#!/bin/bash# Written by Craig Dods# Last Edit on 03/28/2013# This will att

1. #!/bin/bash
2. # Written by Craig Dods
3. # Last Edit on 03/28/2013
4. # This will attempt to pull networks, hosts, and services out a the simplified html dump
5. # Things this script will have issues with:
6. # Non UDP/TCP services (need XML vs html for this to work properly)
7. # Groups of any kind
8. # It is entirely dependent on the naming scheme of the exporter. If they called something 'udp-1512' but in reality it's 'tcp-1512', or if they're labelling hosts as "Net" something...you're screwed
9.  
10. # If you *really* need to do this properly, get XML
11.  
12. # May require fine tuning on the sed string to pull out all erroneous/error generating symbols on a per-policy basis.
13.  
14. echo "Hello, please enter the correct HTML file you'd like to parse:"
15. echo " "
16. ls | grep *.html
17. read -s input_file
18. echo " "
19. echo "Thank you"
20. echo " "
21. time=`date +'%d%m%y_%H%M'`
22. logfile=$time\_$input_file\_parsed.txt
23. final=$time\_Parsed_HTML.dbedit
24.  
25. # Udp Services
26. echo "parsing UDP services..."
27. cat $input_file | grep service | grep -v 'FW1\|wap' | awk '{print $3,$4,$5}' |  sed 's/name\=\"//g;s/\<service\_//g;s/\">/ /g;s/<\/a>/ /g;s/<\/td>//g;s/<td//g;s/vAlign\=\"//g;s/ top //g;s/userdef-//g;s/userder//g;s/usserdef//g;s/href\=\"\#//g;/[0-9]/!d;/\;/d;s/^-//g;s/\ udp/\ udp\ /gI;' | awk '{print $1,$4,$5}' | grep -i udp | awk 'NF>=3' >> $logfile
28. echo "Done"
29.  
30. # TCP Services
31. echo " "
32. echo "parsing TCP services..."
33. cat $input_file | grep service | grep -v 'FW1\|wap' | awk '{print $3,$4,$5}' | sed 's/name\=\"//g;s/\<service\_//g;s/\">/ /g;s/<\/a>/ /g;s/<\/td>//g;s/<td//g;s/vAlign\=\"//g;s/ top //g;s/userdef-//g;s/userder//g;s/usserdef//g;s/href\=\"\#//g;/[0-9]/!d;/\;/d;s/^-//g;' | grep -i tcp | awk '{print $2,$3}' | sed 's/\ Tcp/\ tcp\ /g;s/^-//g' | awk 'NF>=3' >> $logfile
34. echo "Done"
35.  
36. # Network Hosts
37. echo " "
38. echo "parsing Network Hosts..."
39. cat $input_file | grep network_object | grep -v 'FW1\|wap\|group\|grp' | awk '{print $3,$4}' | awk 'NF>=2' | grep -v HP | sed 's/name="network_object_//g;s/\">/\ /g;s/<\/a><\/td><td//g;s/vAlign="top//g;s/network -//g;/[0-9]/!d' | grep -vi net | sed 's/ [^0-9]*/ /' | egrep '[[:digit:]]{1,3}\.[[:digit:]]{1,3}\.[[:digit:]]{1,3}\.[[:digit:]]{1,3}' | sed 's/ [^0-9]*/ /;s/ [^.]*-\([0-9][0-9.]*[0-9]\)/ \1/;s/ \([0-9][0-9.]*[0-9]\)[^0-9.].*$/ \1/' >> $logfile
40. echo "Done"
41.  
42. # Networks
43. echo " "
44. echo "parsing Networks..."
45. # Takes raw data and parses it as best we can without breaking anything, then dumps it into it's own separate file to be fixed $tmp_netfile
46. cat $input_file | grep network_object | grep -v 'FW1\|wap\|group\|grp' | awk '{print $3,$4}' | awk 'NF>=2' | grep -v HP | sed 's/name="network_object_//g;s/\">/\ /g;s/<\/a><\/td><td//g;s/vAlign="top//g;s/network -//g;/[0-9]/!d' | grep -i net | egrep '[[:digit:]]{1,3}\.[[:digit:]]{1,3}\.[[:digit:]]{1,3}\.[[:digit:]]{1,3}' | sed 's/ [^0-9]*/ /;'  | awk '{gsub(/[_-]/," ",$2)}1' >> $logfile
47. echo "Done"
48.  
49. echo " "
50. echo "Parsing complete"
51. echo "Creating dbedit commands now...may take some time"
52.  
53. #grep -v removes FW1 and global services - may need to tune depending on customer
54.  
