{"id":430212,"date":"2024-08-25T21:00:55","date_gmt":"2024-08-25T21:00:55","guid":{"rendered":"http:\/\/savepearlharbor.com\/?p=430212"},"modified":"-0001-11-30T00:00:00","modified_gmt":"-0001-11-29T21:00:00","slug":"","status":"publish","type":"post","link":"https:\/\/savepearlharbor.com\/?p=430212","title":{"rendered":"Cisco ASA, \u0430\u0432\u0442\u043e\u043c\u0430\u0442\u0438\u0437\u0430\u0446\u0438\u044f \u043f\u043e\u0438\u0441\u043a\u0430 \u043d\u0443\u0436\u043d\u044b\u0445 \u0441\u0442\u0440\u043e\u043a \u0432 \u0430\u043a\u0441\u0435\u0441-\u043b\u0438\u0441\u0442\u0435 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e python. \u0447.2<\/span>"},"content":{"rendered":"
<\/div>\n
\n
\n
\n
\n

\u041f\u0435\u0440\u0432\u0430\u044f \u0447\u0430\u0441\u0442\u044c \u0437\u0434\u0435\u0441\u044c https:\/\/habr.com\/ru\/articles\/834874\/<\/p>\n

\u0412 \u043f\u0435\u0440\u0432\u043e\u0439 \u0447\u0430\u0441\u0442\u0438 \u043a\u043e\u0434 \u0440\u0430\u0431\u043e\u0442\u0430\u044e\u0449\u0438\u0439, \u043d\u043e \u043d\u0435 \u043e\u0447\u0435\u043d\u044c \u0447\u0438\u0442\u0430\u0435\u043c\u044b\u0439, \u0438 \u0442\u0440\u0443\u0434\u043d\u044b\u0439 \u0434\u043b\u044f \u0432\u043e\u0441\u043f\u0440\u0438\u044f\u0442\u0438\u044f. \u0421\u0435\u0439\u0447\u0430\u0441 \u0443\u043b\u0443\u0447\u0448\u0435\u043d\u043d\u044b\u0439 \u0438 \u0443\u0434\u043e\u0431\u043e\u0447\u0438\u0442\u0430\u0435\u043c\u044b\u0439 \u043a\u043e\u0434, \u0441 \u043a\u043e\u043c\u043c\u0435\u043d\u0442\u0430\u0440\u0438\u044f\u043c\u0438.<\/p>\n

\u041f\u043e\u0441\u043b\u0435 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043a\u043e\u043c\u0430\u043d\u0434\u044b ‘show access-list’ \u0432 Cisco ASA \u043f\u043e\u043b\u0443\u0447\u0430\u0435\u043c:<\/p>\n

ciscoasa# show access-list access-list cached ACL log flows: total 0, denied 0 (deny-flow-max 4096)             alert-interval 300 access-list gl1; 7 elements; name hash: 0xe79499bb access-list gl1 line 1 extended permit tcp object-group og1 object-group og12 eq ssh (hitcnt=0) 0xf57a470f   access-list gl1 line 1 extended permit tcp 10.0.3.0 255.255.255.0 host 10.0.0.3 eq ssh (hitcnt=0) 0x23c38b59   access-list gl1 line 1 extended permit tcp 10.0.3.0 255.255.255.0 10.0.0.0 255.255.255.0 eq ssh (hitcnt=0) 0x3bc77b3d   access-list gl1 line 1 extended permit tcp 10.0.41.0 255.255.255.0 host 10.0.0.3 eq ssh (hitcnt=0) 0xed8dff32   access-list gl1 line 1 extended permit tcp 10.0.41.0 255.255.255.0 10.0.0.0 255.255.255.0 eq ssh (hitcnt=0) 0xcde224d1 access-list gl1 line 2 extended permit tcp host 10.0.0.3 host 100.100.100.1 eq www (hitcnt=0) 0xf80a10d6 access-list gl1 line 3 extended permit tcp object on1 object on2 eq ssh (hitcnt=0) 0x70f8adb4   access-list gl1 line 3 extended permit tcp host 10.0.0.3 10.0.0.0 255.255.255.0 eq ssh (hitcnt=0) 0x70f8adb4 access-list gl1 line 4 extended permit tcp object on1 host 100.100.100.1 eq www (hitcnt=0) 0x301bd0fd   access-list gl1 line 4 extended permit tcp host 10.0.0.3 host 100.100.100.1 eq www (hitcnt=0) 0x301bd0fd access-list gl2; 23 elements; name hash: 0xec1e290 access-list gl2 line 1 extended permit tcp object-group og1 object-group og12 eq https (hitcnt=0) 0xd0d468b5   access-list gl2 line 1 extended permit tcp 10.0.3.0 255.255.255.0 host 10.0.0.3 eq https (hitcnt=0) 0xae19c8fe   access-list gl2 line 1 extended permit tcp 10.0.3.0 255.255.255.0 10.0.0.0 255.255.255.0 eq https (hitcnt=0) 0x93b63bc0   access-list gl2 line 1 extended permit tcp 10.0.41.0 255.255.255.0 host 10.0.0.3 eq https (hitcnt=0) 