The Author Online Book Forums are Moving

The Author Online Book Forums will soon redirect to Manning's liveBook and liveVideo. All book forum content will migrate to liveBook's discussion forum and all video forum content will migrate to liveVideo. Log in to liveBook or liveVideo with your Manning credentials to join the discussion!

Thank you for your engagement in the AoF over the years! We look forward to offering you a more enhanced forum experience.

import-bot (20211) [Avatar] Offline
#1
Re: hashes of hashes? Or is there a better way?
[Originally posted by dave]

> I have a text file that contains the data I need in two seperate places, the
> first few lines have one set of data, the rest of the lines have data that is
> based on the first set. Here is some sample data. Items that change/I care
> about, are marked with a *...
>
> First Set Format:
> static (inside,outside) *outside_IP *inside_IP netmask 255.255.255.255 0 0
>
> First Set Example:
> static (inside,outside) 192.168.1.1 10.100.2.11 netmask 255.255.255.255 0 0
> static (inside,outside) 192.168.1.2 10.100.2.12 netmask 255.255.255.255 0 0
>
> Second Set Format:
> conduit *[permit|deny] *[tcp|udp] host *outside_IP eq *port *from
> (Note: ouside_IP is from first set data)
>
> Second Set Example:
> conduit permit tcp host 192.168.1.1 eq www 205.251.25.0 255.255.255.0
> conduit permit tcp host 192.168.1.2 eq ftp any
> conduit permit tcp host 192.168.1.2 eq smtp any
> conduit permit udp host 192.168.1.2 eq 25 any
> conduit permit tcp host 192.168.1.2 eq domain any
> conduit permit udp host 192.168.1.2 eq domain any
> conduit permit tcp host 192.168.1.2 eq www any
>
> I need to be able to report on this in the following ways...
>
> 1.) Given a machine name, look up the inside and outside address and tell what
> ports are open from where. (i.e. www.foo.com 192.168.1.1/10.100.2.11 has the
> www service accessible from 205.251.25.0/24)
>
> 2.) Given a port number/name show all machines that have that port open. (i.e.
> The following machines have port 80 (www) open: 192.168.1.1, 192.168.1.2)
>
> Any ideas would be greatly appreciated.

As you're answering two completely different questions, I'd build two
different data structures. Firstly I'd build a hash of hashes, keyed on
machine nane (which doesn't seem to be in your input data) that looked like
this:

$data{name}{ inside => '10.100.2.11',
outside => '192.168.1.1',
open => [ { port => 'www',
from => '205.251.25.0' } ] };

Note that the 'open' bit gets a bit complex, the value is an array of hashes
each of which desscribes one open port.

I'd then invert that to give another data structure that would answer the
other kind of question like this:

$ports{www}[{ from => '205.251.25.0', ip => '192.168.1.1' } ];

Again, as each port can be open on a number of machines you need to put an
array within the hash.

Does that help? I can go into more detail if you want.

Cheers,

Dave...
import-bot (20211) [Avatar] Offline
#2
[Originally posted by ronnocol]

I have a text file that contains the data I need in two seperate places, the
first few lines have one set of data, the rest of the lines have data that is
based on the first set. Here is some sample data. Items that change/I care
about, are marked with a *...

First Set Format:
static (inside,outside) *outside_IP *inside_IP netmask 255.255.255.255 0 0

First Set Example:
static (inside,outside) 192.168.1.1 10.100.2.11 netmask 255.255.255.255 0 0
static (inside,outside) 192.168.1.2 10.100.2.12 netmask 255.255.255.255 0 0

Second Set Format:
conduit *[permit|deny] *[tcp|udp] host *outside_IP eq *port *from
(Note: ouside_IP is from first set data)

Second Set Example:
conduit permit tcp host 192.168.1.1 eq www 205.251.25.0 255.255.255.0
conduit permit tcp host 192.168.1.2 eq ftp any
conduit permit tcp host 192.168.1.2 eq smtp any
conduit permit udp host 192.168.1.2 eq 25 any
conduit permit tcp host 192.168.1.2 eq domain any
conduit permit udp host 192.168.1.2 eq domain any
conduit permit tcp host 192.168.1.2 eq www any

I need to be able to report on this in the following ways...

1.) Given a machine name, look up the inside and outside address and tell what
ports are open from where. (i.e. www.foo.com 192.168.1.1/10.100.2.11 has the
www service accessible from 205.251.25.0/24)

2.) Given a port number/name show all machines that have that port open. (i.e.
The following machines have port 80 (www) open: 192.168.1.1, 192.168.1.2)

Any ideas would be greatly appreciated.

Regards,
Lance O'Connor