Python Forum
Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Recursive Search and Find
#1
Folks,
I am not even sure how to ask the question so I don't really have code to post for what I have tried. I am trying to do some comparisons on some Firewall Services and Firewall Service groups.

- A Firewall Service is like the lines that start with config firewall service custom below and it defines a specific service and its values.
- A Firewall Service Group is group of services and service groups that make up the services allowed. Some Service Groups have nested service groups in them and that is what I am trying to solve.

I have a text file and in the file I have the following lines (example lines. The actual file is hundreds of lines long):

config firewall service group edit "GROUP-1-GRP" set member "svc-name-1" "svc-2" "Serv_3" "GROUP-2-GRP" "TEST1-GRP"
config firewall service group edit "GROUP-2-GRP" set member "svc-name-1" "Serv_3" "SERVICE-4"
config firewall service group edit "TESTING-GRP" set member "SERVICE-7" "SERVICE-6" "SERVICE-5"
config firewall service group edit "TEST1-GRP" set member "svc-name-1" "NESTED-GRP"
config firewall service group edit "NESTED-GRP" set member "SVC-6"
config firewall service custom edit "svc-name-1" set color 1 set udp-portrange 500 4500
config firewall service custom edit "svc-2" set tcp-portrange 5190-5194
config firewall service custom edit "Serv_3" set tcp-portrange 123 set udp-portrange 123
config firewall service custom edit "SERVICE-4" set udp-portrange 26000 27000 27910 27960
config firewall service custom edit "SERVICE-5" set tcp-portrange 3389
config firewall service custom edit "SVC-6" set tcp-portrange 33381

I also have a list of Service Groups and I want to loop through that list and figure out the actual services that are associated to the main service group. This means if it is a service already then I can get those values, but if it is a service group, I have do dig into that group and pull out all services and if there is another nested group then I have to dig into that service group and pull out the services so at the end I can identify which actual services are being used by the base service group.

So for example:
BASE GROUP: GROUP-1-GRP
BASE SERVICE: "svc-name-1" set color 1 set udp-portrange 500 4500
BASE SERVICE: "svc-2" set tcp-portrange 5190-5194
BASE SERVICE: "Serv_3" set tcp-portrange 123 set udp-portrange 123
NESTED GROUP: "GROUP-2-GRP"
NESTED SERVICE: "svc-name-1" set color 1 set udp-portrange 500 4500
NESTED NESTED GROUP: "TEST1-GRP"
NESTED NESTED SERVICE: "svc-name-1" set color 1 set udp-portrange 500 4500
NESTED NESTED NESTED GROUP: NESTED-GRP
NESTED NESTED NESTED SERVICE: "SVC-6" set tcp-portrange 33381

So after going through the services and service groups I would say that the actual services being used in GROUP-1-GRP are:
"svc-name-1" set color 1 set udp-portrange 500 4500
"svc-2" set tcp-portrange 5190-5194
"Serv_3" set tcp-portrange 123 set udp-portrange 123
"SVC-6" set tcp-portrange 33381

The reason I need to get down to the actual services for viewing is because I have a Centralized Firewall Manager (CMS) and on it there are a list of services groups, and when I want to bring in a new firewall to the Centralized Manager, it does a comparison of the CMS and the Firewall and tells me if there is a conflict with Service Groups because if the Firewall has a service group named GROUP-1-GRP it may be the same name but is made up of different services than the . GROUP-1-GRP on the CMS. These configurations are old and they are a nightmare because the engineers did not use a good naming standard and that is what I am trying to accomplish. I am going through the configurations of over 300 Firewalls and trying to bring them in to the CMS and the big stumbling block is names that are the same but have different services.

I just don't know how to recurse back into an object if it is a group and then possibly into another group and be able to pull out those values and associate them with the top level service group. Any pointers or maybe different ways of looking at the data would be appreciated.

Thanks in Advance
Wally
Reply
#2
I don't understand your question. I highly recommend that you formulate it in terms of Python code, otherwise I suspect you're unlikely to get a response.
Reply
#3
OK so here is what I have so far:
import re
import shlex

services = []
groups = []
service_dictionary = {}
svc_grp_dictionary = {}

svc_grp = open("service-group-output.txt", 'w')

with open("service-parse.txt", 'r') as file_split:
    for line in file_split:
        line_split = shlex.split(line, posix=False)
        if re.search(r'service custom', line):
            services.append(line_split[5])
            serv = line_split[line_split.index("edit") + 2:]
            service_dictionary[line_split[5]] = serv
        if re.search(r'service group', line):
            groups.append(line_split[5])
            if "member" in line_split:
                members = line_split[line_split.index("member") + 1:]
                svc_grp_dictionary[line_split[5]] = members
                svc_grp.write(line_split[5] + ": " + str(members) + "\n")