0x07c7a712   access-list gl2 line 1 extended permit tcp 10.0.41.0 255.255.255.0 10.0.0.0 255.255.255.0 eq https (hitcnt=0) 0xa7ced8a9 access-list gl2 line 2 extended permit ip object-group og1 object-group og12 (hitcnt=0) 0x516db3da   access-list gl2 line 2 extended permit ip 10.0.3.0 255.255.255.0 host 10.0.0.3 (hitcnt=0) 0x258b842a   access-list gl2 line 2 extended permit ip 10.0.3.0 255.255.255.0 10.0.0.0 255.255.255.0 (hitcnt=0) 0xd82afa19   access-list gl2 line 2 extended permit ip 10.0.41.0 255.255.255.0 host 10.0.0.3 (hitcnt=0) 0x3d4864ae   access-list gl2 line 2 extended permit ip 10.0.41.0 255.255.255.0 10.0.0.0 255.255.255.0 (hitcnt=0) 0xf4e436ba access-list gl2 line 3 extended permit tcp object on1 object on2 eq 121 (hitcnt=0) 0xac470d2c   access-list gl2 line 3 extended permit tcp host 10.0.0.3 10.0.0.0 255.255.255.0 eq 121 (hitcnt=0) 0xac470d2c access-list gl2 line 4 extended permit tcp host 10.0.0.3 10.0.0.0 255.255.255.0 eq ssh (hitcnt=0) 0x5ce66931 access-list gl2 line 5 extended permit tcp object on4_16 object on4_8 eq https (hitcnt=0) 0xd1faa964   access-list gl2 line 5 extended permit tcp 10.0.0.0 255.255.0.0 10.0.0.0 255.0.0.0 eq https (hitcnt=0) 0xd1faa964 access-list gl2 line 6 extended permit tcp object on4_16 object-group og5 eq https (hitcnt=0) 0x99c5cc7d   access-list gl2 line 6 extended permit tcp 10.0.0.0 255.255.0.0 host 1.1.1.1 eq https (hitcnt=0) 0xe802825a   access-list gl2 line 6 extended permit tcp 10.0.0.0 255.255.0.0 host 5.5.5.1 eq https (hitcnt=0) 0x80a1e5b3   access-list gl2 line 6 extended permit tcp 10.0.0.0 255.255.0.0 5.5.15.0 255.255.255.0 eq https (hitcnt=0) 0x25de07fd access-list gl2 line 7 extended permit tcp object on4_8 object-group og5 eq https (hitcnt=0) 0xcd171889   access-list gl2 line 7 extended permit tcp 10.0.0.0 255.0.0.0 host 1.1.1.1 eq https (hitcnt=0) 0x0cf8371e   access-list gl2 line 7 extended permit tcp 10.0.0.0 255.0.0.0 host 5.5.5.1 eq https (hitcnt=0) 0xad10cac6   access-list gl2 line 7 extended permit tcp 10.0.0.0 255.0.0.0 5.5.15.0 255.255.255.0 eq https (hitcnt=0) 0xaeb148b6 access-list gl2 line 8 extended permit tcp any object on2 eq 121 (hitcnt=0) 0x6eb4423f   access-list gl2 line 8 extended permit tcp any 10.0.0.0 255.255.255.0 eq 121 (hitcnt=0) 0x6eb4423f access-list gl2 line 9 extended permit tcp object on4_8 any eq https (hitcnt=0) 0xbb42911c   access-list gl2 line 9 extended permit tcp 10.0.0.0 255.0.0.0 any eq https (hitcnt=0) 0xbb42911c access-list gl2 line 10 extended permit tcp any object-group og5 eq https (hitcnt=0) 0x61792dc7   access-list gl2 line 10 extended permit tcp any host 1.1.1.1 eq https (hitcnt=0) 0x7b4af33d   access-list gl2 line 10 extended permit tcp any host 5.5.5.1 eq https (hitcnt=0) 0x4fa8c459   access-list gl2 line 10 extended permit tcp any 5.5.15.0 255.255.255.0 eq https (hitcnt=0) 0xd8987a26 access-list gl2 line 11 extended deny ip any any log informational interval 300 (hitcnt=0) 0x22c3cb18 ciscoasa# <\/code><\/pre>\n
\u0417\u0430\u0442\u0435\u043c Python \u043f\u0440\u0435\u043e\u0431\u0440\u0430\u0437\u0443\u0435\u0442 \u0430\u043a\u0441\u0435\u0441 \u043b\u0438\u0441\u0442 \u0432 \u0444\u0430\u0439\u043b CSV. <\/p>\n
\u041e\u043d \u0443\u0434\u0430\u043b\u044f\u0435\u0442 \u0432\u0435\u0434\u0443\u0449\u0438\u0435 \u043f\u0440\u043e\u0431\u0435\u043b\u044b \u0432 \u0441\u0442\u0440\u043e\u043a\u0430\u0445 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u0444\u0443\u043d\u043a\u0446\u0438\u0438 line.lstrip(). <\/p>\n
\u0423\u0434\u0430\u043b\u044f\u0435\u0442 \u0432\u0441\u0435 \u043d\u0435\u043d\u0443\u0436\u043d\u044b\u0435 \u0441\u0442\u0440\u043e\u043a\u0438 \u0441\u043e \u0441\u043b\u043e\u0432\u0430\u043c\u0438: \u00abobject\u00bb, \u00abremark\u00bb, \u00ab#\u00bb, \u00abdenied\u00bb, \u00abalert-interval\u00bb. <\/p>\n
\u0417\u0430\u043c\u0435\u043d\u044f\u0435\u0442 \u0441\u043b\u043e\u0432\u043e \u00abany\u00bb \u043d\u0430 \u00ab0.0.0.0 0.0.0.0\u00bb, \u0442\u0430\u043a\u0436\u0435 \u0437\u0430\u043c\u0435\u043d\u044f\u0435\u0442 \u0441\u043b\u043e\u0432\u043e \u00abhost 1.1.1.1\u00bb \u043d\u0430 \u00ab1.1.1.1 255.255.255.255\u00bb. <\/p>\n
#!\/usr\/bin\/python3 #  usage \" python asa_acl_to_csv_.py fw_name \" it will open file fw_name.conf and convert to CSV file  import csv, sys, re from sys import argv  args = sys.argv              # read command line arguments  # Set the input and output file names input_file = args[1] + '.conf'                           # asa show access-list saved to file fw_name.conf output_file = args[1] + '.csv'                           # access-list  to   fw_name.csv\" with open(input_file, 'r', encoding='utf-8') as file, open(output_file, \"w\", newline=\"\") as out_file:     writer = csv.writer(out_file)     lines = file.readlines()     for line in lines:                                                                                    # loop each line in input file         stripped_line = line.lstrip()                                                                     # Strip leading and trailing spaces in line         if (\"#\" in stripped_line or \"denied\" in stripped_line or \"alert-interval\" in stripped_line):      # Skip lines that contain \"#\" or \"denied\" or             continue                                                                                      # move to the next line in file         if (\"elements\" in stripped_line or \"object\" in stripped_line or \"remark\" in stripped_line):       # Skip lines that contain \"elements\" or             continue         if stripped_line.strip() == \"\":                                                                   # Skip empty lines             continue         stripped_line = re.sub(r' host ([\\w.]+)', r' \\1 255.255.255.255', stripped_line)                  # replace 'host 1.1.1.1' with '1.1.1.1 255.255.255.255'         stripped_line = stripped_line.replace( ' any ', ' 0.0.0.0 0.0.0.0 ')                              # replace 'any' with '0.0.0.0 0.0.0.0'         stripped_line = stripped_line.replace( ' any ', ' 0.0.0.0 0.0.0.0 ')         nwords = stripped_line.split()                                                                    # convert line to list         if nwords[6] == 'ip':             nwords.insert(11, 'eq')                 nwords.insert(12, 'ip')                                                                       # add 'ip' as a protocol after destination prefix         print(nwords)                     writer.writerow([nwords[1],nwords[3],nwords[5],nwords[7],nwords[8],nwords[9],nwords[10],nwords[11],nwords[12]])   # write a line in output CSV file <\/code><\/pre>\n
\u0438 \u043f\u043e\u043b\u0443\u0447\u0430\u0435\u043c CSV \u0444\u0430\u0439\u043b:<\/p>\n
