ACL Parser Update
The ACL parser tool is intended to format ACL’s from may different devices into a common format for security professionals and network professionals to easily review the data. So during the initial development, I started with Cisco ACL’s and began moving into Fortinet. As I am nearing the end of the Fortinet, I realized I am doing the reformatting wrong. What I am doing wrong is the normalization process. So this latest release parse_acl_v0.01.a4.pl will be the last version using the current model. I am restructuring the script to format the data into a common format, that can be easily imported into a database such as “OSSAMS” or MS Excel and etc.
So what does this really mean, well the current code for the most part is not dead or I am declaring it dead, and I starting over. I will still use many of the regex and other test conditions in the current code, but the restructuring or normalizing of the data will be radically different. As I am just starting the new code today I can’t tell you what those changes will be, except for the changes will be easier to follow and I will create data models and documentation as I go.
So attached to this blog post is the final version of of the v0.1 train of code. I would like to make a special shot out to toni ‘at’ cunyat.net for giving me a patch to fix a few lines of code he found an issue with. I have incorporated these lines into this version.
parse_acl_v0.01.a4.pl
Hi,
I’ve been testing your code and is very very useful. I have to parse long FWSM configs and this is helping me a lot. However, I get the ERROR 4405 with some configs. I have tried removing some object-groups and sometimes it works and sometimes it doesn’t. I didn’t take the time yet to analyze the code to be honest, but if I can help you in some way, please tell me.
Also, you finally published a newer version of this? or Alpha 4 is still the last one?
Regards,
Javier
As a quick update, I did the following:
I added a print “$line\n”; just before the ERROR 4405 line in your script and it stops, in a line “eq rsh”. The object-group looked like this:
object-group service HARVEST_PORTS_TCP tcp
port-object eq 5101
port-object range 50000 50500
port-object eq rsh
After I removed the “port-object eq rsh” it worked like a charm.
HTH
Javier.
Hi ! (a answer one year later … xD But I just see your ‘amazing’ script :),
You don’t need to delete the line ! For “rsh”, just add (rsh) on the $tcp_udp_pro_regex_name; Ex . :
our $tcp_udp_pro_regex_name = ‘(rsh)|(aol)|(bgp)|(biff)|(bootpc)|(bootps)|(chargen)|(citrix.ica)|(cmd)|(ctiqbe)|(cifs)|(daytime)|(discard)|(domain)|(dnsix)|(exec)|(finger)|(ftp.data)|(ftp)|(gopher)|(https)|(h323)|(hostname)|(ident)|(imap4)|(irc)|(isakmp)|(kerberos)|(klogin)|(kshell)|(ldaps)|(ldap)|(lpd)|(login)|(lotusnotes)|(mobile.ip)|(nameserver)|(netbios.ns)|(netbios.dgm)|(netbios.ssn)|(nntp)|(ntp)|(pcanywhere.status)|(pcanywhere.data)|(pim.auto.rp)|(pop2)|(pop3)|(pptp)|(radius)|(radius.acct)|(rip)|(rtsp)|(secureid.udp)|(smtp)|(snmp)|(snmptrap)|(sqlnet)|(sip)|(ssh)|(sunrpc)|(syslog)|(tacacs)|(talk)|(telnet)|(tftp)|(time)|(uucp)|(who)|(whois)|(www)|(xdmcp)’;
Some issue with FWSM & objects … but very useful tool š
Thank you !
I am working on a totally new version of the script that does a lot more. I can’t give you a date yet, but soon.
@Cody
Hiya
Love your work.
Got a new version of parse_acl in the works? Trying to parse the config of a leter version of ASA. If new version imminent, I may wait before hacking the one I got.
Thank You!
I have a new version in the works, but I am not sure when it will be released.
hello Cody,
I am new to perl so forgive me if my question is too simplistic:
i want to know where i can find the output file after i run the script please
Kindly ask to share latest version of Cisco ACL parser
I have not updated the code in a loooong time…