Esempio n. 1
0
def search_template(template_list, match_node, node_template, node_object,
                    auditcreeper):
    """
		This function will take the search results from the list of nodes 
		and run it against node_object to determine the hardware vendor and type 
		and compare with the node_template database to match. Once matched, 
		it will check to verify an existing template is available.
	"""
    search_result = []
    index = 0
    element = 0
    for node in match_node:
        for node_obj in node_object:
            if node == node_obj['name']:
                """
					index variable gets the position in the list and appends it to the global variable 'element'.
				"""
                index = node_object.index(node_obj)
                initialize.element.append(index)
                """
					This section will pull out all the templates belonging to the specific
					hardware vendor, operating system and type from the template database.
				"""
                for node_temp in node_template:
                    if node_obj['hardware_vendor'] == node_temp[
                            'hardware_vendor'] and node_obj[
                                'opersys'] == node_temp['opersys'] and node_obj[
                                    'type'] == node_temp['type']:
                        if auditcreeper:
                            template_node_list = []
                            for template_dir_name in node_temp['templates']:
                                template_name = template_dir_name.split(
                                    '/')[-1]
                                template_node_list.append(template_name)
                            template_list.append(template_node_list)
                        else:
                            directory = get_template_directory(
                                node_obj['hardware_vendor'],
                                node_obj['opersys'], node_obj['type'])
                            file = directory + template_list[element]
                            template_index = 0
                            for template_path in node_temp['templates']:
                                node_temp['templates'][
                                    template_index] = template_path.replace(
                                        '~', '{}'.format(get_home_directory()))
                                template_index = template_index + 1
                            if file in node_temp['templates']:
                                search_result.append("MATCH")
                            else:
                                print('+ No associating template {}'.format(
                                    template_list[element]) +
                                      ' for node {}'.format(node))
                                search_result.append("NO MATCH")
                    else:
                        continue
            else:
                continue

    return search_result
Esempio n. 2
0
def search_template(template_list, match_node, node_template, node_object,
                    auditcreeper):

    search_result = []
    index = 0
    element = 0
    for node in match_node:
        for node_obj in node_object:
            if (node in node_obj['hostname']):

                ### INDEX GETS THE POSITION IN THE LIST AND APPENDS IT TO THE GLOBAL VARIABLE ELEMENT
                index = node_object.index(node_obj)
                initialize.element.append(index)

                ### THIS SECTION WILL PULL OUT ALL THE TEMPLATES BELONGING TO THE SPECIFIC PLATFORM, OS AND TYPE OF DEVICE FROM THE TEMPLATE DATABASE
                for node_temp in node_template:
                    if (node_obj['platform'] == node_temp['platform']
                            and node_obj['os'] == node_temp['os']
                            and node_obj['type'] == node_temp['type']):

                        #						print("NODE_TEMP: {}".format(node_temp['templates']))
                        if (auditcreeper):
                            template_node_list = []
                            #							print("THIS IS NODE_TEMP['TEMPLATE'] for NODE {}".format(node) + ": {}".format(node_temp['templates'],))
                            for template_dir_name in node_temp['templates']:
                                template_name = template_dir_name.split(
                                    '/')[-1]
                                template_node_list.append(template_name)
                            template_list.append(template_node_list)
#							print("THIS IS THE TEMPLATE_NODE_LIST FOR HOST {} : {}".format(node,template_node_list))
#							print("THIS IS THE TEMPLATE_LIST IN SEARCH.PY : {}".format(template_list))
                        else:
                            ### THIS CALLS THE DIRECTORY MODULE WHICH WILL RETURN THE CORRECT DIRECTORY PATH BASED ON DEVICE PLATFORM, OS AND TYPE
                            directory = get_template_directory(
                                node_obj['platform'], node_obj['os'],
                                node_obj['type'])
                            file = directory + template_list[element]
                            if (file in node_temp['templates']):
                                search_result.append("MATCH")
                            else:
                                print("[!] [NO ASSOCIATING TEMPLATE {}".format(
                                    template_list[element]) +
                                      " FOR NODE {}]".format(node))
                                search_result.append("NO MATCH")

                    else:
                        continue
            else:
                continue


#	print("TEMPLATE_LIST IN SEARCH.PY: {}".format(template_list))
    return search_result
Esempio n. 3
0
def render(template_list, node_object, auditcreeper, output, with_remediation):

