verify ip and port are in file

 
Thread Tools Search this Thread
Special Forums UNIX and Linux Applications Infrastructure Monitoring verify ip and port are in file
# 1  
Old 05-30-2010
verify ip and port are in file

Having some problems figuring out how to do this. I have a file that has a template config for my network routers and in this config is a list of my access lists. I need help finding a way to verify if a single ip or a range along with the port allowed is in the list. My biggest issue is the range portion, if someone wants to verify if ip block 10.164.98.0/24 for port snmp exists, it should not, because only 10.164.98.0 0.0.0.63 is in there.

Here is a sample of a portion of my config template. I have many more lists, but this sample shows a part of everything.
Code:
! 
ip access-list access 
seq 30 permit udp 20.141.192.64 0.0.0.15 any range 1645 1813 
seq 40 permit udp 10.164.62.0 0.0.0.255 any eq snmp 
seq 50 permit udp 10.37.184.0 0.0.0.255 any eq snmptrap 
seq 60 permit udp 10.155.183.32 0.0.0.15 any eq snmp 
seq 70 permit udp 192.16.187.64 0.0.0.63 any eq snmp 
seq 80 permit udp host 10.164.62.4 any eq tftp 
seq 90 permit udp host 10.94.156.17 any eq ntp 
seq 100 permit tcp host 172.16.104.14 any eq telnet 
seq 110 permit tcp host 10.36.167.122 any eq telnet  
seq 120 permit tcp 10.109.246.0 0.0.0.255 any eq telnet  
seq 130 permit tcp 10.214.68.0 0.0.3.255 any eq telnet 
seq 140 permit tcp 10.214.81.0 0.0.0.127 any eq telnet 
! 
ip access-list prep-in 
seq 10 permit tcp any host 10.158.80.10 eq www 
seq 20 permit tcp any host 10.158.80.10 eq 443 
seq 30 permit tcp any host 10.94.110.11 eq www 
seq 40 permit tcp any host 10.94.110.11 eq 443 
seq 50 permit tcp any host 10.150.104.201 eq www 
seq 60 permit tcp any 10.186.176.0 0.0.15.255 eq www 
seq 70 permit tcp any 10.193.112.192 0.0.0.15 eq www 
seq 80 permit tcp any 10.193.112.192 0.0.0.15 eq 443 
seq 90 permit ip any host 10.73.20.20 
seq 100 permit ip any host 10.155.117.176 
! 
ip access-list mail 
seq 30 permit tcp any 10.164.98.0 0.0.0.63 eq smtp 
seq 40 permit tcp any 10.163.168.176 0.0.0.15 eq smtp 
seq 50 permit tcp any 10.163.170.80 0.0.0.7 eq smtp 
seq 60 permit tcp any host 10.163.171.137 eq smtp 
seq 70 permit tcp any host 10.163.171.161 eq smtp


Last edited by numele; 05-30-2010 at 02:02 PM..
# 2  
Old 05-31-2010
The only solution I could think of was to extract all the ip's and ports in the access-list's and print every ip out in a file. Then I can search for whatever ip or block I wish.

If anyone has a suggestion, please let me know.
Code:
#!/bin/bash
### Script to search existing acl templates
### Grab the template and remove html coding
  TEMPLATE1=/export/htdocs/secure/Template.html
  cat  $TEMPLATE1 | nawk 'BEGIN {RS="!"}{ORS="!"}{if ($2 ~ /'access-list'/) print $0;}' |\ 
  sed 's/<br>//g' | egrep -v "any any|icmp any|ip any" > template
### The next two lines grab all acl lines which has an ip block not a single host
  nawk '{if ($6 ~ /'^[0-9][0-9]'/ && $7 ~ /'^[0-9]'/) print $6" "$7" "$9}' template > input_file
  nawk ' $5 ~ "^[0-9][0-9]" { print $5" "$6" "$9 }' template >> input_file
### The next line empties any previous entries in the output_file.txt
  cat /dev/null > output_file.txt
### The next section takes the input_file that has ip blocks and runs each block through
### ipcalc giving the starting and ending ip address. Then prints to the output_file.txt
### every ip associated with that block along with the port number allowed
 while read line
   do
      one=`echo $line | awk ' { print $1; } '` 
      two=`echo $line | awk ' { print $2; } '` 
      port=`echo $line | awk ' { print $3; } '`
      address=`ipcalc $one $two | egrep "Address" | awk '{ print $2 }' | cut -f 1 -d "/"`
      echo "$address"".""$port" > input_file1
      broadcast=`ipcalc $one $two | egrep "Broadcast" | awk '{ print $2 }' | cut -f 1 -d "/"`
      echo "$broadcast"".""$port" >> input_file1
      awk -F"." '{ if(NR==1){ for(i=$4;i<=254;i++) print $1"."$2"."$3"."i" "$5 >> "output_file.txt" } else \
      { for(i=1;i<=$4;i++) print $1"."$2"."$3"."i" "$5 >> "output_file.txt" }} ' input_file1
    done  < input_file
### The next section takes the single host ips listed in the acl template and adds them to the output_file.txt
nawk '{if ($1 ~ /'seq'/ && $5 ~ /'host'/) print $6" "$9;}' template >> output_file.txt
nawk '{if ($1 ~ /'seq'/ && $6 ~ /'host'/) print $7"."$9;}' template >> output_file.txt
sort -on output_file.txt output_file.txt

Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. Solaris

How to find port number wwn of particular port on dual port HBA,?

please find the below o/p for your reference bash-3.00# fcinfo hba-port HBA Port WWN: 21000024ff295a34 OS Device Name: /dev/cfg/c2 Manufacturer: QLogic Corp. Model: 375-3356-02 Firmware Version: 05.03.02 FCode/BIOS Version: BIOS: 2.02; fcode: 2.01;... (3 Replies)
Discussion started by: sb200
3 Replies

2. Shell Programming and Scripting

Verify the null filed of the text file

Here is my sample data Test.txt column 1|columne 2|columne 3|columne 4 test|test||test test|test|test| test||test|test test|test|test|test |test|test|test In that example having NULL value of the row 2-column 3,row 3-column 4,row 4 - column 2,row 6- column 1 How i can validate... (5 Replies)
Discussion started by: krish2014
5 Replies

3. Shell Programming and Scripting

Verify the header and trailer in file

please see my requirement, I hope I am clear. (9 Replies)
Discussion started by: mirwasim
9 Replies

4. Shell Programming and Scripting

Perl verify if numbers in a column of a file are in sequence

I am just a newbie to perl scripting. I need help with listing of hexadecimal numbers in a column as follows. INPUT FIle: 08AF ship steel 08B0 ship steel 08B1 ship steel 08B2 flight docs 08B3 flight docs 08B4 flight docs 08B5 flight docs 08B6 flight decl ... (3 Replies)
Discussion started by: dynamax
3 Replies

5. Shell Programming and Scripting

Verify File exists and execute command

Hi, I am trying to verify that a file exists within an alternate directory. If the file exists, it will execute a copy command...if it does not, it should exit the script. I tried the <test> command and the but keep coming up with syntax errors. I am coding in C Shell and the file... (5 Replies)
Discussion started by: CKT_newbie88
5 Replies

6. UNIX for Advanced & Expert Users

Verify file was sftp'd via bash script

Hello Experts, I have a script that that transfers a file (via sftp) and it works fine but we ran into a snag where the target server asked for the ssh key and the script didn't know what to do. I want to add some logic to this script that at least sends an email that it didn't complete as... (4 Replies)
Discussion started by: Tiberius777
4 Replies

7. UNIX for Dummies Questions & Answers

Verify a flat file with UNIX function or script.

I re-post my question to seek your help and critique. I was required to verify a very large and tab-delimited file, named 'MyFile'. 1. The each line in 'MyFile' has 7 columns, and that the values in the 5th column are integers. I need to use shell functions (and standard LINUX/UNIX filters) to... (1 Reply)
Discussion started by: duke0001
1 Replies

8. UNIX for Dummies Questions & Answers

Verify the data type in a file with UNIX function

I am seeking help on this UNIX function, please help. Thanks in advance. I have a large file, named as 'MyFile'. It was tab-delmited, I am told that each record in column 1 is unique. How would I verify this with UNIX function or command? (1 Reply)
Discussion started by: duke0001
1 Replies

9. Shell Programming and Scripting

Verify large file with Unix function

I am seeking help on one UNIX function writting. Please help. I have a large file, named 'MyFile', It was tab-delmited. I am told that each line in 'MyFile' has 7 columns, and that the values in the 5th column are integers. How do I use shell functions (and standard LINUX/UNIX filters) to verify... (1 Reply)
Discussion started by: duke0001
1 Replies

10. UNIX for Dummies Questions & Answers

How to verify weather it is a ebcdic file or not

Hi all, Please tell me how to verify weather it is a ebcdic file or not . I checked with file commond but it is giving like International Language text. Regards, Chaitu (0 Replies)
Discussion started by: c_chaitanya
0 Replies
Login or Register to Ask a Question