gl1,1,permit,10.0.3.0,255.255.255.0,10.0.0.3,255.255.255.255,eq,ssh gl1,1,permit,10.0.3.0,255.255.255.0,10.0.0.0,255.255.255.0,eq,ssh gl1,1,permit,10.0.41.0,255.255.255.0,10.0.0.3,255.255.255.255,eq,ssh gl1,1,permit,10.0.41.0,255.255.255.0,10.0.0.0,255.255.255.0,eq,ssh gl1,2,permit,10.0.0.3,255.255.255.255,100.100.100.1,255.255.255.255,eq,www gl1,3,permit,10.0.0.3,255.255.255.255,10.0.0.0,255.255.255.0,eq,ssh gl1,4,permit,10.0.0.3,255.255.255.255,100.100.100.1,255.255.255.255,eq,www gl2,1,permit,10.0.3.0,255.255.255.0,10.0.0.3,255.255.255.255,eq,https gl2,1,permit,10.0.3.0,255.255.255.0,10.0.0.0,255.255.255.0,eq,https gl2,1,permit,10.0.41.0,255.255.255.0,10.0.0.3,255.255.255.255,eq,https gl2,1,permit,10.0.41.0,255.255.255.0,10.0.0.0,255.255.255.0,eq,https gl2,2,permit,10.0.3.0,255.255.255.0,10.0.0.3,255.255.255.255,eq,ip gl2,2,permit,10.0.3.0,255.255.255.0,10.0.0.0,255.255.255.0,eq,ip gl2,2,permit,10.0.41.0,255.255.255.0,10.0.0.3,255.255.255.255,eq,ip gl2,2,permit,10.0.41.0,255.255.255.0,10.0.0.0,255.255.255.0,eq,ip gl2,3,permit,10.0.0.3,255.255.255.255,10.0.0.0,255.255.255.0,eq,121 gl2,4,permit,10.0.0.3,255.255.255.255,10.0.0.0,255.255.255.0,eq,ssh gl2,5,permit,10.0.0.0,255.255.0.0,10.0.0.0,255.0.0.0,eq,https gl2,6,permit,10.0.0.0,255.255.0.0,1.1.1.1,255.255.255.255,eq,https gl2,6,permit,10.0.0.0,255.255.0.0,5.5.5.1,255.255.255.255,eq,https gl2,6,permit,10.0.0.0,255.255.0.0,5.5.15.0,255.255.255.0,eq,https gl2,7,permit,10.0.0.0,255.0.0.0,1.1.1.1,255.255.255.255,eq,https gl2,7,permit,10.0.0.0,255.0.0.0,5.5.5.1,255.255.255.255,eq,https gl2,7,permit,10.0.0.0,255.0.0.0,5.5.15.0,255.255.255.0,eq,https gl2,8,permit,0.0.0.0,0.0.0.0,10.0.0.0,255.255.255.0,eq,121 gl2,9,permit,10.0.0.0,255.0.0.0,0.0.0.0,0.0.0.0,eq,https gl2,10,permit,0.0.0.0,0.0.0.0,1.1.1.1,255.255.255.255,eq,https gl2,10,permit,0.0.0.0,0.0.0.0,5.5.5.1,255.255.255.255,eq,https gl2,10,permit,0.0.0.0,0.0.0.0,5.5.15.0,255.255.255.0,eq,https gl2,11,deny,0.0.0.0,0.0.0.0,0.0.0.0,0.0.0.0,eq,ip <\/code><\/pre>\n
\u0412 Cisco ASA \u043d\u0435\u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u0442\u044c \u043f\u043e\u0432\u0442\u043e\u0440\u044f\u044e\u0449\u0438\u0435\u0441\u044f \u0441\u0442\u0440\u043e\u043a\u0438 \u0432 \u0430\u043a\u0441\u0435\u0441 \u043b\u0438\u0441\u0442\u0435, \u043d\u043e \u043c\u043e\u0436\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u0442\u044c \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u043e \u043e\u0431\u044a\u0435\u043a\u0442\u043e\u0432 \u0441 \u043e\u0434\u043d\u0438\u043c \u0438 \u0442\u0435\u043c \u0436\u0435 IP-\u0430\u0434\u0440\u0435\u0441\u043e\u043c, \u0438 \u043c\u043e\u0436\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u0442\u044c \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u043e \u0434\u0443\u0431\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0445 \u0441\u0442\u0440\u043e\u043a \u0432 \u0430\u043a\u0441\u0435\u0441 \u043b\u0438\u0441\u0442\u0435, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0430\u0437\u043d\u044b\u0435 \u043e\u0431\u044a\u0435\u043a\u0442\u044b. \u0412\u043d\u0443\u0442\u0440\u0438 CSV-\u0444\u0430\u0439\u043b\u0430 \u043c\u043e\u0436\u043d\u043e \u043e\u0442\u0441\u043e\u0440\u0442\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0441\u0442\u0440\u043e\u043a\u0438 \u043f\u043e \u043d\u0443\u0436\u043d\u044b\u043c \u043f\u043e\u043b\u044f\u043c \u0438 \u043b\u0435\u0433\u043a\u043e \u043d\u0430\u0439\u0442\u0438 \u043f\u043e\u0432\u0442\u043e\u0440\u044f\u044e\u0449\u0438\u0435\u0441\u044f \u0441\u0442\u0440\u043e\u043a\u0438. <\/p>\n
\u0410 \u043f\u043e\u0447\u0435\u043c\u0443 \u043d\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c textFSM ? \u0422\u0430\u043c \u0441\u043e\u0432\u0441\u0435\u043c \u0434\u0440\u0443\u0433\u043e\u0439 \u0432\u044b\u0432\u043e\u0434, \u043d\u0435 \u043f\u043e\u0434\u0445\u043e\u0434\u044f\u0449\u0438\u0439 \u0434\u043b\u044f \u0434\u0430\u043d\u043d\u043e\u0439 \u0437\u0430\u0434\u0430\u0447\u0438.<\/p>\n
