[prev in list] [next in list] [prev in thread] [next in thread]
List: sidewinder
Subject: RE: [Sidewinder] Unused ACL Report
From: sidewinder () adeptech ! com
Date: 2004-12-04 19:00:54
Message-ID: CB9092A25E7E484A8564B5B71BC83A6DD5D831 () fsjubj12 ! exchange ! gunter ! af ! mil
[Download RAW message or body]
Unused Proxy Report for 21 days
Make sure the proxy_usage report is configured to run.
Do this by adding the following two lines to the
/etc/sidewinder/reports.conf file:
report(proxy_usage "Proxy Usage Report" "Proxy Usage Report" no
query_list[proxy_usage_q])
and
query(proxy_usage_q "Proxy_Rule_Usage" "Acl Usage Query" acl_table
srvc,sum_hitcount "" srvc sum_hitcount_desc no no "" default)
Then check that that report works by running gen_reports -r proxy_usage.
Next, created a shell script called unusedproxies.sh, needs to have
permissions 766 and be type Admn:scrp. I put mine in /usr/local/bin.
It will read as follows:
#!/bin/sh
cf nss q | grep enable | cut -d " " -f 5-5 | cut -d "=" -f 2-2 | sort -u
> /usr/local/bin/allproxies
cf udpproxy q | grep enable | cut -d " " -f 4-4 | cut -d "=" -f 2-2 |
sort -u >> /usr/local/bin/allproxies
gen_reports -r proxy_usage -d auditdb_1 | grep -v "firewallname.domain"
| grep -v "audit data" | cut -c 1-16 | sort -u >
/usr/local/bin/usedproxies
gen_reports -r proxy_usage -d auditdb_2 | grep -v "firewallname.domain"
| grep -v "audit data" | cut -c 1-16 | sort -u >>
/usr/local/bin/usedproxies
(etc...continue with as many of the sql databases as you want, I use 21
for a a total of 3 weeks)
gen_reports -r proxy_usage -d auditdb_21| grep -v "firewallname.domain"
| grep -v "audit data" | cut -c 1-16 | sort -u >>
/usr/local/bin/usedproxies
cat /usr/local/bin/allproxies | sort -u > allproxies2
python /usr/local/bin/diffproxies.py > /usr/local/bin/unusedproxies
mail -s "Unused Proxies on firewallname for Last 21 days"
your-email-address < /usr/local/bin/unusedproxies
In the shell script, change firewallname.domain to yours, change email
address, everything else should be okay
Create the python program called diffproxies.py (below)
Give it permissions 766 and type Admn:file and needs to be in
/usr/local/bin
#! /usr/contrib/bin/python -u
import os, string
import socket
def main():
'''
Read in the allproxies file, pull out the proxies
'''
proxies = {}
file = open('/usr/local/bin/allproxies2', 'r')
allLines = file.readlines()
file.close()
for eachLine in allLines:
proxy = string.split(eachLine," ")
proxies[eachLine[:-1]] = 0
file = open('/usr/local/bin/usedproxies', 'r')
allLines = file.readlines()
file.close()
for eachLine in allLines:
proxy = string.split(eachLine," ")[0]
proxies[proxy] = 1
for x in proxies.keys():
if proxies[x] == 0:
print x
if __name__ == '__main__':
main()
anyway, you just run the unusedproxies.sh....it will run everything for
you...cron it if you want, that's what I do..
So here's the gist of things of things, you're creating a file of all
used proxies, a file of all proxies, then diffing the two...you'll want
to change "firewallname.domain" to your firewallname of course....should
be the only modification required...the column length of 1-16 in the
second email may have to be lengthened if you have any exceptionally
long proxy names, but I wouldn't think so...
I'm sure this can be done with less files, and all in one python
program, but it works for me...be aware this won't show you proxies you
have created but not enabled. Only unused proxies that are enabled on
some burb.
Suzi
_______________________________________________
Sidewinder mailing list
Sidewinder@adeptech.com
http://mail.adeptech.com/mailman/listinfo/sidewinder
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic