Prev: Problems at writing multiple files
Next: Gusetbook with flowers and comment
From: samiam on 5 Oct 2006 13:27


Hello,

I know this is a trivial parse / grep job for any Perl rake worth his
salt, but does anyone have guidance on how this Perl newbie might pull
a string from one file and use this string to pull the lines in another
file out, and also pull the first line before (matching criteria) and
the first line after (matching criteria.)

I have described this in detail below.

At first I thought to use VBScript, but then I realized that Perl is
portable, doesn't necessarily have to be installed on the server, and
probably has MUCH better string processing power than VBScript. I also
considered grep, but still thought I could reuse the Perl solution in
more places.

Any input is GREATLY appreciated!

L,
S

------------

Summary: I need to find CSR numbers in FILE-A that map to registry key
entries in FILE-B, and report the pertinent surrounding info.

Detail:

I am looking to:

a.) find the lines in *.aud files with "Fail" in them
b.) Extract the Section number from the beginning of that same line.
I'll call this Section number a "CSR #"

Then use that CSR# to pull from a 2nd *.dsc file :

a.) Pull first line with CSR#
b.) Pull the first line above it with anything between two # signs,
which are section titles like this #Windows Messenger#
c.) Pull the SECOND registry key instance that is on any line below the
line with the CSR #
d.) Out put this data into a CSV file like this:

CSR#, Section Title, Registry Key

5.6.1.7.1, Windows Messenger Check, "HLM,
SOFTWARE\Policies\Microsoft\Messenger\Client,PreventRun,1,INTEGER"

Since there seem to be commas in the registry key entry, I suppose my
csv file would need to be delimited by another delimiter recognized by
Excel, which is where I ultimately want to display my data.

Below are two data samples like the data from which I will be culling.
The first sample is from a *.aud audit file.
The second is from the single DSC program file that either analyzes the
registry or can also write and change it.

Basically, I need to report the changes that our program will be making
to the registry. The audit files show the fail lines, which are lines
of a servers registry that needs to be brought into compliance.

server.aud file (audit file)
5.2.4~Local Printers Shared~NA~PASS~NA
5.8.1~FTP Server Installed~NA~PASS~NA
5.6.2~POSIX Subsystem Installed~PASS~PASS~
5.2.2~Posix Subsystem File Components - Posix.exe Not Found~NA~PASS~NA
5.2.2~Posix Subsystem File Components - Psxss.exe Not Found~NA~PASS~NA
5.2.2~Posix Subsystem File Components - Psxdll.dll Not Found~NA~PASS~NA
5.6.1.1~NetMeeting Disable Remote Desktop Sharing~FAIL~FAIL~
5.6.1.2~IE Security Zones are Local Only~FAIL~FAIL~
5.6.1.2.2~Allow User to Change IE Sec Policy~FAIL~FAIL~
5.6.1.2.3~IE Security Zones Map Editing~FAIL~FAIL~
5.6.1.2.4~IE Proxy Settings Set Per User~FAIL~FAIL~
5.6.1.2.5~IE Automatic Installs Disabled~FAIL~FAIL~
5.6.1.2.6~IE Software Update Check~FAIL~FAIL~

-----------------------------

analyze.dsc (script for analyzing/writing to registry)

# Windows Messenger #
dialog set,text1,"5.6.1.7.1 Windows Messenger Check"
dialog set,text2,"5.6.1.7.1 Do Not Allow Windows Messenger to be Run"
%%before =
@REGREAD(HLM,SOFTWARE\Policies\Microsoft\Messenger\Client,PreventRun,)
REGISTRY
WRITE,HLM,SOFTWARE\Policies\Microsoft\Messenger\Client,PreventRun,1,INTEGER

From: usenet on 5 Oct 2006 13:34
sam...(a)mytrashmail.com wrote:

[snip multipost]

Please don't multipost. It's rude.

