def reset(self):
# Reset everything except:
#
# - The install language
# - The keyboard
self.instClass = None
self.network = network.Network()
self.firewall = firewall.Firewall()
self.security = security.Security()
self.timezone = timezone.Timezone()
self.timezone.setTimezoneInfo(
self.instLanguage.getDefaultTimeZone(self.anaconda.rootPath))
self.users = None
self.rootPassword = {"isCrypted": False, "password": "", "lock": False}
self.auth = "--enableshadow --passalgo=sha512"
self.desktop = desktop.Desktop()
self.upgrade = None
if flags.cmdline.has_key("preupgrade"):
self.upgrade = True
self.storage = storage.Storage(self.anaconda)
self.bootloader = booty.getBootloader(self)
self.upgradeRoot = None
self.rootParts = None
self.upgradeSwapInfo = None
self.escrowCertificates = {}
if self.anaconda.isKickstart:
self.firstboot = FIRSTBOOT_SKIP
else:
self.firstboot = FIRSTBOOT_DEFAULT
# XXX I still expect this to die when kickstart is the data store.
self.ksdata = None
def reset(self):
# Reset everything except:
#
# - The mouse
# - The install language
# - The keyboard
self.langSupport = language.Language()
self.instClass = None
self.network = network.Network()
self.firewall = firewall.Firewall()
self.security = security.Security()
self.timezone = timezone.Timezone()
self.accounts = users.Accounts()
self.rootPassword = users.RootPassword()
self.auth = users.Authentication()
self.desktop = desktop.Desktop()
self.grpset = None
self.upgrade = Boolean()
# XXX move fsset and/or diskset into Partitions object?
self.fsset.reset()
self.diskset = partedUtils.DiskSet()
self.partitions = partitions.Partitions()
self.bootloader = bootloader.getBootloader()
self.dependencies = []
self.handleDeps = CHECK_DEPS
self.dbpath = None
self.upgradeRoot = None
self.rootParts = None
self.upgradeSwapInfo = None
self.upgradeDeps = ""
self.upgradeRemove = []
self.upgradeInfoFound = None
self.configFileData = self.tmpData
self.firstboot = FIRSTBOOT_DEFAULT
def testFirewall(self):
fw = firewall.Firewall('firewallRules.csv')
#common cases
self.assertTrue(fw.accept_packet("inbound", "tcp", 80, "192.168.1.2"))
self.assertTrue(
not fw.accept_packet("inbound", "tcp", 8, "192.168.1.2"))
self.assertTrue(
fw.accept_packet("outbound", "udp", 12, "192.192.19.192"))
self.assertTrue(
fw.accept_packet("outbound", "tcp", 13054, "192.168.10.11"))
self.assertTrue(
not fw.accept_packet("outbound", "tcp", 13, "192.192.192.192"))
#testing for wrongly ordered set of parameters
self.assertTrue(
not fw.accept_packet("tcp", "inbound", 81, "192.168.1.2"))
#test for invalid port value
self.assertTrue(
not fw.accept_packet("inbound", "tcp", -80, "192.168.1.2"))
self.assertTrue(
not fw.accept_packet("outbound", "udp", 0, "192.192.19.192"))
#test for invalid ip address
self.assertTrue(
not fw.accept_packet("outbound", "udp", 1354, "52.12.256.92"))
self.assertTrue(
not fw.accept_packet("outbound", "udp", 1354, "52.12.256"))
def test_rules2(self):
fw = firewall.Firewall("rules2.csv")
self.assertEqual(fw.accept_packet("inbound", "tcp", 80, "192.168.1.2"),
True)
self.assertEqual(fw.accept_packet("inbound", "udp", 53, "192.168.2.1"),
False)
self.assertEqual(
fw.accept_packet("outbound", "tcp", 10234, "192.168.10.11"), False)
self.assertEqual(fw.accept_packet("inbound", "tcp", 81, "192.168.1.2"),
True)
self.assertEqual(fw.accept_packet("inbound", "udp", 24, "52.12.48.92"),
False)
def test_rules3(self):
fw = firewall.Firewall("rules3.csv")
self.assertEqual(
fw.accept_packet("inbound", "tcp", 0, "192.168.1.2"), True)
self.assertEqual(
fw.accept_packet("inbound", "udp", 53, "192.168.2.1"), False)
self.assertEqual(
fw.accept_packet("outbound", "tcp", 10234, "192.168.10.11"),
False)
self.assertEqual(
