (row[7] == \"permit\") ):                     aclname = row[3]                     aclline = row[5]                          if (row[9] == \"host\"):                         aclsrc  = row[10]                         aclspr  = '255.255.255.255'                         if (row[11] == \"host\"):                             acldst  = row[12]                             acldpr  = '255.255.255.255'                               else:                             acldst  = row[11]                             acldpr  = row[12]                             aclapp  = row[14]                                                 else:                         aclsrc  = row[9]                         aclspr  = row[10]                         if (row[11] == \"host\"):                             acldst  <\/code><\/pre>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[],"tags":[],"class_list":["post-428706","post","type-post","status-publish","format-standard","hentry"],"_links":{"self":[{"href":"https:\/\/savepearlharbor.com\/index.php?rest_route=\/wp\/v2\/posts\/428706","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/savepearlharbor.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/savepearlharbor.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/savepearlharbor.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/savepearlharbor.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=428706"}],"version-history":[{"count":0,"href":"https:\/\/savepearlharbor.com\/index.php?rest_route=\/wp\/v2\/posts\/428706\/revisions"}],"wp:attachment":[{"href":"https:\/\/savepearlharbor.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=428706"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/savepearlharbor.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=428706"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/savepearlharbor.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=428706"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}