--
David Filmer (http://DavidFilmer.com)

From: Tad McClellan on 5 Oct 2006 19:08
samiam(a)mytrashmail.com <samiam(a)mytrashmail.com> wrote:

> I know this is a trivial parse / grep job for any Perl rake worth his
> salt, but does anyone have guidance on how this Perl newbie might pull
> a string from one file and use this string to pull the lines in another
> file out, and also pull the first line before (matching criteria) and
> the first line after (matching criteria.)


If you show us the code you have so far, we will help you fix it.


> At first I thought to use VBScript, but then I realized that Perl is
> portable, doesn't necessarily have to be installed on the server, and


What "server"?

A server is not normally required to run Perl programs.

Is this a stealth CGI question?

If it is a CGI question, then you _do_ need to have perl installed
on the web server.


> Summary: I need to find CSR numbers in FILE-A that map to registry key
> entries in FILE-B, and report the pertinent surrounding info.


None of the failed CSR numbers in your example FILE-A map to any registry
key entries in FILE-B, so the program must make no output...


> a.) find the lines in *.aud files with "Fail" in them
> b.) Extract the Section number from the beginning of that same line.


Here's how to do that part:

-----------------------------------------------
#!/usr/bin/perl
use warnings;
use strict;

while ( <DATA>) {
my($csr, @fields) = split /~/;
next unless grep { $_ eq 'FAIL' } @fields;
print "$csr\n";

}

__DATA__
5.2.4~Local Printers Shared~NA~PASS~NA
5.8.1~FTP Server Installed~NA~PASS~NA
5.6.2~POSIX Subsystem Installed~PASS~PASS~
5.2.2~Posix Subsystem File Components - Posix.exe Not Found~NA~PASS~NA
5.2.2~Posix Subsystem File Components - Psxss.exe Not Found~NA~PASS~NA
5.2.2~Posix Subsystem File Components - Psxdll.dll Not Found~NA~PASS~NA
5.6.1.1~NetMeeting Disable Remote Desktop Sharing~FAIL~FAIL~
5.6.1.2~IE Security Zones are Local Only~FAIL~FAIL~
5.6.1.2.2~Allow User to Change IE Sec Policy~FAIL~FAIL~
5.6.1.2.3~IE Security Zones Map Editing~FAIL~FAIL~
5.6.1.2.4~IE Proxy Settings Set Per User~FAIL~FAIL~
5.6.1.2.5~IE Automatic Installs Disabled~FAIL~FAIL~
5.6.1.2.6~IE Software Update Check~FAIL~FAIL~
-----------------------------------------------



> Then use that CSR# to pull from a 2nd *.dsc file :


I would have done that part too, but I could not be troubled
to come up with a meaningful data file (and neither could you,
it would appear).


--
Tad McClellan SGML consulting
tadmc(a)augustmail.com Perl programming
Fort Worth, Texas
From: samiam on 6 Oct 2006 09:22
Hi Tad,

Thanks for the reply.

Your code snippet is leaner and more elegant than the labyrinthine code
I imagined necessary.

Sorry about my second data file not reflecting a match to the 1st. Per
your rebuke I have amended my ways: Here are links to data file
examples with matching data points:

http://home.comcast.net/~tankomail/test.dsc
http://home.comcast.net/~tankomail/server1.aud

And below is a snippet of FILE-A data which matches FILE-B data.

For instance - the fail line 5.4.6.24 in FILE-B matches the # cached
logon credentials # section in FILE-A vis-a-vis the section containing
the same 5.4.6.24 CSR#.

FILE-A is no more than sections delimited by #Section Title# , the
Registry key that needs to be changed, and identified by CSR numbers.

The goal is to pull the registry entry from each failed CSR section
(Identified in FILE-B) and pull from FILE-A:
1.) #section title#
2.) CSR#
3.) %%before and %% after registry keys

and push this data into CSV format for viewing with Excel.

