Tuesday, January 12, 2016

Script Cisco Firewall Configuration for Firewall Review PCI

Twice a year the Security Analyst needs to do firewall review for PCI or other compliance, Yes, we need to have something that can automate to grab the latest firewall configuration to analyze it. I will describe in this blog one simple script in python to grab the configuration with explanations.

I am suing in this script two modules pexpect and sys, the first one allow us to connect simulating if we are doing it from the console itself. This scrip will ask you for the firewall's IP address.

The script begin (copy from bellow):

import pexpect
import sys

asa_ip = raw_input ('Please Enter ASA IP: ')
user = "your-username-on-the-device"
password = "P@ssw0rd"
password_enable = "P@ssw0rd"


#This establish the SSH connection

child = pexpect.spawn ('ssh %s@%s' % (user,asa_ip))

#This log the result
fout = file('firewall.%s.txt' % asa_ip,'w')

#Expect the device to ask the password
child.expect('password:')

#Script send the password
child.sendline(password)

#Expect the '>" and type enable
child.expect('>')
child.sendline('enable')

#Expect asking enable password and send the password
child.expect('Password:')
child.sendline(password_enable)

child.expect('#')

#Send 'terminal pager 0' to avoid keep pressing Enter, if you do not do this you will have time out
child.sendline('terminal pager 0')

# Send the sh running-config command
child.expect('#')
child.sendline('sh running-config')

#Max file size
child.maxread=999999999
child.timeout=360

#Put it in the log file
child.logfile_read = fout

#Expect : end to finish the configuration
child.expect(': end')

print child.before
child.send('exit')

child.sendline()


# Clean the file, removing Cisco commands

with open('firewall.%s.txt' % asa_ip,'r') as fin:
        data = fin.read().splitlines(True)
with open('firewall.%s.txt' % asa_ip,'w') as fout:
        fout.writelines(data[1:])

#Finish script

At the end the script will create a txt file where you will have the firewall configuration. You can use this script to backup your configuration or just to begin your firewall review.

No comments:

Post a Comment