fw.accept_packet("inbound", "tcp", 81, "192.168.1.2"), False)
self.assertEqual(
fw.accept_packet("inbound", "udp", 24, "52.12.48.92"), False)
def main():
args = parse_args()
logging.basicConfig(
level=args.loglevel,
format='%(name)s [%(process)d] %(levelname)s %(message)s')
if args.loglevel and not args.debug_requests:
logging.getLogger('requests').setLevel(logging.WARN)
LOG.info('Starting up')
LOG.info('Kubernetes is %s', args.kube_endpoint)
LOG.info('Etcd is %s', args.etcd_endpoint)
LOG.info('Managing interface %s', args.interface)
if args.no_driver:
iface_driver = None
fw_driver = None
else:
iface_driver = interface.Interface(args.interface)
fw_driver = firewall.Firewall(fwchain=args.fwchain, fwmark=args.fwmark)
mgr = manager.Manager(etcd_endpoint=args.etcd_endpoint,
kube_endpoint=args.kube_endpoint,
etcd_prefix=args.etcd_prefix,
iface_driver=iface_driver,
fw_driver=fw_driver,
cidr_ranges=args.cidr_range,
refresh_interval=args.refresh_interval,
id=args.agent_id)
LOG.info('My id is: %s', mgr.id)
mgr.run()
def test_part_one(self):
"Test part one example of Firewall object"
# 1. Create Firewall object from text
myobj = firewall.Firewall(text=aoc_20.from_text(PART_ONE_TEXT))
# 2. Check the part one result
self.assertEqual(myobj.part_one(verbose=False), PART_ONE_RESULT)
def setUp(self):
config = {
'mode': 'firewall',
'rule': 'rules.conf',
}
iface_int = MockInterface()
iface_ext = MockInterface()
self.firewall = firewall.Firewall(config, iface_int, iface_ext)
def test_firewall_rules():
firewall_obj = firewall.Firewall("tests/test1.csv")
#pdb.set_trace()
assert firewall_obj.rules == [
'inbound,tcp,80,192.168.1.2\r\n',
'outbound,tcp,10000-20000,192.168.10.11\r\n',
'inbound,udp,53,192.168.1.1-192.168.2.5\r\n',
'outbound,udp,1000-2000,52.12.48.92'
]
def test_part_two(self):
"Test part two example of Firewall object"
# 1. Create Firewall object from text
myobj = firewall.Firewall(part2=True,
text=aoc_20.from_text(PART_TWO_TEXT))
# 2. Check the part two result
self.assertEqual(myobj.part_two(verbose=False), PART_TWO_RESULT)
def __init__(self,
config,
rawprompt='',
stdin=sys.stdin,
stdout=sys.stdout):
# super(CommandPrompt, self).__init__()
CommandPrompt.__init__(self, config, rawprompt="lvsm(live)# ")
self.modules = ['director', 'firewall', 'nat', 'virtual', 'real']
self.protocols = ['tcp', 'udp', 'fwm']
self.firewall = firewall.Firewall(self.config['iptables'])
def __init__(self,
config,
rawprompt='',
stdin=sys.stdin,
stdout=sys.stdout):
# super(CommandPrompt, self).__init__()
CommandPrompt.__init__(self,
config,
rawprompt="lvsm(live)(firewall)# ")
self.firewall = firewall.Firewall(self.config['iptables'])
def test_empty_init(self):
"Test the default Firewall creation"
# 1. Create default Firewall object
myobj = firewall.Firewall()
# 2. Make sure it has the default values
self.assertEqual(myobj.part2, False)
self.assertEqual(myobj.text, None)
self.assertEqual(len(myobj.ranges), 0)
def test_empty_init(self):
"""Test default Firewall creation"""
# 1. Create default Pipes object
myfw = firewall.Firewall()
# 2. Make sure it has the default values
self.assertEqual(myfw.part2, False)
self.assertEqual(myfw.levels, {})
self.assertEqual(myfw.picosecond, 0)
self.assertEqual(myfw.final, 0)
def __init__(self, config, rawprompt='', stdin=sys.stdin, stdout=sys.stdout):
# Change the word delimiters so that - or . don't cause a new match
try:
import readline
readline.set_completer_delims(' ')
except ImportError:
pass
# super(CommandPrompt, self).__init__()
CommandPrompt.__init__(self, config, rawprompt="lvsm(live)(virtual)# ")
self.modules = ['director', 'firewall', 'nat', 'virtual', 'real']
self.protocols = ['tcp', 'udp', 'fwm']
self.firewall = firewall.Firewall(self.config['iptables'])
def __init__(self):
import desktop, dispatch, firewall, security
import system_config_keyboard.keyboard as keyboard
from flags import flags
self._backend = None
self._bootloader = None
self.canReIPL = False
self.desktop = desktop.Desktop()
self.dir = None
self.dispatch = dispatch.Dispatcher(self)
self.displayMode = None
self.extraModules = []
self.firewall = firewall.Firewall()
self.id = None
self._instClass = None
self._instLanguage = None
self._intf = None
self.isHeadless = False
self.keyboard = keyboard.Keyboard()
self.ksdata = None
self.mediaDevice = None
self.methodstr = None
self._network = None
self.opts = None
self._platform = None
self.proxy = None
self.proxyUsername = None
self.proxyPassword = None
self.reIPLMessage = None
self.rescue = False
self.rescue_mount = True
self.rootParts = None
self.rootPath = "/mnt/sysimage"
self.security = security.Security()
self.simpleFilter = not iutil.isS390()
self.stage2 = None
self._storage = None
self._timezone = None
self.updateSrc = None
self.upgrade = flags.cmdline.has_key("preupgrade")
self.upgradeRoot = None
self.upgradeSwapInfo = None
self._users = None
self.mehConfig = None
self.clearPartTypeSelection = None # User's GUI selection
self.clearPartTypeSystem = None # System's selection
# *sigh* we still need to be able to write this out
self.xdriver = None
def test_part_two_mod(self):
"""Test the part two example with modulo"""
# 1. Create default Pipes object
myfw = firewall.Firewall(part2=True, text=aoc_13.from_text(EXAMPLE_TEXT))
# 2. Make sure it has the specified values
self.assertEqual(myfw.part2, True)
self.assertEqual(len(myfw.levels), 4)
self.assertEqual(myfw.picosecond, 0)
self.assertEqual(myfw.final, 6)
# 3. Test the trip methos
self.assertEqual(myfw.part_two_mod(verbose=False, limit=20), 10)
def test_part_one(self):
"""Test the part one example"""
# 1. Create default Pipes object
myfw = firewall.Firewall(text=aoc_13.from_text(EXAMPLE_TEXT))
# 2. Make sure it has the specified values
self.assertEqual(myfw.part2, False)
self.assertEqual(len(myfw.levels), 4)
self.assertEqual(myfw.picosecond, 0)
self.assertEqual(myfw.final, 6)
# 3. Test the trip methos
self.assertEqual(myfw.trip(verbose=False), 24)
def part_two(args, input_lines):
"Process part two of the puzzle"
# 1. Create the puzzle solver
solver = firewall.Firewall(part2=True, text=input_lines)
# 2. Determine the solution for part two
solution = solver.part_two(verbose=args.verbose, limit=args.limit)
if solution is None:
print("There is no solution")
else:
print("The solution for part two is %s" % (solution))
# 3. Return result
return solution is not None
def testBasicFunctionality(self):
firewall = fw.Firewall(testFileName)
self.assertTrue(
firewall.accept_packet("inbound", "tcp", 80, "192.168.1.2"))
self.assertTrue(
not firewall.accept_packet("inbound", "tcp", 81, "192.168.1.2"))
self.assertTrue(
not firewall.accept_packet("inbound", "tcp", 80, "192.168.1.3"))
self.assertTrue(
firewall.accept_packet("outbound", "udp", 13, "192.192.192.192"))
self.assertTrue(
firewall.accept_packet("outbound", "udp", 12, "192.192.192.192"))
self.assertTrue(not firewall.accept_packet("outbound", "udp", 13,
"192.192.192.194"))
self.assertTrue(not firewall.accept_packet("outbound", "tcp", 13,
"192.192.192.192"))
def test_cases(self):
fw = firewall.Firewall("firewall_data.csv")
self.assertTrue(fw.accept_packet("inbound", "udp", 53, "192.168.2.1"))
self.assertTrue(fw.accept_packet("outbound", "tcp", 10234, "192.168.10.11"))
self.assertTrue(fw.accept_packet("inbound", "udp", 1001, "1.1.1.1"))
self.assertTrue(fw.accept_packet("outbound", "tcp", 70, "78.32.170.4"))
self.assertTrue(fw.accept_packet("inbound", "tcp", 68, "10.0.0.8"))
