Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: verify ip and port are in file
Special Forums UNIX and Linux Applications Infrastructure Monitoring verify ip and port are in file Post 302425808 by numele on Sunday 30th of May 2010 11:50:59 AM
Old 05-30-2010
verify ip and port are in file
Having some problems figuring out how to do this. I have a file that has a template config for my network routers and in this config is a list of my access lists. I need help finding a way to verify if a single ip or a range along with the port allowed is in the list. My biggest issue is the range portion, if someone wants to verify if ip block 10.164.98.0/24 for port snmp exists, it should not, because only 10.164.98.0 0.0.0.63 is in there.

Here is a sample of a portion of my config template. I have many more lists, but this sample shows a part of everything.
Code:
! 
ip access-list access 
seq 30 permit udp 20.141.192.64 0.0.0.15 any range 1645 1813 
seq 40 permit udp 10.164.62.0 0.0.0.255 any eq snmp 
seq 50 permit udp 10.37.184.0 0.0.0.255 any eq snmptrap 
seq 60 permit udp 10.155.183.32 0.0.0.15 any eq snmp 
seq 70 permit udp 192.16.187.64 0.0.0.63 any eq snmp 
seq 80 permit udp host 10.164.62.4 any eq tftp 
seq 90 permit udp host 10.94.156.17 any eq ntp 
seq 100 permit tcp host 172.16.104.14 any eq telnet 
seq 110 permit tcp host 10.36.167.122 any eq telnet  
seq 120 permit tcp 10.109.246.0 0.0.0.255 any eq telnet  
seq 130 permit tcp 10.214.68.0 0.0.3.255 any eq telnet 
seq 140 permit tcp 10.214.81.0 0.0.0.127 any eq telnet 
! 
ip access-list prep-in 
seq 10 permit tcp any host 10.158.80.10 eq www 
seq 20 permit tcp any host 10.158.80.10 eq 443 
seq 30 permit tcp any host 10.94.110.11 eq www 
seq 40 permit tcp any host 10.94.110.11 eq 443 
seq 50 permit tcp any host 10.150.104.201 eq www 
seq 60 permit tcp any 10.186.176.0 0.0.15.255 eq www 
seq 70 permit tcp any 10.193.112.192 0.0.0.15 eq www 
seq 80 permit tcp any 10.193.112.192 0.0.0.15 eq 443 
seq 90 permit ip any host 10.73.20.20 
seq 100 permit ip any host 10.155.117.176 
! 
ip access-list mail 
seq 30 permit tcp any 10.164.98.0 0.0.0.63 eq smtp 
seq 40 permit tcp any 10.163.168.176 0.0.0.15 eq smtp 
seq 50 permit tcp any 10.163.170.80 0.0.0.7 eq smtp 
seq 60 permit tcp any host 10.163.171.137 eq smtp 
seq 70 permit tcp any host 10.163.171.161 eq smtp

Last edited by numele; 05-30-2010 at 02:02 PM..
 

10 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

How to verify weather it is a ebcdic file or not

Hi all, Please tell me how to verify weather it is a ebcdic file or not . I checked with file commond but it is giving like International Language text. Regards, Chaitu (0 Replies)
Discussion started by: c_chaitanya
0 Replies

2. Shell Programming and Scripting

Verify large file with Unix function

I am seeking help on one UNIX function writting. Please help. I have a large file, named 'MyFile', It was tab-delmited. I am told that each line in 'MyFile' has 7 columns, and that the values in the 5th column are integers. How do I use shell functions (and standard LINUX/UNIX filters) to verify... (1 Reply)
Discussion started by: duke0001
1 Replies

3. UNIX for Dummies Questions & Answers

Verify the data type in a file with UNIX function

I am seeking help on this UNIX function, please help. Thanks in advance. I have a large file, named as 'MyFile'. It was tab-delmited, I am told that each record in column 1 is unique. How would I verify this with UNIX function or command? (1 Reply)
Discussion started by: duke0001
1 Replies

4. UNIX for Dummies Questions & Answers

Verify a flat file with UNIX function or script.

I re-post my question to seek your help and critique. I was required to verify a very large and tab-delimited file, named 'MyFile'. 1. The each line in 'MyFile' has 7 columns, and that the values in the 5th column are integers. I need to use shell functions (and standard LINUX/UNIX filters) to... (1 Reply)
Discussion started by: duke0001
1 Replies

5. UNIX for Advanced & Expert Users

Verify file was sftp'd via bash script

Hello Experts, I have a script that that transfers a file (via sftp) and it works fine but we ran into a snag where the target server asked for the ssh key and the script didn't know what to do. I want to add some logic to this script that at least sends an email that it didn't complete as... (4 Replies)
Discussion started by: Tiberius777
4 Replies

6. Shell Programming and Scripting

Verify File exists and execute command

Hi, I am trying to verify that a file exists within an alternate directory. If the file exists, it will execute a copy command...if it does not, it should exit the script. I tried the <test> command and the but keep coming up with syntax errors. I am coding in C Shell and the file... (5 Replies)
Discussion started by: CKT_newbie88
5 Replies

7. Shell Programming and Scripting

Perl verify if numbers in a column of a file are in sequence

I am just a newbie to perl scripting. I need help with listing of hexadecimal numbers in a column as follows. INPUT FIle: 08AF ship steel 08B0 ship steel 08B1 ship steel 08B2 flight docs 08B3 flight docs 08B4 flight docs 08B5 flight docs 08B6 flight decl ... (3 Replies)
Discussion started by: dynamax
3 Replies

8. Shell Programming and Scripting

Verify the header and trailer in file

please see my requirement, I hope I am clear. (9 Replies)
Discussion started by: mirwasim
9 Replies

9. Shell Programming and Scripting

Verify the null filed of the text file

Here is my sample data Test.txt column 1|columne 2|columne 3|columne 4 test|test||test test|test|test| test||test|test test|test|test|test |test|test|test In that example having NULL value of the row 2-column 3,row 3-column 4,row 4 - column 2,row 6- column 1 How i can validate... (5 Replies)
Discussion started by: krish2014
5 Replies

10. Solaris

How to find port number wwn of particular port on dual port HBA,?

please find the below o/p for your reference bash-3.00# fcinfo hba-port HBA Port WWN: 21000024ff295a34 OS Device Name: /dev/cfg/c2 Manufacturer: QLogic Corp. Model: 375-3356-02 Firmware Version: 05.03.02 FCode/BIOS Version: BIOS: 2.02; fcode: 2.01;... (3 Replies)
Discussion started by: sb200
3 Replies

LEARN ABOUT DEBIAN

rapolicy

RAPOLICY(1)						      General Commands Manual						       RAPOLICY(1)

NAME

       rapolicy - compare a argus(8) data file/stream against a Cisco Access Control List.

COPYRIGHT

       Copyright (c) 2000-2003 QoSient. All rights reserved.

SYNOPSIS

       rapolicy -r argus-file [ra options]

DESCRIPTION

       Rapolicy reads argus data from an argus-file list, and tests the argus data stream  against a Cisco access control list configuration file,
       printing out records that represent activity that would violate the policy.  Rapolicy can be used to indicate access control violations, as
       well as test new access control definitions prior to installing them in a router.

OPTIONS

       Rapolicy, like all ra based clients, supports a large number of options.  Options that have specific meaning to rapolicy are:

	  -f <Cisco ACL file> Print records that violate the policy.
	  -D 0 (default)      Print records that violate the policy.
	  -D 1		      Print records and the violated ruleset.
	  -D 2		      Print all records and the ruleset that matched.

       See ra(1) for a complete description of ra options.

EXAMPLE INVOCATION

       rapolicy -r argus.file

CISCO ACL SYNTAX

       There  does  not  seem to be authoritative Cisco-ACL-Documentation, nor ACL syntax standardization.  Because Cisco has been know to improve
       its ACL rules syntax, rapolicy is known to work with Cisco ACL router defintions up to July, 2002.

       A Cisco ACL configuration file consists of a collection of any number of ACL statements, each on a separte line.   The  syntax  of  an  ACL
       statement is:

	  ACL	     = "access-list" ID ACTION PROTOCOL SRC DST NOTIFICATION

	  ID	     = Number
	  ACTION     = permit | deny
	  PROTO      = protocol name | protocol number

	  SRC | DST  = ADDRESS [PORTMATCH]

	  ADDRESS    = any | host HOSTADDR | HOSTADDR HOSTMASK
	  HOSTADDR   = ipV4 address
	  HOSTMASK   = matching-mask

	  PORTMATCH  = PORTOP PORTNUM | range PORTRANGE
	  PORTOP     = eq | lt | gt | neq | established

	  PORTRANGE  =	PORTNUM PORTNUM
	  PORTNUM    =	TCP or UDP port value (unsigned decimal from 0 to 65535)

EXAMPLE CONFIGURATION

       This  example  Cisco Access Control List configuration is provided as an example only.  No effort has been made to verify that this example
       Access Control List enforces a useful access control policy of any kind.

       #allow www-traffic to webserver
       access-list 102 permit tcp any 193.174.13.99 0.0.0.0 eq 80

       #allow ftp control connection to server
       access-list 102 permit tcp any 193.174.13.99 0.0.0.0 eq 21

       #allow normal ftp
       access-list 102 permit tcp any 193.174.13.99 0.0.0.0 eq 20

       #allow ftp passive conncetions in portrange 10000 to 10500
       access-list 102 permit tcp any host 193.174.13.99 range 10000 10500

       #dummy example
       access-list 102 permit tcp host 193.174.13.1 eq 12345 host 193.174.13.2 range 12345 23456

       #deny the rest
       access-list 102 deny tcp any any

       #same thing in other words:
       access-list 102 deny tcp 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255

AUTHORS

       Carter Bullard (carter@qosient.com).
       Olaf Gellert (gellert@pca.dfn.de).

SEE ALSO

       ra(1), rarc(5), argus(8)

								   22 July 2002 						       RAPOLICY(1)
All times are GMT -4. The time now is 11:08 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy