编号 | 名称 | 是否启用 | 源安全区 | 源地址对象 | 用户 | 目的安全区 | 目的地址对象 | 动作 | 服务 | 安全模板 |
---|---|---|---|---|---|---|---|---|---|---|
根据表格信息,使用python脚本快速转换成topsec命令
import pandas as pd
import re
#将表格数据转换为topsec配置命令,批量导入
def get_value(value_xls):
# 读取表格数据
df = pd.read_excel(value_xls)
# for index, row in df.iterrows():
# value = row['名称']
# match = re.search(r'.+', str(value))
# if match:
# print(match.group())
#获取名称列数据
with open(r'name.txt', 'w', encoding='utf-8') as f_name:
for index, row in df.iterrows():
value = row['名称']
match = re.search(r'.+', str(value))
if match:
f_name.write(match.group() + '\n')
# for index, row in df.iterrows():
# value = row['是否启用']
# match = re.search(r'.+', str(value))
# if match:
# print(match.group())
#获取是否启用列数据
with open(r'enable.txt', 'w', encoding='utf-8') as f_enable:
for index, row in df.iterrows():
value = row['是否启用']
match = re.search(r'.+', str(value))
if match:
f_enable.write(match.group() + '\n')
# for index, row in df.iterrows():
# value = row['源地址对象']
# match = re.search(r'.+', str(value))
# if match:
# print(match.group())
#获取源地址列数据
with open(r'source.txt', 'w', encoding='utf-8') as f_source:
for index, row in df.iterrows():
value = row['源地址对象']
match = re.search(r'.+', str(value))
if match:
f_source.write(match.group() + '\n')
# for index, row in df.iterrows():
# value = row['目的地址对象']
# match = re.search(r'.+', str(value))
# if match:
# print(match.group())
#获取目的地址列数据
with open(r'destination.txt', 'w', encoding='utf-8') as f_destination:
for index, row in df.iterrows():
value = row['目的地址对象']
match = re.search(r'.+', str(value))
if match:
f_destination.write(match.group() + '\n')
# for index, row in df.iterrows():
# value = row['动作']
# match = re.search(r'.+', str(value))
# if match:
# print(match.group())
#获取动作列数据
with open(r'action.txt', 'w', encoding='utf-8') as f_action:
for index, row in df.iterrows():
value = row['动作']
match = re.search(r'.+', str(value))
if match:
f_action.write(match.group() + '\n')
# for index, row in df.iterrows():
# value = row['服务']
# match = re.search(r'.+', str(value))
# if match:
# print(match.group())
#获取服务列数据
with open(r'service.txt', 'w', encoding='utf-8') as f_service:
for index, row in df.iterrows():
value = row['服务']
match = re.search(r'.+', str(value))
if match:
f_service.write(match.group() + '\n')
#源地址数据整理,如子网,主机,主机范围
def define_source(source):
source_list = []
source_list2 = []
source_list3 = []
with open(source, 'r', encoding='utf-8') as f_source:
for line in f_source.readlines():
text1 = line.replace('\n', ' ')
source_list.append(text1)
for i in source_list:
parts = i.split(' ')
for j in parts:
if j != '':
source_list2.append(j)
source_list3 = list(set(source_list2))
print(source_list3)
with open(r'source_host_policy.txt', 'a', encoding='utf-8') as f_host:
for k in source_list3:
if re.match(r'\d+.\d+.\d+.\d+-\d+', k):
first_part1 = re.match(r'(\d+.\d+.\d+.\d+)-\d+', k)
k_pre = re.match(r'(\d+.\d+.\d+.)\d+-\d+', k)
second_part1 = k.split('-')[1]
f_host.writelines(f'define range add name ' + k + ' ip1 ' + '\'' + first_part1.group(1) + '\'' + ' ip2 ' + '\'' + k_pre.group(1) + second_part1 + '\'')
f_host.write('\n')
elif re.match(r'\d+.\d+.\d+.\d+/\d+', k):
first_part2 = re.match(r'(\d+.\d+.\d+.\d+/\d+)', k)
f_host.writelines(f'define subnet add name ' + k + ' ipaddr ' + first_part2.group(1))
f_host.write('\n')
else:
f_host.writelines(f'define host add name ' + k + ' ipaddr ' + k)
f_host.write('\n')
#目的地址数据整理,如子网,主机,主机范围
def define_destination(destination):
destination_list = []
destination_list2 = []
destination_list3 = []
with open(destination, 'r', encoding='utf-8') as f_source:
for line in f_source.readlines():
text1 = line.replace('\n', ' ')
destination_list.append(text1)
for i in destination_list:
parts = i.split(' ')
for j in parts:
if j != '':
destination_list2.append(j)
destination_list3 = list(set(destination_list2))
print(destination_list3)
with open(r'destination_host_policy.txt', 'a', encoding='utf-8') as f_host:
for k in destination_list3:
if re.match(r'\d+.\d+.\d+.\d+-\d+', k):
first_part1 = re.match(r'(\d+.\d+.\d+.\d+)-\d+', k)
k_pre = re.match(r'(\d+.\d+.\d+.)\d+-\d+', k)
second_part1 = k.split('-')[1]
f_host.writelines(f'define range add name ' + k + ' ip1 ' + '\'' + first_part1.group(
1) + '\'' + ' ip2 ' + '\'' + k_pre.group(1) + second_part1 + '\'')
f_host.write('\n')
elif re.match(r'\d+.\d+.\d+.\d+/\d+', k):
first_part2 = re.match(r'(\d+.\d+.\d+.\d+/\d+)', k)
f_host.writelines(f'define subnet add name ' + k + ' ipaddr ' + first_part2.group(1))
f_host.write('\n')
else:
f_host.writelines(f'define host add name ' + k + ' ipaddr ' + k)
f_host.write('\n')
#自定义服务数据整理,如端口
def define_service(service):
service_list = []
service_list2 = []
service_list3 = []
with open(service, 'r', encoding='utf-8') as f_service:
for line in f_service.readlines():
text1 = line.replace('\n', ' ')
service_list.append(text1)
# print(service_list)
for i in service_list:
parts = i.split(' ')
for j in parts:
if j != '':
service_list2.append(j)
service_list3 = list(set(service_list2))
print(service_list3)
with open(r'service_policy.txt', 'a', encoding='utf-8') as f_host:
for k in service_list3:
if re.match(r'tcp\d+-\d+', k) or re.match(r'TCP\d+-\d+', k):
first_part1 = re.match(r'\D+(\d+)-\d+', k)
second_part1 = k.split('-')[1]
f_host.writelines(f'define service add name ' + k + ' protocol ' + '6' + ' ports ' + '\'' + first_part1.group(
1) + '-' + second_part1 + '\'')
f_host.write('\n')
elif re.match(r'udp\d+-\d+', k):
first_part2 = re.match(r'\D+(\d+)-\d+', k)
second_part2 = k.split('-')[1]
f_host.writelines(
f'define service add name ' + k + ' protocol ' + '17' + ' ports ' + '\'' + first_part2.group(
1) + '-' + second_part2 + '\'')
f_host.write('\n')
elif re.match(r'tcp\d+(?!-\d+)', k):
first_part3 = re.match(r'\D+(\d+)', k)
f_host.writelines(f'define service add name ' + k + ' protocol ' + '6' + ' ports ' + '\'' + first_part3.group(
1) + '\'')
f_host.write('\n')
elif re.match(r'udp\d+(?!-\d+)', k):
first_part4 = re.match(r'\D+(\d+)', k)
f_host.writelines(f'define service add name ' + k + ' protocol ' + '17' + ' ports ' + '\'' + first_part4.group(
1) + '\'')
f_host.write('\n')
else:
f_host.writelines(f'define service add name ' + k + ' protocol ' + '6' + ' ports ' + '\'' + k + '\'')
f_host.write('\n')
#安全策略数据整理
def firewall_policy(source, destination, service, action, enable, name):
source_list = []
destination_list = []
service_list = []
action_list = []
enable_list = []
name_list = []
with open(source, 'r', encoding='utf-8') as f_source:
for line1 in f_source.readlines():
text1 = line1.replace('\n', '')
source_list.append(text1)
with open(destination, 'r', encoding='utf-8') as f_destination:
for line2 in f_destination.readlines():
text2 = line2.replace('\n', '')
destination_list.append(text2)
with open(service, 'r', encoding='utf-8') as f_service:
for line3 in f_service.readlines():
text3 = line3.replace('\n', '')
service_list.append(text3)
with open(action, 'r', encoding='utf-8') as f_action:
for line4 in f_action.readlines():
text4 = line4.replace('\n', '')
action_list.append(text4)
with open(enable, 'r', encoding='utf-8') as f_enable:
for line5 in f_enable.readlines():
text5 = line5.replace('\n', '')
enable_list.append(text5)
print(enable_list)
with open(name, 'r', encoding='utf-8') as f_name:
for line6 in f_name.readlines():
text6 = line6.replace('\n', '')
name_list.append(text6)
with open(r'firewall_policy.txt', 'a', encoding='utf-8') as f_policy:
for name_n, src, dst, act, ena, svc in zip(name_list, source_list, destination_list, action_list, enable_list, service_list):
f_policy.writelines(f'firewall policy add name ' + name_n + ' ' + ena + ' yes action ' + act + ' src ' + '\'' + src + '\'' + ' dst ' + '\'' + dst + '\'' +' log on service ' + '\'' + svc +'\'')
f_policy.write('\n')
if __name__ == '__main__':
# get_value(r'安全策略-绿盟-大数据局.xlsx')
# define_source(r'source.txt')
# define_destination(r'destination.txt')
# define_service(r'service.txt')
# firewall_policy(r'source.txt', r'destination.txt', r'service.txt', r'action.txt', r'enable.txt', r'name.txt')
#字段替换
with open(r'firewall_policy.txt', 'r', encoding='utf-8') as f_policy:
content = f_policy.read()
replace_dict = {
"启用": "enable",
"禁用": "disable",
"放行": "accept",
"阻断": "deny",
"service \' any\'": ""
}
for old_value, new_value in replace_dict.items():
content = re.sub(old_value, new_value, content)
# 将替换后的内容写回文件
with open(r'firewall_policy.replace', "w", encoding="utf-8") as file:
file.write(content)
--------------------------------------------------分割线--------------------------------------------------------------------
import pandas as pd
import re
def get_value(value_xls):
# 读取表格数据
df = pd.read_excel(value_xls)
# with open(r'name.txt', 'w', encoding='utf-8') as f_name:
# for index, row in df.iterrows():
# value = row['名称']
# match = re.search(r'.+', str(value))
# if match:
# f_name.write(match.group() + '\n')
#
# with open(r'enable.txt', 'w', encoding='utf-8') as f_enable:
# for index, row in df.iterrows():
# value = row['是否启用']
# match = re.search(r'.+', str(value))
# if match:
# f_enable.write(match.group() + '\n')
#
# with open(r'source.txt', 'w', encoding='utf-8') as f_source:
# for index, row in df.iterrows():
# value = row['源地址对象']
# match = re.search(r'.+', str(value))
# if match:
# f_source.write(match.group() + '\n')
#
# with open(r'destination.txt', 'w', encoding='utf-8') as f_destination:
# for index, row in df.iterrows():
# value = row['目的地址对象']
# match = re.search(r'.+', str(value))
# if match:
# f_destination.write(match.group() + '\n')
#
# with open(r'action.txt', 'w', encoding='utf-8') as f_action:
# for index, row in df.iterrows():
# value = row['动作']
# match = re.search(r'.+', str(value))
# if match:
# f_action.write(match.group() + '\n')
#
# with open(r'service.txt', 'w', encoding='utf-8') as f_service:
# for index, row in df.iterrows():
# value = row['服务']
# match = re.search(r'.+', str(value))
# if match:
# f_service.write(match.group() + '\n')
# with open(r'ip.txt', 'w', encoding='utf-8') as f_ip:
# for index, row in df.iterrows():
# value = row['子网']
# match = re.search(r'.+', str(value))
# if match:
# f_ip.write(match.group() + '\n')
#
# with open(r'ip_name.txt', 'w', encoding='utf-8') as f_ip:
# for index, row in df.iterrows():
# value = row['名称']
# match = re.search(r'.+', str(value))
# if match:
# f_ip.write(match.group() + '\n')
#
with open(r'ip_range.txt', 'w', encoding='utf-8') as f_ip:
for index, row in df.iterrows():
value = row['IP']
match = re.search(r'.+', str(value))
if match:
f_ip.write(match.group() + '\n')
with open(r'ip_range__name.txt', 'w', encoding='utf-8') as f_ip:
for index, row in df.iterrows():
value = row['名称']
match = re.search(r'.+', str(value))
if match:
f_ip.write(match.group() + '\n')
def define_ip(source1, source2):
source_list = []
source_list2 = []
source_list_name = []
with open(source1, 'r', encoding='utf-8') as f_source, open(source2, 'r', encoding='utf-8') as f_name:
for line, line2 in zip(f_source.readlines(), f_name.readlines()):
text1 = line.replace('\n', ' ')
text2 = line2.replace('\n', ' ')
source_list.append(text1)
source_list_name.append(text2)
for i, n in zip(source_list, source_list_name):
parts = i.split(' ')
parts2 = n.split(' ')
for j, h in zip(parts, parts2):
if j != '':
source_list2.append(j)
if h != '':
source_list_name.append(h)
source_list3 = list(set(source_list2))
source_list3_name = list(set(source_list_name))
# print(source_list3)
with open(r'ip_host_policy.txt', 'a', encoding='utf-8') as f_host:
for k, f in zip(source_list3, source_list3_name):
if re.match(r'\d+.\d+.\d+.\d+-\d+', k):
first_part1 = re.match(r'(\d+.\d+.\d+.\d+)-\d+', k)
k_pre = re.match(r'(\d+.\d+.\d+.)\d+-\d+', k)
second_part1 = k.split('-')[1]
f_host.writelines(f'define range add name ' + f + ' ip1 ' + '\'' + first_part1.group(
1) + '\'' + ' ip2 ' + '\'' + k_pre.group(1) + second_part1 + '\'')
f_host.write('\n')
elif re.match(r'\d+.\d+.\d+.\d+/\d+', k) and not re.match(r'\d+.\d+.\d+.\d+/32', k):
first_part2 = re.match(r'(\d+.\d+.\d+.\d+/\d+)', k)
f_host.writelines(f'define subnet add name ' + f + ' ipaddr ' + first_part2.group(1))
f_host.write('\n')
elif re.match(r'\d+.\d+.\d+.\d+/32', k):
first_part3 = re.match(r'(\d+.\d+.\d+.\d+)/32', k)
f_host.writelines(f'define host add name ' + f + ' ipaddr ' + first_part3.group(1))
f_host.write('\n')
else:
with open(r'ip_host_lost.txt', 'a', encoding='utf-8') as f_lost:
f_lost.writelines(f'define host add name ' + f + ' ipaddr ' + k)
f_lost.write('\n')
#IP地址资源整理
def define_ip_range(source1, source2):
source_list = []
source_list2 = []
source_list_name = []
with open(source1, 'r', encoding='utf-8') as f_source, open(source2, 'r', encoding='utf-8') as f_name:
for line, line2 in zip(f_source.readlines(), f_name.readlines()):
text1 = line.replace('\n', ' ')
text2 = line2.replace('\n', ' ')
source_list.append(text1)
source_list_name.append(text2)
for i, p in zip(source_list, source_list_name):
parts = i.split(' ')
parts2 = p.split(' ')
for j, f in zip(parts, parts2):
if j != '':
source_list2.append(j)
if f != '':
source_list_name.append(f)
source_list3 = list(set(source_list2))
source_list3_name = list(set(source_list_name))
# print(source_list3)
with open(r'ip_range_policy.txt', 'a', encoding='utf-8') as f_host:
for k, y in zip(source_list3, source_list3_name):
if re.match(r'\d+.\d+.\d+.\d+-\d+.\d+.\d+.\d+', k):