self.assertFalse(fw.accept_packet("inbound", "tcp", 81, "192.168.1.2"))
self.assertFalse(fw.accept_packet("inbound", "udp", 24, "52.12.48.92"))
self.assertFalse(fw.accept_packet("inbound", "udp", 1001, "255.255.255.255"))
self.assertFalse(fw.accept_packet("outbound", "tcp", 71, "78.32.170.4"))
self.assertFalse(fw.accept_packet("inbound", "udp", 68, "10.0.0.8"))
self.assertFalse(fw.accept_packet("inbound", "udp", 53, "192.168.1.0"))
def test_text_init(self):
"Test the Firewall object creation from text"
# 1. Create Firewall object from text
myobj = firewall.Firewall(text=aoc_20.from_text(EXAMPLE_TEXT))
# 2. Make sure it has the expected values
self.assertEqual(myobj.part2, False)
self.assertEqual(len(myobj.text), 3)
self.assertEqual(len(myobj.ranges), 3)
self.assertEqual(myobj.ranges[0][0], 0)
self.assertEqual(myobj.ranges[0][1], 2)
self.assertEqual(myobj.ranges[1][0], 4)
self.assertEqual(myobj.ranges[1][1], 7)
# 3. Check methods
self.assertEqual(myobj.lowest(), 3)
self.assertEqual(myobj.count(9), 2)
def test_text_init(self):
"""Test firewall creation from text"""
# 1. Create default Pipes object
myfw = firewall.Firewall(text=aoc_13.from_text(EXAMPLE_TEXT))
# 2. Make sure it has the specified values
self.assertEqual(myfw.part2, False)
self.assertEqual(len(myfw.levels), 4)
self.assertEqual(myfw.picosecond, 0)
self.assertEqual(myfw.final, 6)
self.assertEqual(myfw.levels[0].level, 0)
self.assertEqual(myfw.levels[0].depth, 3)
self.assertEqual(myfw.levels[0].position, 0)
self.assertEqual(myfw.levels[0].direction, 1)
self.assertEqual(myfw.levels[1].depth, 2)
self.assertEqual(myfw.levels[4].depth, 4)
self.assertEqual(myfw.levels[6].depth, 4)
# 3. Test advance method
myfw.advance()
self.assertEqual(myfw.levels[0].position, 1)
self.assertEqual(myfw.levels[1].position, 1)
self.assertEqual(myfw.levels[4].position, 1)
self.assertEqual(myfw.levels[6].position, 1)
self.assertEqual(myfw.picosecond, 1)
myfw.advance()
self.assertEqual(myfw.levels[0].position, 2)
self.assertEqual(myfw.levels[1].position, 0)
self.assertEqual(myfw.levels[4].position, 2)
self.assertEqual(myfw.levels[6].position, 2)
self.assertEqual(myfw.picosecond, 2)
myfw.advance()
self.assertEqual(myfw.levels[0].position, 1)
self.assertEqual(myfw.levels[1].position, 1)
self.assertEqual(myfw.levels[4].position, 3)
self.assertEqual(myfw.levels[6].position, 3)
self.assertEqual(myfw.picosecond, 3)
def test_simple():
# inbound,tcp,80,192.168.1.2
f = firewall.Firewall("inputs/test_simple.csv")
assert f.accept_packet("inbound", "tcp", "80", "192.168.1.2")
assert not f.accept_packet("inbound", "tcp", "81", "192.168.1.2")
# inbound,udp,53,192.168.1.1-192.168.2.5
assert f.accept_packet('inbound', 'udp', '53', '192.168.1.1')
assert f.accept_packet('inbound', 'udp', '53', '192.168.1.3')
# Edge case test
assert f.accept_packet('inbound', 'udp', '53', '192.168.2.5')
assert not f.accept_packet('outbound', 'udp', '53', '192.168.2.5')
assert not f.accept_packet('outbound', 'tcp', '53', '192.168.2.5')
# outbound,tcp,10000-20000,192.168.10.11
# Testing port range
assert f.accept_packet('outbound', 'tcp', '10000', '192.168.10.11')
assert f.accept_packet('outbound', 'tcp', '20000', '192.168.10.11')
assert not f.accept_packet('outbound', 'tcp', '90000', '192.168.10.11')
def reset(self):
# Reset everything except:
#
# - The mouse
# - The install language
# - The keyboard
self.instClass = None
self.network = network.Network()
self.iscsi = iscsi.iscsi()
self.zfcp = zfcp.ZFCP()
self.firewall = firewall.Firewall()
self.security = security.Security()
self.timezone = timezone.Timezone()
self.users = None
self.rootPassword = {"isCrypted": False, "password": ""}
self.auth = "--enableshadow --enablemd5"
self.desktop = desktop.Desktop()