\u0410 \u043f\u043e\u0447\u0435\u043c\u0443 \u043d\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c pyats\/genie. \u0422\u0430\u043c \u043d\u0435\u0442 \u043f\u0430\u0440\u0441\u0435\u0440\u0430 \u0434\u043b\u044f \u044d\u0442\u043e\u0439 \u043a\u043e\u043c\u0430\u043d\u0434\u044b.<\/p>\n
\u041b\u044e\u0431\u044b\u0435 \u043a\u043e\u043c\u043c\u0435\u043d\u0442\u0430\u0440\u0438\u0438 \u0438 \u0432\u043e\u043f\u0440\u043e\u0441\u044b \u043f\u0440\u0438\u0432\u0435\u0442\u0441\u0442\u0432\u0443\u044e\u0442\u0441\u044f.<\/p>\n<\/p>\n<\/div>\n<\/div>\n<\/div>\n
<\/div>\n

 \u0441\u0441\u044b\u043b\u043a\u0430 \u043d\u0430 \u043e\u0440\u0438\u0433\u0438\u043d\u0430\u043b \u0441\u0442\u0430\u0442\u044c\u0438  https:\/\/habr.com\/ru\/articles\/838428\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"
<\/div>\n
\n
\n
\n
\n
\u041f\u0435\u0440\u0432\u0430\u044f \u0447\u0430\u0441\u0442\u044c \u0437\u0434\u0435\u0441\u044c https:\/\/habr.com\/ru\/articles\/834874\/<\/p>\n
\u0412 \u043f\u0435\u0440\u0432\u043e\u0439 \u0447\u0430\u0441\u0442\u0438 \u043a\u043e\u0434 \u0440\u0430\u0431\u043e\u0442\u0430\u044e\u0449\u0438\u0439, \u043d\u043e \u043d\u0435 \u043e\u0447\u0435\u043d\u044c \u0447\u0438\u0442\u0430\u0435\u043c\u044b\u0439, \u0438 \u0442\u0440\u0443\u0434\u043d\u044b\u0439 \u0434\u043b\u044f \u0432\u043e\u0441\u043f\u0440\u0438\u044f\u0442\u0438\u044f. \u0421\u0435\u0439\u0447\u0430\u0441 \u0443\u043b\u0443\u0447\u0448\u0435\u043d\u043d\u044b\u0439 \u0438 \u0443\u0434\u043e\u0431\u043e\u0447\u0438\u0442\u0430\u0435\u043c\u044b\u0439 \u043a\u043e\u0434, \u0441 \u043a\u043e\u043c\u043c\u0435\u043d\u0442\u0430\u0440\u0438\u044f\u043c\u0438.<\/p>\n
\u041f\u043e\u0441\u043b\u0435 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043a\u043e\u043c\u0430\u043d\u0434\u044b ‘show access-list’ \u0432 Cisco ASA \u043f\u043e\u043b\u0443\u0447\u0430\u0435\u043c:<\/p>\n
ciscoasa# show access-list access-list cached ACL log flows: total 0, denied 0 (deny-flow-max 4096)             alert-interval 300 access-list gl1; 7 elements; name hash: 0xe79499bb access-list gl1 line 1 extended permit tcp object-group og1 object-group og12 eq ssh (hitcnt=0) 0xf57a470f   access-list gl1 line 1 extended permit tcp 10.0.3.0 255.255.255.0 host 10.0.0.3 eq ssh (hitcnt=0) 0x23c38b59   access-list gl1 line 1 extended permit tcp 10.0.3.0 255.255.255.0 10.0.0.0 255.255.255.0 eq ssh (hitcnt=0) 0x3bc77b3d   access-list gl1 line 1 extended permit tcp 10.0.41.0 255.255.255.0 host 10.0.0.3 eq ssh (hitcnt=0) 0xed8dff32   access-list gl1 line 1 extended permit tcp 10.0.41.0 255.255.255.0 10.0.0.0 255.255.255.0 eq ssh (hitcnt=0) 0xcde224d1 access-list gl1 line 2 extended permit tcp host 10.0.0.3 host 100.100.100.1 eq www (hitcnt=0) 0xf80a10d6 access-list gl1 line 3 extended permit tcp object on1 object on2 eq ssh (hitcnt=0) 0x70f8adb4   access-list gl1 line 3 extended permit tcp host 10.0.0.3 10.0.0.0 255.255.255.0 eq ssh (hitcnt=0) 0x70f8adb4 access-list gl1 line 4 extended permit tcp object on1 host 100.100.100.1 eq www (hitcnt=0) 0x301bd0fd   access-list gl1 line 4 extended permit tcp host 10.0.0.3 host 100.100.100.1 eq www (hitcnt=0) 0x301bd0fd access-list gl2; 23 elements; name hash: 0xec1e290 access-list gl2 line 1 extended permit tcp object-group og1 object-group og12 eq https (hitcnt=0) 0xd0d468b5   access-list gl2 line 1 extended permit tcp 10.0.3.0 255.255.255.0 host 10.0.0.3 eq https (hitcnt=0) 0xae19c8fe   access-list gl2 line 1 extended permit tcp 10.0.3.0 255.255.255.0 