first_part4 = re.match(r'(\d+.\d+.\d+.\d+)-\d+.\d+.\d+.\d+', k)
k_after = re.match(r'\d+.\d+.\d+.\d+-\d+.\d+.\d+.(\d+)', k)
second_part4 = re.match(r'\d+.\d+.\d+.\d+-(\d+.\d+.\d+.\d+)', k)
f_host.writelines(f'define range add name ' + y + ' ip1 ' + '\'' + first_part4.group(
1) + '\'' + ' ip2 ' + '\'' + second_part4.group(1) + '\'')
f_host.write('\n')
else:
with open(r'ip_range_lost.txt', 'a', encoding='utf-8') as f_lost:
f_lost.writelines(f'define host add name ' + y + ' ipaddr ' + k)
f_lost.write('\n')
# 源地址数据整理,如子网,主机,主机范围
def define_source(source):
source_list = []
source_list2 = []
with open(source, 'r', encoding='utf-8') as f_source:
for line in f_source.readlines():
text1 = line.replace('\n', ' ')
source_list.append(text1)
for i in source_list:
parts = i.split(' ')
for j in parts:
if j != '':
source_list2.append(j)
source_list3 = list(set(source_list2))
# print(source_list3)
with open(r'source_host_policy.txt', 'a', encoding='utf-8') as f_host:
for k in source_list3:
if re.match(r'\d+.\d+.\d+.\d+-\d+', k):
first_part1 = re.match(r'(\d+.\d+.\d+.\d+)-\d+', k)
k_pre = re.match(r'(\d+.\d+.\d+.)\d+-\d+', k)
second_part1 = k.split('-')[1]
f_host.writelines(f'define range add name ' + k + ' ip1 ' + '\'' + first_part1.group(
1) + '\'' + ' ip2 ' + '\'' + k_pre.group(1) + second_part1 + '\'')
f_host.write('\n')
elif re.match(r'\d+.\d+.\d+.\d+/\d+', k):
first_part2 = re.match(r'(\d+.\d+.\d+.\d+/\d+)', k)
f_host.writelines(f'define subnet add name ' + k + ' ipaddr ' + first_part2.group(1))
f_host.write('\n')
else:
f_host.writelines(f'define host add name ' + k + ' ipaddr ' + k)
f_host.write('\n')
# 目的地址数据整理,如子网,主机,主机范围
def define_destination(destination):
destination_list = []
destination_list2 = []
with open(destination, 'r', encoding='utf-8') as f_source:
for line in f_source.readlines():
text1 = line.replace('\n', ' ')
destination_list.append(text1)
for i in destination_list:
parts = i.split(' ')
for j in parts:
if j != '':
destination_list2.append(j)
destination_list3 = list(set(destination_list2))
print(destination_list3)
with open(r'destination_host_policy.txt', 'a', encoding='utf-8') as f_host:
for k in destination_list3:
if re.match(r'\d+.\d+.\d+.\d+-\d+', k):
first_part1 = re.match(r'(\d+.\d+.\d+.\d+)-\d+', k)
k_pre = re.match(r'(\d+.\d+.\d+.)\d+-\d+', k)
second_part1 = k.split('-')[1]
f_host.writelines(f'define range add name ' + k + ' ip1 ' + '\'' + first_part1.group(
1) + '\'' + ' ip2 ' + '\'' + k_pre.group(1) + second_part1 + '\'')
f_host.write('\n')
elif re.match(r'\d+.\d+.\d+.\d+/\d+', k):
first_part2 = re.match(r'(\d+.\d+.\d+.\d+/\d+)', k)
f_host.writelines(f'define subnet add name ' + k + ' ipaddr ' + first_part2.group(1))
f_host.write('\n')
else:
f_host.writelines(f'define host add name ' + k + ' ipaddr ' + k)
f_host.write('\n')
# 自定义服务数据整理,如端口
def define_service(service):
service_list = []
service_list2 = []
with open(service, 'r', encoding='utf-8') as f_service:
for line in f_service.readlines():
text1 = line.replace('\n', ' ')
service_list.append(text1)
# print(service_list)
for i in service_list:
parts = i.split(' ')
for j in parts:
if j != '':
service_list2.append(j)
service_list3 = list(set(service_list2))
print(service_list3)
with open(r'service_policy.txt', 'a', encoding='utf-8') as f_host:
for k in service_list3:
if re.match(r'tcp\d+-\d+', k) or re.match(r'TCP\d+-\d+', k):