self.upgrade = None
# XXX move fsset and/or diskset into Partitions object?
self.fsset.reset()
self.diskset = partedUtils.DiskSet(self.anaconda)
self.partitions = partitions.Partitions()
self.bootloader = bootloader.getBootloader()
self.dependencies = []
self.dbpath = None
self.upgradeRoot = None
self.rootParts = None
self.upgradeSwapInfo = None
self.upgradeDeps = ""
self.upgradeRemove = []
self.upgradeInfoFound = None
if rhpl.getArch() == "s390":
self.firstboot = FIRSTBOOT_SKIP
else:
self.firstboot = FIRSTBOOT_DEFAULT
# XXX I expect this to die in the future when we have a single data
# class and translate ksdata into that instead.
self.ksdata = None
def test_accept_packet():
firewall_obj = firewall.Firewall("tests/test1.csv")
#pdb.set_trace()
assert firewall_obj.accept_packet("inbound", "tcp", 80,
"192.168.1.2") == True
assert firewall_obj.accept_packet("inbound", "tcp", 80,
"192.168.1.3") == False
assert firewall_obj.accept_packet("inbound", "udp", 53,
"192.168.2.0") == True
assert firewall_obj.accept_packet("inbound", "udp", 53,
"192.168.2.7") == False
assert firewall_obj.accept_packet("outbound", "tcp", 11000,
"192.168.10.11") == True
assert firewall_obj.accept_packet("outbound", "tcp", 8000,
"192.168.10.11") == False
assert firewall_obj.accept_packet("outbound", "udp", 1500,
"52.12.48.92") == True
assert firewall_obj.accept_packet("outbound", "udp", 2001,
"52.12.48.92") == False
# Checking on bounds
assert firewall_obj.accept_packet("inbound", "udp", 80,
"192.168.1.2") == False
assert firewall_obj.accept_packet("inbound", "tcp", 53,
"192.168.2.0") == False
assert firewall_obj.accept_packet("outbound", "tcp", 10000,
"192.168.10.11") == True
assert firewall_obj.accept_packet("outbound", "tcp", 20000,
"192.168.10.11") == True
assert firewall_obj.accept_packet("outbound", "udp", 1000,
"52.12.48.92") == True
assert firewall_obj.accept_packet("outbound", "udp", 2000,
"52.12.48.92") == True
def refresh_devices(self,
devices=(),
only_connected=False,
expand_vsys=True,
include_device_groups=True,
add=False,
running_config=False):
"""Refresh device groups and devices using config and operational commands
Uses operational command in addition to configuration to gather as much information
as possible about Panorama connected devices. The operational commands used are
'show devices all/connected' and 'show devicegroups'.
Information gathered about each device includes:
- management IP address (can be different from hostname)
- serial
- version
- high availability peer releationships
- panorama connection status
- device-group sync status
Args:
devices (list): Limit refresh to these serial numbers
only_connected (bool): Ignore devices that are not 'connected' to Panorama (Default: False)
expand_vsys (bool): Instantiate a Firewall object for every Vsys (Default: True)
include_device_groups (bool): Instantiate :class:`pandevice.panorama.DeviceGroup` objects with Firewall
objects added to them.
add (bool): Add the new tree of instantiated DeviceGroup and Firewall objects to the Panorama config tree.