10.0.0.0 255.255.255.0 eq https (hitcnt=0) 0x93b63bc0   access-list gl2 line 1 extended permit tcp 10.0.41.0 255.255.255.0 host 10.0.0.3 eq https (hitcnt=0) 0x07c7a712   access-list gl2 line 1 extended permit tcp 10.0.41.0 255.255.255.0 10.0.0.0 255.255.255.0 eq https (hitcnt=0) 0xa7ced8a9 access-list gl2 line 2 extended permit ip object-group og1 object-group og12 (hitcnt=0) 0x516db3da   access-list gl2 line 2 extended permit ip 10.0.3.0 255.255.255.0 host 10.0.0.3 (hitcnt=0) 0x258b842a   access-list gl2 line 2 extended permit ip 10.0.3.0 255.255.255.0 10.0.0.0 255.255.255.0 (hitcnt=0) 0xd82afa19   access-list gl2 line 2 extended permit ip 10.0.41.0 255.255.255.0 host 10.0.0.3 (hitcnt=0) 0x3d4864ae   access-list gl2 line 2 extended permit ip 10.0.41.0 255.255.255.0 10.0.0.0 255.255.255.0 (hitcnt=0) 0xf4e436ba access-list gl2 line 3 extended permit tcp object on1 object on2 eq 121 (hitcnt=0) 0xac470d2c   access-list gl2 line 3 extended permit tcp host 10.0.0.3 10.0.0.0 255.255.255.0 eq 121 (hitcnt=0) 0xac470d2c access-list gl2 line 4 extended permit tcp host 10.0.0.3 10.0.0.0 255.255.255.0 eq ssh (hitcnt=0) 0x5ce66931 access-list gl2 line 5 extended permit tcp object on4_16 object on4_8 eq https (hitcnt=0) 0xd1faa964   access-list gl2 line 5 extended permit tcp 10.0.0.0 255.255.0.0 10.0.0.0 255.0.0.0 eq https (hitcnt=0) 0xd1faa964 access-list gl2 line 6 extended permit tcp object on4_16 object-group og5 eq https (hitcnt=0) 0x99c5cc7d   access-list gl2 line 6 extended permit tcp 10.0.0.0 255.255.0.0 host 1.1.1.1 eq https (hitcnt=0) 0xe802825a   access-list gl2 line 6 extended permit tcp 10.0.0.0 255.255.0.0 host 5.5.5.1 eq https (hitcnt=0) 0x80a1e5b3   access-list gl2 line 6 extended permit tcp 10.0.0.0 255.255.0.0 5.5.15.0 255.255.255.0 eq https (hitcnt=0) 0x25de07fd access-list gl2 line 7 extended permit tcp object on4_8 object-group og5 eq https (hitcnt=0) 0xcd171889   access-list gl2 line 7 extended permit tcp 10.0.0.0 255.0.0.0 host 1.1.1.1 eq https (hitcnt=0) 0x0cf8371e   access-list gl2 line 7 extended permit tcp 10.0.0.0 255.0.0.0 host 5.5.5.1 eq https (hitcnt=0) 0xad10cac6   access-list gl2 line 7 extended permit tcp 10.0.0.0 255.0.0.0 5.5.15.0 255.255.255.0 eq https (hitcnt=0) 0xaeb148b6 access-list gl2 line 8 extended permit tcp any object on2 eq 121 (hitcnt=0) 0x6eb4423f   access-list gl2 line 8 extended permit tcp any 10.0.0.0 255.255.255.0 eq 121 (hitcnt=0) 0x6eb4423f access-list gl2 line 9 extended permit tcp object on4_8 any eq https (hitcnt=0) 0xbb42911c   access-list gl2 line 9 extended permit tcp 10.0.0.0 255.0.0.0 any eq https (hitcnt=0) 0xbb42911c access-list gl2 line 10 extended permit tcp any object-group og5 eq https (hitcnt=0) 0x61792dc7   access-list gl2 line 10 extended permit tcp any host 1.1.1.1 eq https (hitcnt=0) 0x7b4af33d   access-list gl2 line 10 extended permit tcp any host 5.5.5.1 eq https (hitcnt=0) 0x4fa8c459   access-list gl2 line 10 extended permit tcp any 5.5.15.0 255.255.255.0 eq https (hitcnt=0) 0xd8987a26 access-list gl2 line 11 extended deny ip any any log informational interval 300 (hitcnt=0) 0x22c3cb18 ciscoasa# <\/code><\/pre>\n
\u0417\u0430\u0442\u0435\u043c Python \u043f\u0440\u0435\u043e\u0431\u0440\u0430\u0437\u0443\u0435\u0442 \u0430\u043a\u0441\u0435\u0441 \u043b\u0438\u0441\u0442 \u0432 \u0444\u0430\u0439\u043b CSV. <\/p>\n
\u041e\u043d \u0443\u0434\u0430\u043b\u044f\u0435\u0442 \u0432\u0435\u0434\u0443\u0449\u0438\u0435 \u043f\u0440\u043e\u0431\u0435\u043b\u044b \u0432 \u0441\u0442\u0440\u043e\u043a\u0430\u0445 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u0444\u0443\u043d\u043a\u0446\u0438\u0438 line.lstrip(). <\/p>\n
