C# Windows IPSEC监控(仅此一家,别无分店)
Windows IPSEC监控,使用C#编写,输出为一行字符串,可以按照既有IPSEC规则生成模板
using System;using System.Diagnostics;using System.IO;using System.Text;namespace WindowsIPSecMonitor{class WindowsIPSecMonitor{//*****颜色提示*****//红色警告private static void RedError(string text){Console.ForegroundColor = ConsoleColor.Red;Console.WriteLine(text);Console.ForegroundColor = ConsoleColor.White;}//黄色提示private static void YellowWarn(string text){Console.ForegroundColor = ConsoleColor.Yellow;Console.WriteLine(text);Console.ForegroundColor = ConsoleColor.White;}//绿色提示private static void GreenPrint(string text){Console.ForegroundColor = ConsoleColor.Green;Console.WriteLine(text);Console.ForegroundColor = ConsoleColor.White;}//系统命令执行函数private static string Execute(string command, int seconds){string output = ""; //输出字符串if (command != null && !command.Equals("")){Process process = new Process();//创建进程对象ProcessStartInfo startInfo = new ProcessStartInfo();startInfo.FileName = "cmd.exe";//设定需要执行的命令startInfo.Arguments = "/C " + command;//“/C”表示执行完命令后马上退出startInfo.UseShellExecute = false;//不使用系统外壳程序启动startInfo.RedirectStandardInput = false;//不重定向输入startInfo.RedirectStandardOutput = true; //重定向输出startInfo.CreateNoWindow = true;//不创建窗口process.StartInfo = startInfo;try{if (process.Start())//开始进程{if (seconds == 0){process.WaitForExit();//这里无限等待进程结束}else{process.WaitForExit(seconds); //等待进程结束,等待时间为指定的毫秒}output = process.StandardOutput.ReadToEnd();//读取进程的输出}}catch{}finally{if (process != null)process.Close();}}return output;}//追加写入文件函数private static void FileRec(string input, string filename){FileStream fs = new FileStream(filename, FileMode.Append);StreamWriter sw = new StreamWriter(fs, Encoding.GetEncoding("GB2312"));//开始写入sw.Write(input);//清空缓冲区sw.Flush();//关闭流sw.Close();fs.Close();}//追加一个文件到另一个文件末尾private static void AppendFile(string Filenamesrc, string Filenamedst){string command = "type " + Filenamesrc + ">>" + Filenamedst;Execute(command, 1);}//生成机器当前操作模板用作比对private static void GenCurrentLocalTemplates(){//命令全局变量string cmd;//获取所有的策略名//cmd = "netsh ipsec static show policy all | findstr \"策略名称\" 2>&1"; //适用中文简体语言环境cmd = "netsh ipsec static show policy all | findstr \"Policy name\" 2>&1";//适用于英文环境string[] policy = Execute(cmd, 1).Replace("策略名称", "").Replace("Policy Name", "").Replace("\r\n", "").Replace(":", "").Split(new string[] { " " }, StringSplitOptions.RemoveEmptyEntries);foreach (string policyname in policy){//执行命令生成文件cmd = "netsh ipsec static show rule all policy = " + policyname + " level = Verbose Format = table>CurrentFullIPSec.log 2>&1";Execute(cmd, 1);//处理文件try{//int Counter = 0;string line;//处理文件中“是”/“YES”开头不连续的行StreamReader file1 = new StreamReader("CurrentFullIPSec.log", Encoding.GetEncoding("GB2312"));while ((line = file1.ReadLine()) != null){//if (line.StartsWith("是"))//适用于中文简体语言环境if (line.StartsWith("YES"))//适用于英文环境{string ProcessedData = Environment.NewLine + line.TrimEnd();FileRec(ProcessedData, "Temp1.log");}else{FileRec(line + Environment.NewLine, "Temp1.log");}//Counter++;//计数}file1.Close();//关闭文件读取流//截取所有YES开头的行保存到文件//Counter = 0;StreamReader file2 = new StreamReader("Temp1.log", Encoding.GetEncoding("GB2312"));while ((line = file2.ReadLine()) != null){//if (line.StartsWith("是") || line.StartsWith("YES") || line.StartsWith("筛选器列表名称") || line.StartsWith("Rule Name") || line.StartsWith("筛选器操作名称") || line.StartsWith("FilterAction