Warning: This removes all current DeviceGroup and Firewall objects from the configuration tree, and all
their children, so it is typically done before building a configuration tree. (Default: False)
running_config (bool): Refresh devices from the running configuration (Default: False)
Returns:
list: If 'include_device_groups' is True, returns a list containing new DeviceGroup instances which
contain new Firewall instances. Any Firewall that is not in a device-group is in the list with the
DeviceGroup instances.
If 'include_device_groups' is False, returns a list containing new Firewall instances.
"""
logger.debug(self.hostname + ": refresh_devices called")
try:
# Test if devices is iterable
test_iterable = iter(devices)
except TypeError:
# This probably means a single device was passed in, not an iterable.
# Convert to an iterable with a single item.
devices = (devices, )
# Remove None from list of devices
devices = [x for x in devices if x is not None]
# Get the list of managed devices
if only_connected:
cmd = "show devices connected"
else:
cmd = "show devices all"
devices_xml = self.op(cmd)
devices_xml = devices_xml.find("result/devices")
# Filter to only requested devices
if devices:
filtered_devices_xml = ET.Element("devices")
for serial, vsys in [(d.serial, d.vsys) for d in devices]:
if serial is None:
continue
entry = devices_xml.find("entry[@name='%s']" % serial)
if entry is None:
raise err.PanDeviceError(
"Can't find device with serial %s attached to Panorama at %s"
% (serial, self.hostname))
multi_vsys = yesno(entry.findtext("multi-vsys"))
# Create entry if needed
if filtered_devices_xml.find(
"entry[@name='%s']" % serial) is None:
entry_copy = deepcopy(entry)
# If multivsys firewall with vsys defined, erase all vsys in filtered
if multi_vsys and vsys != "shared" and vsys is not None:
entry_copy.remove(entry_copy.find("vsys"))
ET.SubElement(entry_copy, "vsys")
filtered_devices_xml.append(entry_copy)
# Get specific vsys
if vsys != "shared" and vsys is not None:
vsys_entry = entry.find("vsys/entry[@name='%s']" % vsys)
if vsys_entry is None:
raise err.PanDeviceError(
"Can't find device with serial %s and"
" vsys %s attached to Panorama at %s" %
(serial, vsys, self.hostname))
vsys_section = filtered_devices_xml.find(
"entry[@name='%s']/vsys" % serial)
vsys_section.append(vsys_entry)
devices_xml = filtered_devices_xml
# Manipulate devices_xml so each vsys is a separate device
if expand_vsys:
original_devices_xml = deepcopy(devices_xml)
devices_xml = ET.Element("devices")
for entry in original_devices_xml:
serial = entry.findtext("serial")
for vsys_entry in entry.findall("vsys/entry"):
new_vsys_device = deepcopy(entry)
new_vsys_device.set("name", serial)
ET.SubElement(new_vsys_device,
"vsysid").text = vsys_entry.get("name")
ET.SubElement(
new_vsys_device,
"vsysname").text = vsys_entry.findtext("display-name")
devices_xml.append(new_vsys_device)
# Create firewall instances
firewall_instances = firewall.Firewall.refreshall_from_xml(
devices_xml, refresh_children=not expand_vsys)
if not include_device_groups:
if add:
self.removeall(firewall.Firewall)
self.extend(firewall_instances)
return firewall_instances
# Create device-groups
# Get the list of device groups from configuration XML
api_action = self.xapi.show if running_config else self.xapi.get
devicegroup_configxml = api_action(
"/config/devices/entry[@name='localhost.localdomain']/device-group"
)
devicegroup_configxml = devicegroup_configxml.find(
"result/device-group")
# Get the list of device groups from operational commands
devicegroup_opxml = self.op("show devicegroups")
devicegroup_opxml = devicegroup_opxml.find("result/devicegroups")
# Combine the config XML and operational command XML to get a complete picture
# of the device groups
pandevice.xml_combine(devicegroup_opxml, devicegroup_configxml)
devicegroup_instances = DeviceGroup.refreshall_from_xml(
devicegroup_opxml, refresh_children=False)