    ### TEMPLATE_LIST_COPY TAKE A COPY OF THE CURRENT TEMPLATE_LIST
    template_list_copy = template_list

    if (auditcreeper):
        template_list = template_list_copy[0]
#	print("[!] [THE FOLLOWING TEMPLATE(S) IS/ARE RENDERED:]")
    for index in initialize.element:

        print("{}".format(node_object[index]['hostname']))
        for template in template_list:
            ### THIS CALLS THE DIRECTORY MODULE WHICH WILL RETURN THE CORRECT DIRECTORY PATH BASED ON DEVICE PLATFORM, OS AND TYPE
            directory = get_template_directory(node_object[index]['platform'],
                                               node_object[index]['opersys'],
                                               node_object[index]['type'])
            env = Environment(loader=FileSystemLoader("{}".format(directory)),
                              lstrip_blocks=True,
                              trim_blocks=True)
            baseline = env.get_template(template)
            f = open(
                "/rendered-configs/{}.{}".format(
                    node_object[index]['hostname'], template.strip('jinja2')) +
                "conf", "w")
            config_list = []
            config = baseline.render(nodes=node_object[index],
                                     with_remediation=with_remediation)
            f.write(config)
            f.close
            print("{}{}".format(directory, template))
            if (output):
                print("{}".format(config))

            f = open(
                "/rendered-configs/{}.{}".format(
                    node_object[index]['hostname'], template.strip('jinja2')) +
                "conf", "r")
            init_config = f.readlines()
            ### THE BELOW PARSE_COMMANDS FUNCTION WILL ONLY GET EXECUTED IF NEEDS TO STORE COMMANDS IN THE GLOBAL VARILABLE INITIALIZE.CONFIGURATION FOR PUSH
            ### PUSH_CFGS(OUTPUT = TRUE) VS RENDER_CONFIG(OUTPUT = FALSE) FUNCTIONS.
            if (output != True):
                parse_commands(node_object[index], init_config)

        if (auditcreeper):
            template_list = get_updated_list(template_list_copy)
        print

    return None
Esempio n. 4
0
def render(template_list, node_object, auditcreeper, output, with_remediation):
    global with_remediate
    with_remediate = with_remediation
    template_list_copy = template_list
    if auditcreeper:
        template_list = template_list_copy[0]
    for index in initialize.element:
        get_hardware_vendor_template_directory = get_template_directory(
            node_object[index]['hardware_vendor'],
            node_object[index]['opersys'], node_object[index]['type'])
        print("{}".format(node_object[index]['name']))
        for template in template_list:
            config = process_jinja2_template(node_object, index, template,
                                             with_remediation)
            print("{}{}".format(get_hardware_vendor_template_directory,
                                template))
            if (output):
                print("{}".format(config))
            with open(
                    '{}/rendered-configs/{}.{}'.format(
                        get_home_directory(), node_object[index]['name'],
                        template.replace('jinja2', '')) + 'conf', 'r') as file:
                init_config = f.readlines()
            """
				The below parse_commands() function will only get executed if
				it needs to store commands in the global variable initialize.configuration
				for push. push_cfgs(output = True) vs render_config(output = False) functions.
			"""
            if output != True:
                parse_commands(node_object[index],
                               init_config,
                               set_notation=False)
            print()
        if auditcreeper:
            template_list = get_updated_list(template_list_copy)

    return None
Esempio n. 5
0
def process_jinja2_template(node_object, index, template, with_remediation):
    hardware_vendor_template_directory = get_template_directory(
        node_object[index]['hardware_vendor'], node_object[index]['opersys'],
        node_object[index]['type'])
    standards_directory = get_standards_directory(
        node_object[index]['name'], node_object[index]['hardware_vendor'],
        node_object[index]['type'])
    env = Environment(loader=FileSystemLoader(
        [hardware_vendor_template_directory, standards_directory]),
                      lstrip_blocks=True,
                      trim_blocks=True)
    baseline = env.get_template(template)
    os.makedirs('{}/rendered-configs/'.format(get_home_directory()),
                exist_ok=True)
    with open(
            '{}/rendered-configs/{}.{}'.format(
                get_home_directory(), node_object[index]['name'],
                template.replace('jinja2', '')) + 'conf', 'w') as file:
        config = baseline.render(node=node_object[index],
                                 with_remediation=with_remediation)
        file.write(config)
        file.close

    return config
Esempio n. 6
0
def cisco_audit_diff(node_object, index, template, AUDIT_FILTER_RE, output,
                     remediation):

    ### INDEX_LIST IS A LIST OF ALL THE POSITIONS COLLECTED FROM INDEX_POSITION VARIABLE
    index_list = []

    ### FILTER_CONFIG IS A LIST OF COLLECTION OF ALL THE AUDIT FILTERS THAT MATCHED THE LINES IN BACKUP_CONFIG. THESE ENTRIES DO NOT CONTAIN DEPTHS/DEEP CONFIGS
    filtered_config = []

    ### FILTERED_BACKUP_CONFIG IS THE FINAL LIST OF ALL THE AUDIT FILTERS THAT MATCHES THE LINES IN BACKUP_CONFIG. THESE ENTRIES INCLUDE DEPTHS/DEEP CONFIGS
    filtered_backup_config = []

    ### THIS SECTION OF CODE WILL OPEN THE RENDERED-CONFIG *.CONF FILE AND STORE IN RENDERED_CONFIG AS A LIST
    f = open(
        "/rendered-configs/{}.{}".format(node_object[index]['hostname'],
                                         template.split('.')[0]) + ".conf",
        "r")
    init_config = f.readlines()
    #	print"INIT_CONFIG: {}".format(init_config)
    ### RENDERED_CONFIG IS A LIST OF ALL THE CONFIGS THAT WAS RENDERED FROM THE TEMPLATES (SOURCE OF TRUTH)
    rendered_config = []

    for config_line in init_config:
        strip_config = config_line.strip('\n')
        ### THIS WILL REMOVE ANY LINES THAT ARE EMPTY OR HAS A '!' MARK
        if (strip_config == '' or strip_config == "!"):
            continue
        else:
            rendered_config.append(strip_config)

    ###UN-COMMENT THE BELOW PRINT STATEMENT FOR DEBUGING PURPOSES
#	print ("RENDERED CONFIG: {}".format(rendered_config))

### THIS SECTION OF CODE WILL OPEN BACKUP-CONFIG *.CONF FILE AND STORE IN BACKUP_CONFIG AS A LIST
    f = open(
        "/backup-configs/{}".format(node_object[index]['hostname']) + ".conf",
        "r")
    init_config = f.readlines()
    backup_config = []

    for config_line in init_config:
        strip_config = config_line.strip('\n')
        backup_config.append(strip_config)

    ###UN-COMMENT THE BELOW PRINT STATEMENT FOR DEBUGING PURPOSES


#	print ("BACKUP CONFIG: {}".format(backup_config))

### THIS WILL OPEN THE JINJA2 TEMPLATE AND PARSE OUT THE AUDIT_FILTER SECTION VIA REGULAR EXPRESSION
    directory = get_template_directory(node_object[index]['platform'],
                                       node_object[index]['opersys'],
                                       node_object[index]['type'])
    f = open("{}".format(directory) + template, "r")
    parse_audit = f.readline()
    audit_filter = eval(re.findall(AUDIT_FILTER_RE, parse_audit)[0])

    ###UN-COMMENT THE BELOW PRINT STATEMENT FOR DEBUGING PURPOSES
    #	print ("AUDIT_FILTER: {}".format(audit_filter))

    ### FILTER OUT THE BACKUP_CONFIGS WITH THE AUDIT_FILTER
    ### THIS WILL TAKE EACH ELEMENT FROM THE AUDIT_FILTER LIST AND SEARCH FOR THE MATCHED LINES IN BACKUP_CONFIG
    ### PARSING THE BACKUP CONFIGS
    parse_backup_configs = CiscoConfParse(
        "/backup-configs/{}".format(node_object[index]['hostname']) + ".conf",
        syntax=get_syntax(node_object, index))
    #	print "SYNTAX: {}".format(get_syntax(node_object,index))

    ### MATCHED ENTRIES ARE THEN APPENDED TO FILTER_BACKUP_CONFIG VARIABLE AS A LIST
    ### FUNCTION CALL TO PARSE_AUDIT_FILTER() TO FIND ALL THE PARENT/CHILD
    filtered_backup_config = parse_audit_filter(node_object, index,
                                                parse_backup_configs,
                                                audit_filter)

    ### UN-COMMENT THE BELOW PRINT STATEMENT FOR DEBUGING PURPOSES
    #	print("FILTERED BACKUP CONFIG: {}".format(filtered_backup_config))

    ### SYNC_DIFF WILL DIFF OUT THE FILTERED_BACKUP_COFNIG FROM THE RENDERED CONFIG AND STORE WHATEVER COMMANDS THAT
    ### COMMANDS THAT NEED TO BE ADDED/REMOVE IN PUSH_CONFIGS VARIABLE
    parse = CiscoConfParse(filtered_backup_config)
    push_configs = parse.sync_diff(rendered_config,
                                   "",
                                   ignore_order=True,
                                   remove_lines=True,
                                   debug=False)

    if (len(push_configs) == 0):
        if (output):
            print("{}{} (none)".format(directory, template))
            print('')
    else:

        ### THIS WILL JUST PRINT THE HEADING OF THE TEMPLATE NAME SO YOU KNOW WHAT IS BEING CHANGED UNDER WHICH TEMPLATE
        if (output):
            print("{}{}".format(directory, template))

        for line in push_configs:
            search = parse_backup_configs.find_objects(r"^{}".format(line))
            if ('no' in line):
                line = re.sub("no", "", line)
                if (not remediation):
                    print("-{}".format(line))
            elif (len(search) == 0):
                if (not remediation):
                    print("+ {}".format(line))
            elif (len(search) > 1):
                if (not remediation):
                    print("+ {}".format(line))
            else:
                if (not remediation):
                    print("  {}".format(line))

        print("")
        ###UN-COMMENT THE BELOW PRINT STATEMENT FOR DEBUGING PURPOSES
        #		print("PUSH_CONFIGS: {}".format(push_configs))
        if (remediation):

            ### THIS STEP WILL APPEND REMEDIATION CONFIGS FROM TEMPLATE (EXPECTED RESULTS)
            for config in push_configs:
                node_configs.append(config)
                ntw_device_pop = False

            ### INITIALIZE.COFIGURATION APPENDS ALL THE REMEDIATED CONFIGS AND PREPARES IT FOR PUSH
            if (auditcreeper == False):
                initialize.configuration.append(node_configs)
            node_index = node_index + 1
Esempio n. 7
0
def auditdiff_engine(template_list, node_object, auditcreeper, output,
                     remediation):

    redirect = []
    command = []
    ### RENDERED_CONFIG IS TO ACCOMODATE JUNIPER PLATFORM BY APPENDING A 'LOAD REPLACE TERMINAL' TO GET THE DIFF OUTPUT
    rendered_config = []
    rendered_config.append('load replace terminal')
    edit_list = []
    no_diff = 0

    ### PUSH_CONFIGS IS A LIST OF THE FINAL CONFIGS TO BE PUSHED
    #	push_configs = []

    ### INDEX_POSITION IS THE INDEX OF ALL THE MATCHED FILTER_CONFIG AGAINST THE BACKUP_CONFIGS. THE INDEX IS COMING FROM THE BACKUP_CONFIG
    index_position = 0

    ### NODE_INDEX KEEPS TRACK OF THE INDEX IN INITIALIZE.NTW_DEVICE. IF REMEDIATION IS NOT REQUIRED (CONFIGS MATCHES TEMPLATE), THEN THE NODE IS POPPED OFF
    ### INITIALIZE.NTW_DEVICE AND NOTHING IS CHANGED ON THAT DEVICE
    node_index = 0

    ### AUDIT_FILTER_RE IS THE REGULAR EXPRESSION TO FILTER OUT THE AUDIT FILTER IN EVERY TEMPLATE
    AUDIT_FILTER_RE = r"\[.*\]"

    ### TEMPLATE_LIST_COPY TAKE A COPY OF THE CURRENT TEMPLATE_LIST
    template_list_original = template_list[:]
    template_list_copy = template_list

    if (auditcreeper):
        template_list = template_list_copy[0]

#	print "TEMPLATE_LIST: {}".format(template_list)

### THIS SECTION OF CODE WILL GATHER ALL RENDERED CONFIGS FIRST AS IT'S REQUIRED FOR ALL PLATFORMS (CISCO & JUNIPER)
### JUNIPER DOES NOT REQUIRE BACKUP-CONFIGS IN ORDER TO BE DIFFED SO INSTEAD IT WILL JUST PUSH (PUSH_CFGS) THE TEMPLATE AND PERFORM THE DIFF ON THE DEVICE ITSELF.
### CISCO WILL REQUIRE BACKUP-CONFIGS (GET_CONFIG)
    for index in initialize.element:

        if (node_object[index]['platform'] == 'juniper'):

            ### THIS WILL RETURN A SORTED JUNIPER TEMPLATE LIST BASED ON JUNIPER'S 'SHOW CONFIGURATION' OUTPUT
            template_list = get_sorted_juniper_template_list(template_list)
#			print("TEMPLATE_LIST FIRST PHASE: {}".format(template_list))

        for template in template_list:

            ### THIS SECTION OF CODE WILL PROCESS THE TEMPLATE AND OUTPUT TO A *.CONF FILE
            directory = get_template_directory(node_object[index]['platform'],
                                               node_object[index]['opersys'],
                                               node_object[index]['type'])
            env = Environment(loader=FileSystemLoader("{}".format(directory)))
            baseline = env.get_template(template)
            f = open(
                "/rendered-configs/{}.{}".format(
                    node_object[index]['hostname'],
                    template.split('.')[0]) + ".conf", "w")

            ### GENERATING TEMPLATE BASED ON NODE OBJECT
            config = baseline.render(nodes=node_object[index])

            f.write(config)
            f.close
            if (node_object[index]['platform'] == 'cisco'):

                ### THIS SECTION OF CODE WILL OPEN THE RENDERED-CONFIG *.CONF FILE AND STORE IN RENDERED_CONFIG AS A LIST
                f = open(
                    "/rendered-configs/{}.{}".format(
                        node_object[index]['hostname'],
                        template.split('.')[0]) + ".conf", "r")
                init_config = f.readlines()
                ### RENDERED_CONFIG IS A LIST OF ALL THE CONFIGS THAT WAS RENDERED FROM THE TEMPLATES (SOURCE OF TRUTH)

            if (node_object[index]['platform'] == 'juniper'):

                ### THIS SECTION OF CODE WILL OPEN THE RENDERED-CONFIG *.CONF FILE AND STORE IN RENDERED_CONFIG AS A LIST
                f = open(
                    "/rendered-configs/{}.{}".format(
                        node_object[index]['hostname'],
                        template.split('.')[0]) + ".conf", "r")
                init_config = f.readlines()
                ### RENDERED_CONFIG IS A LIST OF ALL THE CONFIGS THAT WAS RENDERED FROM THE TEMPLATES (SOURCE OF TRUTH)

                for config_line in init_config:
                    strip_config = config_line.strip('\n')
                    ### THIS WILL REMOVE ANY LINES THAT ARE EMPTY OR HAS A '!' MARK
                    if (strip_config == '' or strip_config == "!"):
                        continue
                    else:
                        rendered_config.append(strip_config)

                ###UN-COMMENT THE BELOW PRINT STATEMENT FOR DEBUGING PURPOSES
#				print ("RENDERED CONFIG: {}".format(rendered_config))

        template_list = get_updated_list(template_list_copy)

        if (node_object[index]['platform'] == 'cisco'):
            redirect.append('get_config')
            command.append([''])
        ### JUNIPER DEVICES WILL RECEIVE A DIFFERENT REDIRECT THAN CISCO PLATFORM
        ### THREE ADDITIONAL COMMANDS ARE APPENEDED AT THE END, ^D, SHOW | COMPARE AND ROLLBACK 0
        ### ALL TEMPLATES MATCHING ARE EXECUTED AT ONCE PER DEVICE
        elif (node_object[index]['platform'] == 'juniper'):
            redirect.append('get_diff')
            rendered_config.append('\x04')
            rendered_config.append('show | compare')
            rendered_config.append('rollback 0')
            command.append(rendered_config)

    ###UN-COMMENT THE BELOW PRINT STATEMENT FOR DEBUGING PURPOSES
#	print"REDIRECT: {}".format(redirect)
###UN-COMMENT THE BELOW PRINT STATEMENT FOR DEBUGING PURPOSES
#	print"COMMAND: {}".format(command)
#	print("[+] [COMPUTING DIFF. STANDBY...]")
    multithread_engine(initialize.ntw_device, redirect, command)

    ### RESETING TEMPLATE_LIST TO ORIGINAL LIST

    ###UN-COMMENT THE BELOW PRINT STATEMENT FOR DEBUGING PURPOSES
    #	print("ORIGINAL_LIST: {}".format(template_list_original))
    template_list = template_list_original

    ###UN-COMMENT THE BELOW PRINT STATEMENT FOR DEBUGING PURPOSES
    #	print("TEMPLATE_LIST: {}".format(template_list))

    ### REINITIALIZING TEMPLATE_LIST TO THE ORIGINAL LIST OF TEMPLATES
    if (auditcreeper):
        template_list = template_list_original[0]

    ### THIS FOR LOOP WILL LOOP THROUGH ALL THE MATCHED ELEMENTS FROM THE USER SEARCH AND AUDIT ON SPECIFIC TEMPLATE OR IF NO ARGUMENT IS GIVEN, ALL TEMPLATES

    for index in initialize.element:

        ### NODE_CONFIG IS THE FINALIZED CONFIG TO PUSH TO THE NODE FOR REMEDIATION
        node_configs = []
        ntw_device_pop = True
        ### TEMPLATE_NAME IS SET TO TRUE IN ORDER TO PRINT OUT THE TEMPLATE HEADING WHEN RECURSING
        template_name = True

        if (not remediation):
            print("Only in the device: -")
            print("Only in the generated config: +")
            print("{}".format(node_object[index]['hostname']))

        ###UN-COMMENT THE BELOW PRINT STATEMENT FOR DEBUGING PURPOSES
        template_list_juniper = template_list[:]
        if (node_object[index]['platform'] == 'juniper'):

            ### THIS WILL RETURN A SORTED JUNIPER TEMPLATE LIST BASED ON JUNIPER'S 'SHOW CONFIGURATION' OUTPUT
            template_list = get_sorted_juniper_template_list(template_list)

        ### THIS WILL LOOP THROUGH ALL THE TEMPLATES SPECIFIED FOR THE PARTICULAR HOST IN NODES.YAML
        for template in template_list:

            ### THIS SECTION IS FOR CISCO SYSTEMS PLATFORM ###
            if (node_object[index]['platform'] == 'cisco'):

                cisco_audit_diff(node_object, index, template, AUDIT_FILTER_RE,
                                 output, remediation)

            ### THIS SECTION IS FOR JUNIPER NETWORKS PLATFORM ###
            if (node_object[index]['platform'] == 'juniper'):

                directory = get_template_directory(
                    node_object[index]['platform'],
                    node_object[index]['opersys'], node_object[index]['type'])
                ### THIS SECTION OF CODE WILL OPEN DIFF-CONFIG *.CONF FILE AND STORE IN DIFF_CONFIG AS A LIST
                f = open(
                    "/diff-configs/{}".format(node_object[index]['hostname']) +
                    ".conf", "r")
                init_config = f.readlines()
                ### DIFF_CONFIG ARE THE DIFFERENTIAL CONFIGS GENERATED BY THE /DIFF-CONFIGS/*.CONF FILE
                diff_config = []

                for config_line in init_config:
                    strip_config = config_line.strip('\n')
                    diff_config.append(strip_config)

                ###UN-COMMENT THE BELOW PRINT STATEMENT FOR DEBUGING PURPOSES
#				print ("DIFF CONFIG: {}".format(diff_config))

                RE = re.compile(r'\[edit\s({})'.format(template.split('.')[0]))
                search = list(filter(RE.match, diff_config))

                if (len(search) == 0):
                    print("{}{} (none)".format(directory, template))
                    print('')
                    no_diff = no_diff + 1
                    if (no_diff == len(template_list)):
                        break
                    if (len(template_list) > 1):
                        juniper_audit_diff(directory, template, template_list,
                                           diff_config, edit_list, search)
                    else:
                        continue

                else:
                    ### THIS FIRST SECTION WILL FIND ALL THE INDEXES WITH THE '[edit <TEMPLATE>]' AND APPEND IT TO THE EDIT_LIST
                    ### EDIT_LIST MAINTAINS A LIST OF ALL THE INDEXES THAT PERTAIN TO THE TEMPLATES
                    for line in diff_config:
                        if (re.search(
                                '\[edit\s{}'.format(template.split('.')[0]),
                                line)):
                            element = diff_config.index(line)
                            edit_list.append(element)
                            ###UN-COMMENT THE BELOW PRINT STATEMENT FOR DEBUGING PURPOSES
#							print('ELEMENT: {}'.format(element))
#							print("{}".format(line))

###UN-COMMENT THE BELOW PRINT STATEMENT FOR DEBUGING PURPOSES
#					print('EDIT_LIST 1st: {}'.format(edit_list))
#					print("index_of_template_list: {}".format(index_of_template_list))
#					print("length_template_list: {}".format(length_template_list))
                    juniper_audit_diff(directory, template, template_list,
                                       diff_config, edit_list, search)

#					print("end_of_template_list: {}".format(end_of_template_list))
### UPON THE LAST TEMPLATE, IT WILL THEN FIND THE CLOSING CURLY BRACES INDEX NUMBER TO APPEND TO THE EDIT_LIST

        if (auditcreeper):
            initialize.configuration.append(node_configs)
            if (ntw_device_pop == True):
                initialize.ntw_device.pop(node_index)
                initialize.configuration.pop(node_index)
            template_list = get_updated_list(template_list_original)

#	if(remediation):
#		print("[+]: PUSH ENABLED")
#		print("[!]: PUSH DISABLED")

    return None
Esempio n. 8
0
def generic_audit_diff(node_object, index, template, template_list,
                       AUDIT_FILTER_RE, output, with_remediation):

    for template in template_list:

        filtered_backup_config = []
        rendered_config = []
        backup_config = []
        commands = []
        """
		:param filtered_backup_config: Audit filters that matches the lines in backup_config. Entries include depths/deep configs.
		:type filtered_backup_config: list

		:param rendered_config: Rendered configs from the templates.
		:type rendered_config: list

		:param backup_config: Backup configs from the 'show run', 'list ltm' etc...
		:type backup_config: list

		:param commands: ... Configurations generated from the diff'ed output.
		:type commands: list
		"""
        f = open(
            "{}/rendered-configs/{}.{}".format(
                home_directory, node_object[index]['name'],
                template.split('.')[0]) + ".conf", "r")
        init_config = f.readlines()
        for config_line in init_config:
            strip_config = config_line.strip('\n')
            if (strip_config == '' or strip_config == "!"):
                continue
            else:
                rendered_config.append(strip_config)
        f = open(
            "{}/backup-configs/{}".format(
                home_directory, node_object[index]['name']) + ".conf", "r")
        init_config = f.readlines()
        for config_line in init_config:
            strip_config = config_line.strip('\n')
            backup_config.append(strip_config)
        directory = get_template_directory(
            node_object[index]['hardware_vendor'],
            node_object[index]['opersys'], node_object[index]['type'])
        f = open("{}".format(directory) + template, "r")
        parse_audit = f.readline()
        """
			This will take each element from the audit_filter list and search for the matched lines in backup_config.
		"""
        audit_filter = eval(re.findall(AUDIT_FILTER_RE, parse_audit)[0])
        parse_backup_configs = CiscoConfParse("{}/backup-configs/{}".format(
            home_directory, node_object[index]['name']) + ".conf",
                                              syntax=get_syntax(
                                                  node_object, index))
        """
			Matched entries are then appended to the filter_backup_config variable. parse_audit_filter() call will find all parent/child.
		"""
        filtered_backup_config = parse_audit_filter(node_object, index,
                                                    parse_backup_configs,
                                                    audit_filter)
        """
			sync_diff() will diff out the filtered_backup_config from the rendered_configs and store whatever commands that has deltas.
		"""
        parse = CiscoConfParse(filtered_backup_config)
        push_configs = parse.sync_diff(rendered_config,
                                       "",
                                       ignore_order=True,
                                       remove_lines=True,
                                       debug=False)
        """
			If there are no diffs and only and audit diff is executed, (none) will be printed to show users the result. However, if there are no diffs but a push cfgs
			if executed resulting in output set as false, an empty list is appended.
		"""
        if (len(push_configs) == 0):
            if output:
                print("{}{} (none)".format(directory, template))
                print('')
            else:
                initialize.configuration.append([])
                print('There are no diffs to be pushed for template {} on {}'.
                      format(template, node_object[index]['name']))
                if len(initialize.element) == 0:
                    break
        else:
            """
				If an audit diff is executed, the diff is outputed to user. If a push cfgs is executed against Cisco like platforms, the commands from the diff are executed
				with the negation (no). This is to maintain the sequence of the the commands in order to match the jinja2 templates. What you see on the template is what the
				users want exactly as the running-configurations. The with_remediation flag is no longer required on the template itself as it may cause disruptions to
				services. For example, blowing out an entire logging configs (no logging) and readding all the logging host back on.
			"""
            if output:
                print("{}{}".format(directory, template))
                for line in push_configs:
                    search = parse_backup_configs.find_objects(
                        r"^{}".format(line))
                    if re.search(r'^no', line) or re.search(r'\sno', line):
                        line = re.sub("no", "", line)
                        print("-{}".format(line))
                    elif (len(search) == 0):
                        print("+ {}".format(line))
                    elif (len(search) > 1):
                        print("+ {}".format(line))
                    else:
                        print("  {}".format(line))
            else:
                for line in push_configs:
                    commands.append(line)
                initialize.configuration.append(commands)
            print("")


#			if(with_remediation):
#				for config in push_configs:
#					node_configs.append(config)
#					ntw_device_pop = False
#				if(auditcreeper == False):
#					initialize.configuration.append(node_configs)
#				node_index = node_index + 1

    return None
Esempio n. 9
0
def mediator(template_list,node_object,auditcreeper,output,with_remediation):
	redirect = [] 
	command = [] 
	template_counter = 0
	node_index = 0 
	AUDIT_FILTER_RE = r'\[.*\]'
	template_list_original = template_list[:]
	template_list_copy = template_list
	authentication = True