Name") || line.StartsWith("操作") || line.StartsWith("Action") || line.StartsWith("筛选器数目") || line.StartsWith("No. of Filters"))if (line.StartsWith("是") || line.StartsWith("YES") || line.StartsWith("操作") || line.StartsWith("Action")){string ProcessedData = line.Trim() + Environment.NewLine;ProcessedData = ProcessedData.Replace(" ", "").Replace("\t", "");FileRec(ProcessedData, "LocalTemplate.log");}//Counter++;//计数}file2.Close();//关闭文件读取流//删除临时文件File.Delete("Temp1.log");File.Delete("CurrentFullIPSec.log");//Counter = 0;StreamReader file3 = new StreamReader("LocalTemplate.log", Encoding.GetEncoding("GB2312"));while ((line = file3.ReadLine()) != null){if (line.StartsWith("操作") || line.StartsWith("Action")){//用操作名作为文件名string NewFilename = line.Trim() + ".txt";//将文件内容读取进操作名文件AppendFile("Temp2.log", NewFilename);File.Delete("Temp2.log");}else{FileRec(line + Environment.NewLine, "Temp2.log");}//Counter++;//计数}file3.Close();//关闭文件读取流File.Delete("LocalTemplate.log");}catch (IOException){Console.WriteLine("IO Error! Please consult the programmer!" + Environment.NewLine);}}}//根据监控模板生成比对文件private static void GenMonitorTemplates(string TemplateFile){string line;try{StreamReader file = new StreamReader(TemplateFile, Encoding.GetEncoding("GB2312"));line = file.ReadToEnd();string[] policylines = line.Split(new string[] { "BLOCK", "PERMIT" }, StringSplitOptions.RemoveEmptyEntries);FileRec(policylines[0], "MonitorPermitTemplate.txt");FileRec(policylines[1], "MonitorBlockTemplate.txt");file.Close();//关闭文件读取流}catch (Exception){Console.WriteLine("File IO Error!");}}//比对文件private static string CompareFile(string FileSRC, string FileDST){//int Counter = 0;string lineA;string lineB;string lineC = "";if (!File.Exists(FileSRC) || !File.Exists(FileDST)){return "Files don't exist! Comparation failed!";}else{try{StreamReader fileA = new StreamReader(FileSRC, Encoding.GetEncoding("GB2312"));StreamReader fileB = new StreamReader(FileDST, Encoding.GetEncoding("GB2312"));lineB = fileB.ReadToEnd();while ((lineA = fileA.ReadLine()) != null){if (!lineB.Contains(lineA.Trim())){lineC += lineA + Environment.NewLine;}//Counter++;//计数}fileA.Close();//关闭文件读取流fileB.Close();//关闭文件读取流}catch (Exception){Console.WriteLine("File IO error!");}return lineC;}}//删除临时文件private static void DeleteFile(){//File.Delete("操作允许.txt");//中文简体环境//File.Delete("操作阻止.txt");//中文简体环境File.Delete("ActionPERMIT.txt");//英文环境File.Delete("ActionBLOCK.txt");//英文环境File.Delete("MonitorPermitTemplate.txt");//删除根据监控模板生成的PERMIT对比文件File.Delete("MonitorBlockTemplate.txt");//删除根据监控模板生成的BLOCK对比文件}//数据类public class Data{public string time;public string result;public string status;public string JobID;public void Print_data(){Console.WriteLine("{\"result\":\"" + result + "\",\"status\":\"" + status + "\",\"time\":\"" + time + "\",\"id\":\"" + JobID + "\",\"info\":\"\"}");}}//主函数static void Main(string[] args){string Current_Path = AppDomain.CurrentDomain.BaseDirectory;//一次赋值使用的全局变量,用于接收命令行字符串string cmd;try{//*****帮助*****if (args[0] == "-h" || args[0] == "--help"){GreenPrint("Usage:");GreenPrint("Use WindowsIPSecMonitor.exe --Backup to backup current localmachine's IPSec");GreenPrint("Use WindowsIPSecMonitor.exe --GCLMT to generate current localmachine's IPSec monitor tempalte");GreenPrint("Use WindowsIPSecMonitor.exe --Investigate --idle [MonitorTemplateFileName] to see the IPSec comparation result");GreenPrint("Use WindowsIPSecMonitor.exe [JobID] [Server] [MonitorTemplateFileName] to see the monitor result");Environment.Exit(0);}//备份IPSecif (args[0] == "--Backup"){string time = DateTime.Now.ToString("yyyy-MM-dd#HH.mm.ss");cmd = "netsh ipsec static exportpolicy file=" + time;Execute(cmd, 1);YellowWarn("IPSec has been backed up as " + time + ".ipsec!");Environment.Exit(0);}//生成当前机器用作监控的模板if (args[0] == "--GCLMT"){//生成用作对比的当前机器模板GenCurrentLocalTemplates();//cmd = "(echo PERMIT&type 操作允许.txt&echo BLOCK&type 操作阻止.txt)>NewlyGeneratedTempalteForMonitor.txt";//简体中文环境cmd = "(echo PERMIT&type ActionPERMIT.txt&echo BLOCK&type ActionBLOCK.txt)>NewlyGeneratedTempalteForMonitor.txt";//英文环境Execute(cmd, 1);YellowWarn("Template generated! Filename is NewlyGeneratedTempalteForMonitor.txt.");//File.Delete("操作允许.txt");//简体中文环境//File.Delete("操作阻止.txt");//简体中文环境File.Delete("ActionPERMIT.txt");//英文环境File.Delete("ActionBLOCK.txt");//英文环境Environment.Exit(0);}}catch (Exception){RedError("Parameter error! Use -h or --help for help");Environment.Exit(0);}//实例化类Data D = new Data();D.status = "2";D.result = "IPSec is fine!";D.time = DateTime.Now.ToString("yyyy-MM-dd HH:mm:ss");try{D.JobID = args[0];}catch (Exception){RedError("Parameter error! Use -h or --help for help");Environment.Exit(0);}//检查IPSec是否开启cmd = "netsh ipsec static show policy all";bool NotAssigned1 = Execute(cmd, 1).Contains("Assigned : NO");bool NotAssigned2 = Execute(cmd, 1).Contains("已分配 : 否");if (NotAssigned1 || NotAssigned2){D.status = "4";D.result = "Policy is not assigned!";D.Print_data();Environment.Exit(0);}//生成用作对比的当前机器模板GenCurrentLocalTemplates();try{//处理生成监控模板对比文件,使用命令行参数做文件名GenMonitorTemplates(Current_Path + args[2]);//比对文件//string result1 = CompareFile("MonitorPermitTemplate.txt", "操作允许.txt");//中文简体环境//string result2 = CompareFile("操作允许.txt", "MonitorPermitTemplate.txt");//中文简体环境//string result3 = CompareFile("MonitorBlockTemplate.txt", "操作阻止.txt");//中文简体环境//string result4 = CompareFile("操作阻止.txt", "MonitorBlockTemplate.txt");//中文简体环境string result1 = CompareFile("MonitorPermitTemplate.txt", "ActionPERMIT.txt");//英文环境string result2 = CompareFile("ActionPERMIT.txt", "MonitorPermitTemplate.txt");//英文环境string result3 = CompareFile("MonitorBlockTemplate.txt", "ActionBLOCK.txt");//英文环境string result4 = CompareFile("ActionBLOCK.txt", "MonitorBlockTemplate.txt");//英文环境//显示调试信息if (args[0] == "--Investigate"){YellowWarn("LocalPermit lacks the following line(s):");Console.WriteLine(result1);YellowWarn("MonitorPermit lacks the fowllowing line(s):");Console.WriteLine(result2);YellowWarn("LocalBlock lakcs the following line(s):");Console.WriteLine(result3);YellowWarn("MonitorBlock lacks the following line(s):");Console.WriteLine(result4);DeleteFile();}else{if (result1 != "" || result2 != "" || result3 != "" || result4 != ""){D.status = "4";D.result = "IPSec error!";D.Print_data();DeleteFile();Environment.Exit(0);}//如果没有错误则输出正确结果D.Print_data();DeleteFile();Environment.Exit(0);}}catch (Exception){RedError("Error! No filename parameter provided!");DeleteFile();}}}}
C# Windows IPSEC监控(仅此一家,别无分店)的更多相关文章
- paip.windows io监控总结
paip.windows io监控总结 io的主要参数是个.disk queue length 作者Attilax 艾龙, EMAIL:1466519819@qq.com 来源:attilax的专 ...
- Windows 回调监控 <二>
在之前的文章Windows 回调监控 <一> 总结了关于CreateProcessNotify,CreateProcessNotifyEx和LoadImageNotify一些用法,之后产生 ...