\u0423\u0434\u0430\u043b\u044f\u0435\u0442 \u0432\u0441\u0435 \u043d\u0435\u043d\u0443\u0436\u043d\u044b\u0435 \u0441\u0442\u0440\u043e\u043a\u0438 \u0441\u043e \u0441\u043b\u043e\u0432\u0430\u043c\u0438: \u00abobject\u00bb, \u00abremark\u00bb, \u00ab#\u00bb, \u00abdenied\u00bb, \u00abalert-interval\u00bb. <\/p>\n
\u0417\u0430\u043c\u0435\u043d\u044f\u0435\u0442 \u0441\u043b\u043e\u0432\u043e \u00abany\u00bb \u043d\u0430 \u00ab0.0.0.0 0.0.0.0\u00bb, \u0442\u0430\u043a\u0436\u0435 \u0437\u0430\u043c\u0435\u043d\u044f\u0435\u0442 \u0441\u043b\u043e\u0432\u043e \u00abhost 1.1.1.1\u00bb \u043d\u0430 \u00ab1.1.1.1 255.255.255.255\u00bb. <\/p>\n
#!\/usr\/bin\/python3 #  usage \" python asa_acl_to_csv_.py fw_name \" it will open file fw_name.conf and convert to CSV file  import csv, sys, re from sys import argv  args = sys.argv              # read command line arguments  # Set the input and output file names input_file = args[1] + '.conf'                           # asa show access-list saved to file fw_name.conf output_file = args[1] + '.csv'                           # access-list  to   fw_name.csv\" with open(input_file, 'r', encoding='utf-8') as file, open(output_file, \"w\", newline=\"\") as out_file:     writer = csv.writer(out_file)     lines = file.readlines()     for line in lines:                                                                                    # loop each line in input file         stripped_line = line.lstrip()                                                                     # Strip leading and trailing spaces in line         if (\"#\" in stripped_line or \"denied\" in stripped_line or \"alert-interval\" in stripped_line):      # Skip lines that contain \"#\" or \"denied\" or             continue                                                                                      # move to the next line in file         if (\"elements\" in stripped_line or \"object\" in stripped_line or \"remark\" in stripped_line):       # Skip lines that contain \"elements\" or             continue         if stripped_line.strip() == \"\":                                                                   # Skip empty lines             continue         stripped_line = re.sub(r' host ([\\w.]+)', r' \\1 255.255.255.255', stripped_line)                  # replace 'host 1.1.1.1' with '1.1.1.1 255.255.255.255'         stripped_line = stripped_line.replace( ' any ', ' 0.0.0.0 0.0.0.0 ')                              # replace 'any' with '0.0.0.0 0.0.0.0'         stripped_line = stripped_line.replace( ' any ', ' 0.0.0.0 0.0.0.0 ')         nwords = stripped_line.split()                                                                    # convert line to list         if nwords[6] == 'ip':             nwords.insert(11, 'eq')                 nwords.insert(12, 'ip')                                                                       # add 'ip' as a protocol after destination prefix         print(nwords)                     writer.writerow([nwords[1],nwords[3],nwords[5],nwords[7],nwords[8],nwords[9],nwords[10],nwords[11],nwords[12]])   # write a line in output CSV file <\/code><\/pre>\n
\u0438 \u043f\u043e\u043b\u0443\u0447\u0430\u0435\u043c CSV \u0444\u0430\u0439\u043b:<\/p>\n