--------------------------
FILE-B Aud file:

5.7.1.2~Password Expires Requirement~FAIL~FAIL~
5.4.6.62~Force Unlock Logon~FAIL~FAIL~
5.4.6.24~Cached logon credentials~FAIL~FAIL~1010
5.4.6.27~Smart Card Behavior~FAIL~FAIL~11
5.4.6.20~Auto Admin Login Settings~PASS~PASS~00
5.4.6.9~Sharing of Devices - Floppys~PASS~PASS~11
5.4.6.9~Sharing of Devices - CDRoms~PASS~PASS~11
5.4.6.7~Sharing of Devices - DASD~PASS~PASS~00
5.4.6.16~IPSec Security for Kerberos RSVP Traffic~PASS~PASS~11
5.4.6.17~Hide Computer Name~FAIL~FAIL~
---------------------------

Find the fail lines, get the CSR at the beginning of the line and match
to registry change section in FILE-A
-------------------------
FILE-A dsc file:

# cached logon credentials #
dialog set,text1,"5.4.6.24 Cached logon credentials" **********
dialog set,text2,"5.4.6.24 Cached logon credentials"
%%before = @REGREAD(HLM,SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Winlogon,CachedLogonsCount,)
REGISTRY WRITE,HLM,SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Winlogon,CachedLogonsCount,2
%%after = @REGREAD(HLM,SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Winlogon,CachedLogonsCount,)
%%stat = FAIL
%%stat2 = FAIL
if @equal(%%before,"2")
%%stat = PASS
end
if @equal(%%after,"2")
%%stat2 = PASS
end
list add,debug,"Cached logon credentials:Setting Before Run" %%before
"Setting After Run:" %%after
list add,log,"5.4.6.24~Cached logon
credentials~"%%stat"~"%%stat2"~"%%before%%after
list savefile,log,%%logfile
list savefile,debug,%%debugfile
wait 0.2

:checktwentyseven
%%check = @INIREAD(checks,checktwentyseven)
if @equal(%%check,off)
goto checktwentyeight
end
---------------------------

Thanks for your help Tad!

L,
Sam

Tad McClellan wrote:
> samiam(a)mytrashmail.com <samiam(a)mytrashmail.com> wrote:
>
> > I know this is a trivial parse / grep job for any Perl rake worth his
> > salt, but does anyone have guidance on how this Perl newbie might pull
> > a string from one file and use this string to pull the lines in another
> > file out, and also pull the first line before (matching criteria) and
> > the first line after (matching criteria.)
>
>
> If you show us the code you have so far, we will help you fix it.
>
>
> > At first I thought to use VBScript, but then I realized that Perl is
> > portable, doesn't necessarily have to be installed on the server, and
>
>
> What "server"?
>
> A server is not normally required to run Perl programs.
>
> Is this a stealth CGI question?
>
> If it is a CGI question, then you _do_ need to have perl installed
> on the web server.
>
>
> > Summary: I need to find CSR numbers in FILE-A that map to registry key
> > entries in FILE-B, and report the pertinent surrounding info.
>
>
> None of the failed CSR numbers in your example FILE-A map to any registry
> key entries in FILE-B, so the program must make no output...
>
>
> > a.) find the lines in *.aud files with "Fail" in them
> > b.) Extract the Section number from the beginning of that same line.
>
>
> Here's how to do that part:
>
> -----------------------------------------------
> #!/usr/bin/perl
> use warnings;
> use strict;
>
> while ( <DATA>) {
> my($csr, @fields) = split /~/;
> next unless grep { $_ eq 'FAIL' } @fields;
> print "$csr\n";
>
> }
>
> __DATA__
> 5.2.4~Local Printers Shared~NA~PASS~NA
> 5.8.1~FTP Server Installed~NA~PASS~NA
> 5.6.2~POSIX Subsystem Installed~PASS~PASS~
> 5.2.2~Posix Subsystem File Components - Posix.exe Not Found~NA~PASS~NA
> 5.2.2~Posix Subsystem File Components - Psxss.exe Not Found~NA~PASS~NA
> 5.2.2~Posix Subsystem File Components - Psxdll.dll Not Found~NA~PASS~NA
> 5.6.1.1~NetMeeting Disable Remote Desktop Sharing~FAIL~FAIL~
> 5.6.1.2~IE Security Zones are Local Only~FAIL~FAIL~
> 5.6.1.2.2~Allow User to Change IE Sec Policy~FAIL~FAIL~
> 5.6.1.2.3~IE Security Zones Map Editing~FAIL~FAIL~
> 5.6.1.2.4~IE Proxy Settings Set Per User~FAIL~FAIL~
> 5.6.1.2.5~IE Automatic Installs Disabled~FAIL~FAIL~
> 5.6.1.2.6~IE Software Update Check~FAIL~FAIL~
> -----------------------------------------------
>
>
>
> > Then use that CSR# to pull from a 2nd *.dsc file :
>
>
> I would have done that part too, but I could not be troubled
> to come up with a meaningful data file (and neither could you,
> it would appear).
>
>
> --
> Tad McClellan SGML consulting
> tadmc(a)augustmail.com Perl programming
> Fort Worth, Texas