55. # Creating tcp_service
56. cat $logfile | grep -v 'FW1\|'^g'' | grep " tcp " | awk '{print "create tcp_service",$1}' >> $final
57. cat $logfile | grep -v 'FW1\|'^g'' | grep " tcp " | awk '{print "modify services",$1" port",$3}' >> $final
58. cat $logfile | grep -v 'FW1\|'^g'' | grep " tcp " | awk '{print "update services",$1}' >> $final
59.  
60. # Creating udp_service
61. cat $logfile | grep -v 'FW1\|'^g'' | grep " udp " | awk '{print "create udp_service",$1}' >> $final
62. cat $logfile | grep -v 'FW1\|'^g'' | grep " udp " | awk '{print "modify services",$1" port",$3}' >> $final
63. cat $logfile | grep -v 'FW1\|'^g'' | grep " udp " | awk '{print "update services",$1}' >> $final
64.  
65. # Creating host_plain
66. cat $logfile | grep -vi " tcp \| udp \|net" | awk '{print "create host_plain",$1}' >> $final
67. cat $logfile | grep -vi " tcp \| udp \|net" | awk '{print "modify network_objects",$1" ipaddr",$2}' >> $final
68. cat $logfile | grep -vi " tcp \| udp \|net" | awk '{print "update network_objects",$1}' >> $final
69.  
70. # Creating networks & associated subnet logic
71. cat $logfile | grep -i "net" | awk '{print "create network",$1}' >> $final
72. cat $logfile | grep -i "net" | awk '{print "modify network_objects",$1" ipaddr",$2}' >> $final
73.  
74. #And so begin the shenanigans of trying to create networks based off of network names. The default network creation with those without specifying masks is going to be /24 - change if required on the last awk 'else' line. Since HP's engineers can't type properly, /0/1/2 fields are assigned to /24 as well
75. cat -v $logfile | grep -i "net" | sed 's/\^M//g;s/[ \t]*$//' |awk '
76. $3==32{print "modify network_objects",$1" netmask 255.255.255.255"}
77. $3==31{print "modify network_objects",$1" netmask 255.255.255.254"}
78. $3==30{print "modify network_objects",$1" netmask 255.255.255.252"}
79. $3==29{print "modify network_objects",$1" netmask 255.255.255.248"}
80. $3==28{print "modify network_objects",$1" netmask 255.255.255.240"}
81. $3==27{print "modify network_objects",$1" netmask 255.255.255.224"}
82. $3==26{print "modify network_objects",$1" netmask 255.255.255.192"}
83. $3==25{print "modify network_objects",$1" netmask 255.255.255.128"}
84. $3==24{print "modify network_objects",$1" netmask 255.255.255.0"}
85. $3==23{print "modify network_objects",$1" netmask 255.255.254.0"}
86. $3==22{print "modify network_objects",$1" netmask 255.255.252.0"}
87. $3==21{print "modify network_objects",$1" netmask 255.255.248.0"}
88. $3==20{print "modify network_objects",$1" netmask 255.255.240.0"}
89. $3==19{print "modify network_objects",$1" netmask 255.255.224.0"}
90. $3==18{print "modify network_objects",$1" netmask 255.255.192.0"}
91. $3==17{print "modify network_objects",$1" netmask 255.255.128.0"}
92. $3==16{print "modify network_objects",$1" netmask 255.255.0.0"}
93. $3==15{print "modify network_objects",$1" netmask 255.254.0.0"}
94. $3==14{print "modify network_objects",$1" netmask 255.252.0.0"}
95. $3==13{print "modify network_objects",$1" netmask 255.248.0.0"}
96. $3==12{print "modify network_objects",$1" netmask 255.240.0.0"}
97. $3==11{print "modify network_objects",$1" netmask 255.224.0.0"}
98. $3==10{print "modify network_objects",$1" netmask 255.192.0.0"}
99. $3==9{print "modify network_objects",$1" netmask 255.128.0.0"}
100. $3==8{print "modify network_objects",$1" netmask 255.0.0.0"}
101. $3==2{print "modify network_objects",$1" netmask 255.255.255.0"}
102. $3==1{print "modify network_objects",$1" netmask 255.255.255.0"}
103. $3==0{print "modify network_objects",$1" netmask 255.255.255.0"}
104. !$3{print "modify network_objects",$1" netmask 255.255.255.0"}
105. ' >> $final
106. cat $logfile | grep -i "net" | awk '{print "update network_objects",$1}' >> $final
107.  
108. line_count=`wc -l $final | awk '{print $1}'`
109. echo " "
110. echo "Cleaning up..."
111. rm $logfile
112. echo " "
113. echo "Finished - you have created" $line_count "dbedit commands"
114. echo " "
115. echo "The commands are found in" $final
116. echo " "
117. echo "Goodbye..."
118. echo " "