General updates

networktocode · Jul 28, 2020 · 5f20e8e · 5f20e8e
1 parent a41432f
commit 5f20e8e
Show file tree

Hide file tree

Showing 4 changed files with 14 additions and 29 deletions.
diff --git a/acl_auditor/auditor.py b/acl_auditor/auditor.py
@@ -5,7 +5,6 @@
 import os
 import sys
 
-from dotenv import load_dotenv
 from pybatfish.client.commands import bf_session
 from pybatfish.question import bfq
 from pybatfish.question.question import load_questions
@@ -16,19 +15,15 @@
     generate_html_report,
 )
 
-load_dotenv()
 
 logging.getLogger("pybatfish").setLevel(logging.CRITICAL)
 
 
 class ACLAuditor:
-    def __init__(self, config_file, batfish_host):
-        self.init_session(batfish_host)
-        self.config_file = config_file
-
-    def init_session(self, batfish_host):
-        bf_session.host = batfish_host
+    def __init__(self, config_file):
+        bf_session.host = "127.0.0.1"
         load_questions()
+        self.config_file = config_file
 
     def _create_base_snapshot(self):
         bf_session.init_snapshot_from_text(
@@ -84,8 +79,6 @@ def get_unreachable_lines(self):
 
 
 if __name__ == "__main__":
-    batfish_host = os.getenv("BATFISH_SERVICE_HOST")
-
     parser = argparse.ArgumentParser(description="Batfish ACL Auditor")
     parser.add_argument(
         "-c",
@@ -105,7 +98,7 @@ def get_unreachable_lines(self):
     args = vars(parser.parse_args())
 
     config = read_file(args["device_config"])
-    acl_auditor = ACLAuditor(config, batfish_host)
+    acl_auditor = ACLAuditor(config)
     filter_compare_results = str()
     unreachable_results = str()
 

diff --git a/data/asa.cfg b/data/asa.cfg
@@ -57,14 +57,10 @@ dns server-group DefaultDNS
  domain-name packetflow.local
 same-security-traffic permit inter-interface
 access-list acl-inside extended deny ip any4 any4
-access-list acl-inside extended permit udp host 10.0.2.1 host 8.8.8.8 eq ntp 
 access-list acl-inside extended permit udp host 10.0.2.1 host 8.8.8.8 eq domain 
-access-list acl-inside extended permit udp host 10.0.2.1 host 8.8.4.4 eq ntp 
 access-list acl-inside extended permit udp host 10.0.2.1 host 8.8.4.4 eq domain
-access-list acl-webfarm extended permit tcp host 10.0.1.1 host 10.0.2.1 eq 3306 
-access-list acl-webfarm extended permit udp host 10.0.1.1 host 8.8.8.8 eq ntp 
+access-list acl-webfarm extended permit tcp any host 10.0.2.1 eq 3306 
 access-list acl-webfarm extended permit udp host 10.0.1.1 host 8.8.8.8 eq domain 
-access-list acl-webfarm extended permit udp host 10.0.1.1 host 8.8.4.4 eq ntp 
 access-list acl-webfarm extended permit udp host 10.0.1.1 host 8.8.4.4 eq domain
 access-list acl-webfarm extended deny ip any4 any4
 access-list acl-outside extended permit tcp any4 host 10.0.1.1 eq www 
@@ -226,4 +222,4 @@ call-home
   destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
   destination transport-method http
 Cryptochecksum:ea1e58d34590afa6687e169dfc31f4c7
-: end
+: end
diff --git a/data/flows.yml b/data/flows.yml
@@ -1,15 +1,11 @@
 ---
-- source_ip: 11.36.216.176/32
-  dest_ip: 11.36.216.0/24
-  proto: ip
+- source_ip: 10.0.1.1/32
+  dest_ip: 8.8.8.8/32
+  dest_port: 53
+  proto: udp
   action: permit
-  name: from-11-36-216-176
-- source_ip: 10.36.176.0/24
-  dest_ip: 11.20.0.0/16
-  dest_port: 1000-20000
+- source_ip: 10.0.1.1/32
+  dest_ip: 10.200.1.1/32
+  dest_port: 3306
   proto: tcp
   action: permit
-- source_ip: 0.0.0.0/0
-  dest_ip: 0.0.0.0/0
-  proto: ip
-  action: permit
diff --git a/docker-compose.yml b/docker-compose.yml
@@ -1,6 +1,6 @@
 version: '3.5'
 services:
-  acl_auditor:
+  ntc-soteria:
     container_name: acl_auditor
     build:
       context: .