Parsing config files with shell! 1

[jouell]

Hi All,

I am trying to write a shell script that does the following:

Looks through a configuration of a firewall (netscreen) that has the following general format:


Policy port sourceIP destinationIP direction etc. etc.
src IP address1
src IP address2
src IP address3
src IP address4
exit


I am trying to write a small script that will find a list of all the source IP addresses that are allowed explicitly by the firewall rule to the destination IP. The one odd thing about the configuration file is that the first source IP address that is allowed is on the same line as the destination, however all following source IP addresses are listed below that line. As you can see the rule is terminated by the exit command.

There are hundreds of configuration paragraphs, so I really just want to be able to pick one dst IP address and run a small script to extract that information, so a simple grep will not work.


I have a small shell script that does roughly the following:

while read line; do


if echo $line | cut -f 4 | grep "destinationIP" ; then


echo DST:dest IP


if echo $line | grep "src" ; then

echo SRC: src

if echo $line | grep "exit" ; then

exit

done


However that is not properly picking up the information.

Unfortunately I'm not in front of the actual computer with the config or script, but I can post the actual configuration file and the script that I do have if that's more helpful to make a concrete example.

Further I realize that Perl is probably the best tool for this, but I really want to do this in shell, partly for the sake of just doing it in shell.

Thank you for any help that you can give.
-jouell

 

[Annihilannic]

awk would be my weapon of choice:

#!/usr/bin/ksh

awk -v dest=[blue]$1[/blue] '
        [blue]$4[/blue] == dest { found=1; [b]print[/b] [red]"[/red][purple]DST:[/purple][red]"[/red],[blue]$4[/blue]; [b]print[/b] [red]"[/red][purple]SRC:[/purple][red]"[/red],[blue]$3[/blue]; [b]next[/b] }
        [green]/exit/[/green] { found=0 }
        found { [b]print[/b] [red]"[/red][purple]SRC:[/purple][red]"[/red],[blue]$0[/blue] }
' /someplace/netscreen-config-file

However you could implement the same algorithm like this:

#!/usr/bin/ksh

dest=$1
found=false
while read line
do
        set -- $line
        [[ "$4" = $dest ]] && {
                print "DST: $4\nSRC: $3"
                found=true
                continue
        }
        [[ "$1" = exit ]] && {
                found=false
        }
        $found && {
                print "SRC: $line"
        }
done </someplace/netscreen-config-file

Annihilannic.

 

[jouell]

Annihilannic

Outstanding! Thank you.

Here's the full final working script (modified to the real world), and output.

#!/usr/bin/ksh
 
#Given a Destination, return policy id, source ips for a netscreen fw
 
if [[ -z $1 ]]; then
 
        echo Usage: $0 IP file
        exit
fi
 
dest=$1
found=false
 
while read line
do
 
 
 
        CHECK=$(echo $line | grep -i policy | grep srvr  |  perl -ple 's/\s+/\t/g'  |  cut -f5-  |  grep -Eio "$dest")
 
        [[ "$CHECK" = $dest ]] && {
 
                ID=$(echo $line | perl -ple 's/\s+/\t/g'  |  cut -f4 |  grep -iEo  "[0-9]{1,9}")
                SRC1=$(echo $line | grep -iEo  "[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}"  | head -n 1)
                printf "Policy ID: $ID\n"
                printf "DST: $CHECK\nSRC:$SRC1\n"
                found=true
                continue
 
        }
 
 
        $found && {
 
                if echo $line | grep 'src-address' 2>&1 > /dev/null ; then
 
                        SRC=$(echo $line | grep 'src-address' |  grep -iEo  "[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}")
                        printf "SRC:$SRC\n"
 
                fi
 
 
                [[ "$line" = exit ]] && {
                        found=false
                        printf "Found exit for policy $ID\n\n"
                }
 
        }
 
done < file

and then

./ns_dst.sh 10.1.2.3  file
 
Policy ID: 123
DST: 10.1.2.3
SRC: 10.1.2.3.4
SRC: 10.1.2.3.5
SRC: 10.1.2.3.6
Found exit for policy 123
 
 
Policy ID: 125
DST: 10.1.2.3
SRC: 10.1.2.3.4
SRC: 10.1.2.3.5
SRC: 10.1.2.3.6
Found exit for policy 125