- windows 进程监控 Procmon.exe
windows 进程监控 Procmon.exe window下一个程序打开太慢,可以用此程序监控.在哪一步慢了,读取文件还是注册表. ProcessMonitor3.2 Process Monito ...
- Windows性能计数器监控实践
Windows性能计数器(Performance Counter)是Windows提供的一种系统功能,它能实时采集.分析系统内的应用程序.服务.驱动程序等的性能数据,以此来分析系统的瓶颈.监控组件的表 ...
- python对 windows系统监控插件
在python编程的windows系统监控中,需要监控监控硬件信息需要两个模块:WMI 和 pypiwin32 .
- Windows - 性能监控之磁盘剩余空间大小警报
开始 -> 运行 -> 键入命令 perfmon.msc 数据收集器(Data Collector Sets) -> 用户自定义(User Defined)
- Windows zabbix监控远程进程实现机制
最近负责zabbix监控部署方面的工作,需要完成本地服务端监控远程虚拟机的运行状态(CPU.打开的进程等),与大家分享下我的实现方法. (1) 首先,需要实现记录zabbix客户端的进程的批处理:za ...
- Windows 回调监控 <一>
在x86的体系结构中,我们常用hook关键的系统调用来达到对系统的监控,但是对于x64的结构,因为有PatchGuard的存在,对于一些系统关键点进行hook是很不稳定的,在很大几率上会导致蓝屏的发生 ...
- 探索Windows Azure 监控和自动伸缩系列2 - 获取虚拟机的监控定义和监控数据
上一篇博文介绍了如何连接Windows Azure: http://www.cnblogs.com/teld/p/5113063.html 本篇我们继续上次的示例代码,获取虚拟机的监控定义和监控数据. ...
随机推荐
- ACM-选人问题(救济金发放)
n(n<20)个人站成一圈,逆时针编号为1-n.有两个官员,A从1开始逆时针数,B从n开 始顺时针数.在每一轮中,官员A数k个就停下来,官员B数m个就停下来(注意有可能两个 官员停在同一个人上) ...
- 浅谈线程runnable和callable的使用及区别
线程使用比较广泛,但实际上一般项目很少用上线程,线程常用于优化复杂的程序执行流程,把一些与业务关系关系不大但是必须要执行的流程使用线程的方式让子线程去执行,主流程只返回跟业务有关的信息 runnabl ...
- vue中使用transition标签底部导航闪烁问题
<transition :name="transitionName" :duration="{ enter: 500, leave: 0 }" > ...
- java集合的实现细节--ArrayList和LinkedList
ArrayList和LinkedList的实现差异 List代表一种线性表的数据结构,ArrayList则是一种顺序存储的线性表,ArrayList底层采用动态数组的形式保存每一个集合元素,Link ...
- c# 线程的生命周期
对于线程而言有两种类型:前台线程,后台线程.前台与后台线程性质相同,但终止条件不同. 后台线程:在运行过程中如果宿主进程结束,线程将直接终止执行:在强制终止时,线程即终止执行不论线程代码是否执行完毕. ...
- idea中查看java类继承图
复习java io,看了书里的这张图,太模糊了,想弄个出来放大看,一开始试了idea发现只能看父类,后来折腾了一会试了其他工具才发现还是idea好用. :) 一.打开type hierachy 光标放 ...
- mongodb副本集修改配置问题
因虚拟机地址被占用,需要重新设置ip地址,这时需要修改副本集中的IP地址配置: 1: 查看配置rs.config():需要找到primary主机,在该主节点服务器上才有权限修改配置 2:rs.remo ...
- 详谈Oracle12c新特点容器数据库&可插拔数据库(CDB&PDB)
一般信息 数据字典 CDB_FILE$ DBA_PDBS PDB$SEED CDB_LOCAL_ADMINAUTH$ DBA_PDB_HISTORY PDB_HISTORY$ CDB_PDB_SAVE ...
- python操作文件(增、删、改、查)
内容 global log 127.0.0.1 local2 daemon maxconn 256 log 127.0.0.1 local2 info defaults log global mode ...
- excel 单元格0 不显示的最佳方法
excel单元格设自定义格式, 条件:可以单元格内容判断后再设置格式.条件格式化只限于使用三个条件,其中两个条件是明确的,另个是“所有的其他”.条件要放到方括号中.必须进行简单的比较.例如这个条件:单 ...