From: samiam on 6 Oct 2006 12:03
Hi Tad,

Links to the complete data files and a detailed description of my
simple data mining are in my first and second post.

Here is my perl script solution so far - at the end of this post.

I am a crude programmer and so I can't attest for the elegance of this
code or if it's even close to efficient. This code is bits and pieces I
have put together looking at examples on the net. It mostly works.

I haven't been able to get it to put both the %%before and %%after
sections into the csv file.

I would also like to pull the descriptive title of the registry key
into the CSV file, ie. "Checking Netmeeting - Disable Remote Desktop
Sharing" It comes at the end of the lines containing the CSR# such as
5.6.1.1

That part is tricky, at least to this noob.

Can anyone tell me how to add both the %%before and %%after as well as
the key description to my csv file?

Thanks!

L,
Sam

-------sample data-----------

# NETMEETING REG SETTING #
dialog set,text1,"5.6.1.1 Checking Netmeeting - Disable Remote Desktop
Sharing"
dialog set,text2,"5.6.1.1 Checking Netmeeting - Disable Remote Desktop
Sharing"
%%before =
@REGREAD(HLM,SOFTWARE\Policies\Microsoft\Conferencing,NoRDS,)
REGISTRY
WRITE,HLM,SOFTWARE\Policies\Microsoft\Conferencing,NoRDS,1,INTEGER
%%after = @REGREAD(HLM,SOFTWARE\Policies\Microsoft\Conferencing,NoRDS,)
%%stat = FAIL
%%stat2 = FAIL
if @equal(%%before,"1")
%%stat = PASS
end
if @equal(%%after,"1")
%%stat2 = PASS
end
list add,debug,"5.6.1.1:Setting Before Run" %%before "Setting After
Run:" %%after
list add,log,"5.6.1.1~NetMeeting Disable Remote Desktop
Sharing~"%%stat"~"%%stat2"~"%%before%%after
list savefile,log,%%logfile
list savefile,debug,%%debugfile
wait 0.2

:checkseven
%%check = @INIREAD(checks,checkseven)
if @equal(%%check,off)
goto checkeight
end

--------end sample data------------

---------Script So Far-------------
#Create a couple of lookup hashes
open ANALYZE, 'analyze.dsc';
while(<ANALYZE>) {
$section = $1 if /^#\s+(.*)?\s+#/;
$rule_no = $1 if /^dialog set,text1,\"([.1234567890]*)/;
if( /^REGISTRY WRITE,(.*)/ ) {
$regkey{$rule_no} = $1;
$sect{$rule_no} = $section;
}
}
close ANALYZE;

#Scan the Audit file for failures
open AUDITFILE, 'server.aud';
open CSVFILE, '>logfile.csv';
print CSVFILE "CSR #,Section Title,Registry Key\n";
while(<AUDITFILE>) {
if(/^(.*?)~.*~FAIL~/) {
$csr = $1;
$section_title = $sect{$csr};
$registry_key = $regkey{$csr};
if( $section_title ne "" ) {
print CSVFILE "\"$csr\",\"$section_title\",\"$registry_key\"\n";
} else {
print "Fail code $csr not found in analyze.dsc\n";
}
}
}
close AUDITFILE;
close CSVFILE;

 |  Next  |  Last
Pages: 1 2 3
Prev: Problems at writing multiple files
Next: Gusetbook with flowers and comment