first_part1 = re.match(r'\D+(\d+)-\d+', k)
second_part1 = k.split('-')[1]
f_host.writelines(
f'define service add name ' + k + ' protocol ' + '6' + ' ports ' + '\'' + first_part1.group(
1) + '-' + second_part1 + '\'')
f_host.write('\n')
elif re.match(r'udp\d+-\d+', k):
first_part2 = re.match(r'\D+(\d+)-\d+', k)
second_part2 = k.split('-')[1]
f_host.writelines(
f'define service add name ' + k + ' protocol ' + '17' + ' ports ' + '\'' + first_part2.group(
1) + '-' + second_part2 + '\'')
f_host.write('\n')
elif re.match(r'tcp\d+(?!-\d+)', k):
first_part3 = re.match(r'\D+(\d+)', k)
f_host.writelines(
f'define service add name ' + k + ' protocol ' + '6' + ' ports ' + '\'' + first_part3.group(
1) + '\'')
f_host.write('\n')
elif re.match(r'udp\d+(?!-\d+)', k):
first_part4 = re.match(r'\D+(\d+)', k)
f_host.writelines(
f'define service add name ' + k + ' protocol ' + '17' + ' ports ' + '\'' + first_part4.group(
1) + '\'')
f_host.write('\n')
else:
f_host.writelines(f'define service add name ' + k + ' protocol ' + '6' + ' ports ' + '\'' + k + '\'')
f_host.write('\n')
# 安全策略数据整理
def firewall_policy(source, destination, service, action, enable, name):
source_list = []
destination_list = []
service_list = []
action_list = []
enable_list = []
name_list = []
with open(source, 'r', encoding='utf-8') as f_source:
for line1 in f_source.readlines():
text1 = line1.replace('\n', '')
source_list.append(text1)
with open(destination, 'r', encoding='utf-8') as f_destination:
for line2 in f_destination.readlines():
text2 = line2.replace('\n', '')
destination_list.append(text2)
with open(service, 'r', encoding='utf-8') as f_service:
for line3 in f_service.readlines():
text3 = line3.replace('\n', '')
service_list.append(text3)
with open(action, 'r', encoding='utf-8') as f_action:
for line4 in f_action.readlines():
text4 = line4.replace('\n', '')
action_list.append(text4)
with open(enable, 'r', encoding='utf-8') as f_enable:
for line5 in f_enable.readlines():
text5 = line5.replace('\n', '')
enable_list.append(text5)
print(enable_list)
with open(name, 'r', encoding='utf-8') as f_name:
for line6 in f_name.readlines():
text6 = line6.replace('\n', '')
name_list.append(text6)
with open(r'firewall_policy.txt', 'a', encoding='utf-8') as f_policy:
for name_n, src, dst, act, ena, svc in zip(name_list, source_list, destination_list, action_list, enable_list,
service_list):
f_policy.writelines(
f'firewall policy add name ' + name_n + ' ' + ena + ' yes action ' + act + ' src ' + '\'' + src + '\'' + ' dst ' + '\'' + dst + '\'' + ' log on service ' + '\'' + svc + '\'')
f_policy.write('\n')
if __name__ == '__main__':
get_value(r'IP池.xlsx')
define_ip_range(r'ip_range.txt', r'ip_range__name.txt')
# define_destination(r'destination.txt')
# define_service(r'service.txt')
# firewall_policy(r'source.txt', r'destination.txt', r'service.txt', r'action.txt', r'enable.txt', r'name.txt')
# get_value(r'子网.xlsx')
define_ip(r'ip.txt', r'ip_name.txt')
# replace_dict = {
# "启用": "enable",
# "禁用": "disable",
# "放行": "accept",
# "阻断": "deny",
# "service \' any\'": ""
# }
#
# with open(r'firewall_policy.txt', 'r', encoding='utf-8') as f_policy:
# content = f_policy.read()
#
# for old_value, new_value in replace_dict.items():
# content1 = re.sub(old_value, new_value, content)
#
# with open(r'firewall_policy.replace', "w", encoding="utf-8") as file:
# file.write(content)