for dg in devicegroup_instances:
dg_serials = [
entry.get("name") for entry in devicegroup_opxml.findall(
"entry[@name='%s']/devices/entry" % dg.name)
]
# Find firewall with each serial
for dg_serial in dg_serials:
all_dg_vsys = [
entry.get("name") for entry in devicegroup_opxml.findall(
"entry[@name='%s']/devices/entry[@name='%s']/vsys/entry"
% (dg.name, dg_serial))
]
# Collect the firewall serial entry to get current status information
fw_entry = devicegroup_opxml.find(
"entry[@name='%s']/devices/entry[@name='%s']" %
(dg.name, dg_serial))
if not all_dg_vsys:
# This is a single-context firewall, assume vsys1
all_dg_vsys = ["vsys1"]
for dg_vsys in all_dg_vsys:
fw = next((x for x in firewall_instances
if x.serial == dg_serial and x.vsys == dg_vsys),
None)
if fw is None:
# It's possible for device-groups to reference a serial/vsys that doesn't exist
# In this case, create the FW instance
if not only_connected:
fw = firewall.Firewall(serial=dg_serial,
vsys=dg_vsys)
dg.add(fw)
else:
# Move the firewall to the device-group
dg.add(fw)
firewall_instances.remove(fw)
fw.state.connected = yesno(
fw_entry.findtext("connected"))
fw.state.unsupported_version = yesno(
fw_entry.findtext("unsupported-version"))
fw.state.set_shared_policy_synced(
fw_entry.findtext("shared-policy-status"))
if add:
for dg in devicegroup_instances:
found_dg = self.find(dg.name, DeviceGroup)
if found_dg is not None:
# Move the firewalls to the existing devicegroup
found_dg.removeall(firewall.Firewall)
found_dg.extend(dg.children)
else:
# Devicegroup doesn't exist, add it
self.add(dg)
# Add firewalls that are not in devicegroups
self.removeall(firewall.Firewall)
self.extend(firewall_instances)
return firewall_instances + devicegroup_instances
def run(self):
self.ksHandler = makeVersion()
if self.file:
self.parser = KickstartParser(self.ksHandler)
msg = None
try:
self.parser.readKickstart(self.file)
except (KickstartParseError, KickstartValueError) as e:
msg = _("The following error was found while parsing your "
"kickstart configuration:\n\n%s" % e)
except KickstartError:
msg = _(
"The kickstart file %s could not be opened.") % self.file
if msg:
dlg = gtk.MessageDialog(None, 0, gtk.MESSAGE_ERROR,
gtk.BUTTONS_OK, msg)
dlg.set_title(_("Error Parsing Kickstart Config"))
dlg.set_position(gtk.WIN_POS_CENTER_ON_PARENT)
dlg.set_modal(True)
dlg.run()
dlg.destroy()
sys.exit(0)
self.xml = xml
name_tag = (_("Kickstart"))
comment_tag = (_("Create a kickstart file"))
self.toplevel = xml.get_widget("main_window")
self.toplevel.connect("destroy", self.destroy)
self.toplevel.set_icon(iconPixbuf)
#bring in widgets from glade file
self.options_notebook = xml.get_widget("options_notebook")
self.install_radiobutton = xml.get_widget("install_radiobutton")
self.category_clist = xml.get_widget("category_clist")
self.open_menu = xml.get_widget("open_menu")
self.preview_menu = xml.get_widget("preview_menu")
self.save_menu = xml.get_widget("save_menu")
self.quit_menu = xml.get_widget("quit_menu")
self.about_menu = xml.get_widget("about_menu")
#populate category list
self.category_view = xml.get_widget("list_view")
self.category_store = gtk.ListStore(gobject.TYPE_STRING)
self.category_view.set_model(self.category_store)
col = gtk.TreeViewColumn(_("Subsection"),
gtk.CellRendererText(),
text=0)
col.set_sort_column_id(0)
self.category_view.append_column(col)
self.category_list = [(_("Basic Configuration")),
(_("Installation Method")),
(_("Boot Loader Options")),
(_("Partition Information")),
(_("Network Configuration")),
(_("Authentication")),
(_("Firewall Configuration")),
(_("Display Configuration")),
(_("Package Selection")),
(_("Pre-Installation Script")),
(_("Post-Installation Script"))]
for item in self.category_list:
iter = self.category_store.append()
self.category_store.set_value(iter, 0, item)
#bring in basic functions
self.basic_class = basic.basic(self, xml, self.options_notebook,
self.ksHandler)