# for k, v in service_dictionary.items():
#     print(k, v)

for k, v in svc_grp_dictionary.items():
    print(k, v)

svc_grp.close()
The below link has the parsed file I am looking through:
SERVICE CHECK TEXT FILE

If you run the script against this, you will see the output of the svc_grp_dictionary and if you open the file created by running the script you can go to LINE 278 or just search for 5307-5427-1024-GRP and you will find the following:

"5307-5427-1024-GRP": ['"SGD-5307_5427-GRP"', '"1024"', '"NON-PRIVILEGED-TCP-GRP"', '"NON-PRIVILEGED-UDP-GRP"']

So this group (5307-5427-1024-GRP) is made up of members:
"SGD-5307_5427-GRP"
"1024"
"NON-PRIVILEGED-TCP-GRP"
"NON-PRIVILEGED-UDP-GRP"

Three of the members are also groups and I need to drill down into them until I get to the actual services (service groups can be nested in service groups which can be nested into service groups etc...). "SGD-5307_5427-GRP" "NON-PRIVILEGED-TCP-GRP" "NON-PRIVILEGED-UDP-GRP"
"1024" is already a service so it is where I need it to be.

if you were to search through the service-parse.txt file for each of the objects members in the service gtoup you would see:

config firewall service group edit "SGD-5307_5427-GRP" set member "SGD-5307_5427-SGD-5307_5427" "SGD-5307_5427-SGD-5307_5427_1"
config firewall service custom edit "1024" set tcp-portrange 1024:0-65535
config firewall service group edit "NON-PRIVILEGED-TCP-GRP" set member "NON-PRIVILEGED-TCP-NON-PRIVILEGED-TCP"
config firewall service group edit "NON-PRIVILEGED-UDP-GRP" set member "NON-PRIVILEGED-UDP-NON-PRIVILEGED-UDP"

And then if you further search for the member names of the above you will see:
config firewall service group edit "SGD-5307_5427-GRP" set member "SGD-5307_5427-SGD-5307_5427" "SGD-5307_5427-SGD-5307_5427_1" is made up of the following services:
config firewall service custom edit "SGD-5307_5427-SGD-5307_5427" set tcp-portrange 5307
config firewall service custom edit "SGD-5307_5427-SGD-5307_5427_1" set tcp-portrange 5427

config firewall service custom edit "1024" set tcp-portrange 1024:0-65535 is already a service so I don't need to drill deeper

config firewall service group edit "NON-PRIVILEGED-TCP-GRP" set member "NON-PRIVILEGED-TCP-NON-PRIVILEGED-TCP" is made up of the following services:
config firewall service custom edit "NON-PRIVILEGED-TCP-NON-PRIVILEGED-TCP" set tcp-portrange 1024-65535:0-65535

and

config firewall service group edit "NON-PRIVILEGED-UDP-GRP" set member "NON-PRIVILEGED-UDP-NON-PRIVILEGED-UDP" is made up of the following services:
config firewall service custom edit "NON-PRIVILEGED-UDP-NON-PRIVILEGED-UDP" set udp-portrange 1024-65535:0-65535

So at the end of the day, what I am trying to get to is knowing that service group 5307-5427-1024-GRP
has the following services and their values associated with it:

DEFINED-5307-5427-1024-GRP
  • set tcp-portrange 5307
    set tcp-portrange 5427
    set tcp-portrange 1024:0-65535
    set tcp-portrange 1024-65535:0-65535
    set udp-portrange 1024-65535:0-65535

I am stuck trying to figure out how to dig back into each member and drill down until I get to the actual service and then store those services somewhere so that once I pull all the services I can then output the values and do a comparison of the services against the same named service groups on different devices.
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  Python: re.findall to find multiple instances don't work but search worked Secret 1 1,173 Aug-30-2022, 08:40 PM
Last Post: deanhystad
  Combine Two Recursive Functions To Create One Recursive Selection Sort Function Jeremy7 12 7,195 Jan-17-2021, 03:02 AM
Last Post: Jeremy7
  Voynich search engine in python using dashes & dot totals to find Italian words Pleiades 3 3,441 Oct-10-2019, 10:04 PM
Last Post: Pleiades

Forum Jump:

User Panel Messages

Announcements
Announcement #1 8/1/2020
Announcement #2 8/2/2020
Announcement #3 8/6/2020