Home > Uncategorized > ACL Parser Update

ACL Parser Update

December 26th, 2011

The ACL parser tool is intended to format ACL’s from may different devices into a common format for security professionals and network professionals to easily review the data. So during the initial development, I started with Cisco ACL’s and began moving into Fortinet. As I am nearing the end of the Fortinet, I realized I am doing the reformatting wrong. What I am doing wrong is the normalization process. So this latest release parse_acl_v0.01.a4.pl will be the last version using the current model. I am restructuring the script to format the data into a common format, that can be easily imported into a database such as “OSSAMS” or MS Excel and etc.

So what does this really mean, well the current code for the most part is not dead or I am declaring it dead, and I starting over. I will still use many of the regex and other test conditions in the current code, but the restructuring or normalizing of the data will be radically different. As I am just starting the new code today I can’t tell you what those changes will be, except for the changes will be easier to follow and I will create data models and documentation as I go.

So attached to this blog post is the final version of of the v0.1 train of code. I would like to make a special shot out to toni ‘at’ cunyat.net for giving me a patch to fix a few lines of code he found an issue with. I have incorporated these lines into this version.
parse_acl_v0.01.a4.pl

Categories: Uncategorized Tags:
  1. Javier Glaz
    February 27th, 2012 at 19:16 | #1

    Hi,

    I’ve been testing your code and is very very useful. I have to parse long FWSM configs and this is helping me a lot. However, I get the ERROR 4405 with some configs. I have tried removing some object-groups and sometimes it works and sometimes it doesn’t. I didn’t take the time yet to analyze the code to be honest, but if I can help you in some way, please tell me.

    Also, you finally published a newer version of this? or Alpha 4 is still the last one?

    Regards,
    Javier

  2. Javier Glaz
    February 27th, 2012 at 20:15 | #2

    As a quick update, I did the following:

    I added a print “$line\n”; just before the ERROR 4405 line in your script and it stops, in a line “eq rsh”. The object-group looked like this:

    object-group service HARVEST_PORTS_TCP tcp
    port-object eq 5101
    port-object range 50000 50500
    port-object eq rsh

    After I removed the “port-object eq rsh” it worked like a charm.

    HTH
    Javier.

  3. reed
    October 9th, 2013 at 05:42 | #3

    Hi ! (a answer one year later … xD But I just see your ‘amazing’ script :),

    You don’t need to delete the line ! For “rsh”, just add (rsh) on the $tcp_udp_pro_regex_name; Ex . :

    our $tcp_udp_pro_regex_name = ‘(rsh)|(aol)|(bgp)|(biff)|(bootpc)|(bootps)|(chargen)|(citrix.ica)|(cmd)|(ctiqbe)|(cifs)|(daytime)|(discard)|(domain)|(dnsix)|(exec)|(finger)|(ftp.data)|(ftp)|(gopher)|(https)|(h323)|(hostname)|(ident)|(imap4)|(irc)|(isakmp)|(kerberos)|(klogin)|(kshell)|(ldaps)|(ldap)|(lpd)|(login)|(lotusnotes)|(mobile.ip)|(nameserver)|(netbios.ns)|(netbios.dgm)|(netbios.ssn)|(nntp)|(ntp)|(pcanywhere.status)|(pcanywhere.data)|(pim.auto.rp)|(pop2)|(pop3)|(pptp)|(radius)|(radius.acct)|(rip)|(rtsp)|(secureid.udp)|(smtp)|(snmp)|(snmptrap)|(sqlnet)|(sip)|(ssh)|(sunrpc)|(syslog)|(tacacs)|(talk)|(telnet)|(tftp)|(time)|(uucp)|(who)|(whois)|(www)|(xdmcp)’;

    Some issue with FWSM & objects … but very useful tool :)

    Thank you !

  4. November 14th, 2013 at 00:27 | #4

    I am working on a totally new version of the script that does a lot more. I can’t give you a date yet, but soon.

  5. John
    June 8th, 2014 at 18:24 | #5

    @Cody
    Hiya
    Love your work.
    Got a new version of parse_acl in the works? Trying to parse the config of a leter version of ASA. If new version imminent, I may wait before hacking the one I got.
    Thank You!

  6. October 20th, 2014 at 19:51 | #6

    I have a new version in the works, but I am not sure when it will be released.

  7. korant
    February 13th, 2015 at 08:19 | #7

    hello Cody,

    I am new to perl so forgive me if my question is too simplistic:
    i want to know where i can find the output file after i run the script please

  8. Yevgenii
    May 19th, 2015 at 01:57 | #8

    Kindly ask to share latest version of Cisco ACL parser

  9. October 28th, 2015 at 08:33 | #9

    I have not updated the code in a loooong time…

Comments are closed.