def __init__(self, cred, debug=False):
"""Initialize FirewallEngine."""
self.cred = cred
self.logger = logger.IemlAVLogger(__name__, debug)
# Parse and setup rules and actions
(self.ip_inbound,
self.action_inbound_IPRule) = self.parse_inbound_IPRule()
(self.ip_outbound,
self.action_outbound_IPRule) = self.parse_outbound_IPRule()
(self.protocols, self.action_protocolRule) = self.parse_protocolRule()
(self.sports,
self.action_source_portRule) = self.parse_source_portRule()
(self.dports, self.action_dest_portRule) = self.parse_dest_portRule()
(self.dns, self.action_DNSRule) = self.parse_DNSRule()
(self.extensions, self.action_scanLoad) = self.parse_scanLoad()
self.action_HTTPRequest = self.parse_HTTPRequest()
self.action_HTTPResponse = self.parse_HTTPResponse()
# Interface
self.interface = str(self.cred['interface'])
if self.interface == "":
self.interface = utils.get_interface()
# Setup PacketFilter object
self.packetFilterObj = PacketFilter(
interface=self.interface,
debug=debug,
ip_inbound=self.ip_inbound,
ip_outbound=self.ip_outbound,
protocols=self.protocols,
dns=self.dns,
dports=self.dports,
sports=self.sports,
extensions=self.extensions,
action_inbound_IPRule=self.action_inbound_IPRule,
action_outbound_IPRule=self.action_outbound_IPRule,
action_DNSRule=self.action_DNSRule,
action_source_portRule=self.action_source_portRule,
action_dest_portRule=self.action_dest_portRule,
action_HTTPResponse=self.action_HTTPResponse,
action_HTTPRequest=self.action_HTTPRequest,
action_protocolRule=self.action_protocolRule,
action_scanLoad=self.action_scanLoad)
# Setup Montior object
self.monitorObj = FirewallMonitor(interface=self.interface,
debug=debug)
# Integrations
self.integrations = ['Firewall', 'Monitor']
def get_credentials():
"""
Get credentials either through the saved configurations or
through interactive setup mode.
Args:
None
Raises:
None
Returns:
final_creds (dict): Collected credentials
"""
args = get_args()
if args.debug:
debug = True
else:
debug = False
final_creds = {"debug": debug}
# Create ArgsHelper object for collecting configurations
args_helper_obj = args_helper.ArgsHelper(args=args)
if int(platform.sys.version_info[0]) < 3: # if Python 2.X.X
config_decision = input("[!] Do you want to use the saved configuratons? (Y/y): ").strip(" ")
else:
config_decision = str(input("[!] Do you want to use the saved configuratons? (Y/y): ")).strip(" ")
if (config_decision.lower() == "Y" or
config_decision.lower() == "y"):
# Fetch credentials
creds = args_helper_obj.iemlav_conf.get_creds(args_helper_obj.args)
if creds.get("firewall"):
final_creds["firewall"] = creds["firewall"]
interface = final_creds["firewall"]["interface"]
if not interface or interface == "XXXX":
print("\n[!] Select network interface for Firewall")
interface = get_interface()
final_creds["firewall"]["interface"] = interface
if creds.get("ids"):
final_creds["ids"] = creds["ids"]
interface = final_creds["ids"]["interface"]
if not interface or interface == "XXXX":
print("\n[!] Select network interface for Intrusion Detection System")
interface = get_interface()
final_creds["ids"]["interface"] = interface
if creds.get("antivirus"):
final_creds["antivirus"] = creds["antivirus"]
else:
# Start interactive setup for Firewall
firewall = args_helper_obj.configureFirewall()
# Start interactive setup for IDS
ids = args_helper_obj.configureIDS()
# Start interactive setup for AntiVirus
antivirus = args_helper_obj.configureAntiVirus()
if firewall:
final_creds["firewall"] = firewall
interface = final_creds["firewall"]["interface"]
if not interface or interface == "XXXX":
print("\n[!] Select network interface for Firewall")
interface = get_interface()
final_creds["firewall"]["interface"] = interface
if ids:
final_creds["ids"] = ids
interface = final_creds["ids"]["interface"]
if not interface or interface == "XXXX":
print("\n[!] Select network interface for Intrusion Detection System")
interface = get_interface()
final_creds["ids"]["interface"] = interface
if antivirus:
final_creds["antivirus"] = antivirus
return final_creds