gl1,1,permit,10.0.3.0,255.255.255.0,10.0.0.3,255.255.255.255,eq,ssh gl1,1,permit,10.0.3.0,255.255.255.0,10.0.0.0,255.255.255.0,eq,ssh gl1,1,permit,10.0.41.0,255.255.255.0,10.0.0.3,255.255.255.255,eq,ssh gl1,1,permit,10.0.41.0,255.255.255.0,10.0.0.0,255.255.255.0,eq,ssh gl1,2,permit,10.0.0.3,255.255.255.255,100.100.100.1,255.255.255.255,eq,www gl1,3,permit,10.0.0.3,255.255.255.255,10.0.0.0,255.255.255.0,eq,ssh gl1,4,permit,10.0.0.3,255.255.255.255,100.100.100.1,255.255.255.255,eq,www gl2,1,permit,10.0.3.0,255.255.255.0,10.0.0.3,255.255.255.255,eq,https gl2,1,permit,10.0.3.0,255.255.255.0,10.0.0.0,255.255.255.0,eq,https gl2,1,permit,10.0.41.0,255.255.255.0,10.0.0.3,255.255.255.255,eq,https gl2,1,permit,10.0.41.0,255.255.255.0,10.0.0.0,255.255.255.0,eq,https gl2,2,permit,10.0.3.0,255.255.255.0,10.0.0.3,255.255.255.255,eq,ip gl2,2,permit,10.0.3.0,255.255.255.0,10.0.0.0,255.255.255.0,eq,ip gl2,2,permit,10.0.41.0,255.255.255.0,10.0.0.3,255.255.255.255,eq,ip gl2,2,permit,10.0.41.0,255.255.255.0,10.0.0.0,255.255.255.0,eq,ip gl2,3,permit,10.0.0.3,255.255.255.255,10.0.0.0,255.255.255.0,eq,121 gl2,4,permit,10.0.0.3,255.255.255.255,10.0.0.0,255.255.255.0,eq,ssh gl2,5,permit,10.0.0.0,255.255.0.0,10.0.0.0,255.0.0.0,eq,https gl2,6,permit,10.0.0.0,255.255.0.0,1.1.1.1,255.255.255.255,eq,https gl2,6,permit,10.0.0.0,255.255.0.0,5.5.5.1,255.255.255.255,eq,https gl2,6,permit,10.0.0.0,255.255.0.0,5.5.15.0,255.255.255.0,eq,https gl2,7,permit,10.0.0.0,255.0.0.0,1.1.1.1,255.255.255.255,eq,https gl2,7,permit,10.0.0.0,255.0.0.0,5.5.5.1,255.255.255.255,eq,https gl2,7,permit,10.0.0.0,255.0.0.0,5.5.15.0,255.255.255.0,eq,https gl2,8,permit,0.0.0.0,0.0.0.0,10.0.0.0,255.255.255.0,eq,121 gl2,9,permit,10.0.0.0,255.0.0.0,0.0.0.0,0.0.0.0,eq,https gl2,10,permit,0.0.0.0,0.0.0.0,1.1.1.1,255.255.255.255,eq,https gl2,10,permit,0.0.0.0,0.0.0.0,5.5.5.1,255.255.255.255,eq,https gl2,10,permit,0.0.0.0,0.0.0.0,5.5.15.0,255.255.255.0,eq,https gl2,11,deny,0.0.0.0,0.0.0.0,0.0.0.0,0.0.0.0,eq,ip <\/code><\/pre>\n
\u0412 Cisco ASA \u043d\u0435\u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u0442\u044c \u043f\u043e\u0432\u0442\u043e\u0440\u044f\u044e\u0449\u0438\u0435\u0441\u044f \u0441\u0442\u0440\u043e\u043a\u0438 \u0432 \u0430\u043a\u0441\u0435\u0441 \u043b\u0438\u0441\u0442\u0435, \u043d\u043e \u043c\u043e\u0436\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u0442\u044c \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u043e \u043e\u0431\u044a\u0435\u043a\u0442\u043e\u0432 \u0441 \u043e\u0434\u043d\u0438\u043c \u0438 \u0442\u0435\u043c \u0436\u0435 IP-\u0430\u0434\u0440\u0435\u0441\u043e\u043c, \u0438<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[],"tags":[],"class_list":["post-430212","post","type-post","status-publish","format-standard","hentry"],"_links":{"self":[{"href":"https:\/\/savepearlharbor.com\/index.php?rest_route=\/wp\/v2\/posts\/430212","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/savepearlharbor.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/savepearlharbor.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/savepearlharbor.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/savepearlharbor.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=430212"}],"version-history":[{"count":0,"href":"https:\/\/savepearlharbor.com\/index.php?rest_route=\/wp\/v2\/posts\/430212\/revisions"}],"wp:attachment":[{"href":"https:\/\/savepearlharbor.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=430212"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/savepearlharbor.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=430212"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/savepearlharbor.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=430212"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}