# Now that we've loaded the UI elements for the first active thing in the notebook,
# draw it so we can display a progress bar when yum starts doing stuff.
self.toplevel.show()
while gtk.events_pending():
gtk.main_iteration()
self.bootloader_class = bootloader.bootloader(xml,
self.options_notebook,
self.ksHandler)
self.install_class = install.install(self, xml, self.category_store,
self.category_view,
self.options_notebook,
self.ksHandler)
self.partition_class = partition.partition(xml, self.ksHandler)
self.network_class = network.network(xml, self.ksHandler)
self.auth_class = auth.auth(xml, self.ksHandler)
self.firewall_class = firewall.Firewall(xml, self.ksHandler)
self.X_class = xconfig.xconfig(xml, self.ksHandler)
self.progress_window = progressWindow.ProgressWindow(self.toplevel)
self.packages_class = packages.Packages(xml, self.ksHandler,
self.progress_window)
self.scripts_class = scripts.scripts(xml, self.ksHandler)
self.open_menu.connect("activate", self.on_activate_open)
self.preview_menu.connect("activate", self.on_activate_preview_options)
self.save_menu.connect("activate", self.on_activate_save_options)
self.quit_menu.connect("activate", gtk.main_quit)
self.about_menu.connect("activate", self.on_about_activate)
self.category_view.connect("cursor_changed",
self.on_list_view_row_activated)
self.options_notebook.connect("switch-page", self.on_notebook_changed)
#show gui
self.applyKickstart()
self.toplevel.show()
gtk.main()
def setUp(self):
self.fw = firewall.Firewall()
import os
import time
import json
import shlex
import getpass
import firewall
from colorama import Fore, Style
from netfilterqueue import NetfilterQueue
global database_filename, total_packets, packet_accepted
f = firewall.Firewall()
#performing firewall action
def commit(
payload,
action,
):
global packet_accepted
if action == "ACCEPT":
print(Fore.GREEN + "RESULT :: PACKET ACCEPTED" + Style.RESET_ALL)
payload.accept()
packet_accepted += 1
else:
print(Fore.RED + "RESULT :: PACKET DROPPED" + Style.RESET_ALL)
payload.drop()
#callback for NFQUEUE
def main():
parser = argparse.ArgumentParser(description='ADD Attack Simulation.\
Blue team Agent.')
parser.add_argument('-B',
help='Run basic check. \
If want to run without any file, put N.',
type=str,
default=None)
parser.add_argument('-L',
help='Enable rsyslog. \
Put N for disable rsyslog',
type=str,
default=None,
choices=('Y', 'N'))
parser.add_argument('-C',
help='Change configuration file. \
If want to run without any file, put N.',
type=str,
default=None)
parser.add_argument('-S',
help='Input Snort Rule file.',
type=str,
default=None)
parser.add_argument('-I', help='Snort Interface.', type=str, default=None)
parser.add_argument('-M',
help='Input Monitoring file list.',
type=str,
default=None)
parser.add_argument('-T',
help='Start time of monitoring.',
type=int,
default=None)
parser.add_argument('-F',
help='ADD iptable rule file.',
type=str,
default=None)
args = parser.parse_args()
sd = static_defense.StaticDefense()
if args.B is not None:
if args.B == "N":
sd.basic_check()
else:
sd.basic_check(args.B)
if args.L == "Y":
sd.enable_log()
elif args.L == "N":
command = "sudo service rsyslog stop"
sd._cmd_run(command)
if args.C is not None:
if args.C == "N":
sd.change_file()
else:
sd.change_file(args.C)
sn = snort.Snort()
if (args.S is not None) and (args.I is not None):
if args.S != "N":
sn.add_snort_rule(args.S)
sn.snort_start(args.I)
mr = monitoring.Monitor()
if args.M is not None:
with open(args.M, 'r') as file:
data = json.load(file)
files = data["files"]
mr.file_hash(files)
if args.T is None:
t = int(time.time())
while (1):
mr.monitoring(files, t)
time.sleep(30)
else:
while (1):
mr.monitoring(files, args.T)
time.sleep(30)
fw = firewall.Firewall()
if args.F is not None:
if args.F != "N":
fw.add_firewall_rule(args.F)
else:
fw.add_firewall_rule()