	"""
	:param redirect: A list of which method superloop will access. This variable is sent to the multithread_engine. Each element is a redirect per node.
	:type alt_key_file: list
	
	:param command: A list within a list where each element represents per node of commands to execute.
	:type command: list
	
	:param template_counter: Used to keep track of the number of templates it cycles through for Juniper.
	:type template_counter: int
	
	:param node_index: Keeps track of the index in initialize.ntw_device. If remediation is not required (configs matches template), then the node is popped of       initialize.ntw_device and nothing is changed on that device.
	:type node_index: int
	
	:param AUDIT_FILTER_RE: Regular expression to filter out the audit filter in every template.
	:type AUDIT_FILTER_RE: str
	
	:param template_list_original: Take a duplicate copy of template_list
	:type template_list_original: list
	
	:param template_list_copy: Memory reference to template_list
	:type template_list_copy: list
	
	"""
	"""
	The mediator is broken up into two sections. The first section of code will gather all rendered configs first as it's required for all hardware vendors 
	(Cisco, Juniper & F5). Juniper does not require backup-configs in order to be diff'ed. The diff is server (node) side processed and the results 
	are returned back to superloop. Cisco hardware_vendors will require backup-configs (get_config) where the diffs are processed locally.
	"""
	if auditcreeper:
		template_list = template_list_copy[0]
	for index in initialize.element:
		rendered_config = []
		if node_object[index]['hardware_vendor'] == 'juniper':
			"""
                Juniper's diff output are always in a certain stanza order. 
                The template_list ordered processed may very well not be in the 
                same order as Juniper's. In order to keep it consistent, we must 
                call the function get_sorted_juniper_template() and it will 
                return a sorted Juniper's stanza list.
			"""
			template_list = get_sorted_juniper_template_list(template_list)
			rendered_config.append('load replace terminal')
		for template in template_list:
			process_jinja2_template(node_object,index,template,with_remediation)
			"""
				Compiling the rendered configs from template and preparing
				for pushing to node.
			"""
			if node_object[index]['hardware_vendor'] == 'juniper':
				template_counter = template_counter + 1
				with open('{}/rendered-configs/{}.{}'.format(get_home_directory(),node_object[index]['name'],template.split('.')[0]) + '.conf','r') as file:
					init_config = file.readlines()
				for config_line in init_config:
					strip_config = config_line.strip('\n')
					if(strip_config == '' or strip_config == "!"):
						continue	
					else:
						rendered_config.append(strip_config)	
				"""
					This below statement will check to see if it's the last 
					template for the node. It will then append 3 commands to the list.
				"""
				if template_counter == len(template_list):
					rendered_config.append('\x04')
					rendered_config.append('show | compare')
					rendered_config.append('rollback 0')
				"""
					Uncomment the below print statement for debugging purposes
				"""
					#print("RENDERED CONFIG: {}".format(rendered_config))
		"""
			The below statement will only execute if user is auditing 
			against multiple templates. If only one template is being 
			audited, do no pop off element.
		"""
		if len(template_list) != 1:
			template_list = get_updated_list(template_list_copy)
		if node_object[index]['hardware_vendor'] == 'cisco' or node_object[index]['hardware_vendor'] == 'f5':
			redirect.append('get_config')
			command.append([''])
			"""
			Juniper devices will receive a different redirect than 
			Cisco. Three additional commands are appeneded 
			at the end, ^d, show | compare and rollback 0.  All templates 
			matching are executed at once per device
		"""
		elif node_object[index]['hardware_vendor'] == 'juniper':
			redirect.append('get_diff')
			command.append(rendered_config)
			template_counter = 0
	"""
		Uncomment the below print statement for debugging purposes
	"""
	#print('REDIRECT: {}'.format(redirect))
	#print('TEMPLATE_LIST: {}'.format(template_list))
	#print('COMMAND: {}'.format(command))
	multithread_engine(initialize.ntw_device,redirect,command,authentication)
	template_list = template_list_original
	if(auditcreeper):
		template_list = template_list_original[0]
	for index in initialize.element:
		edit_list = []
		node_configs = []
		diff_config = []
		ntw_device_pop = True 
		"""
			:param edit_list: Anchor points for Juniper audits based on the edit stanza.
			:type edit_list: list

			:param node_configs: Finalized configs used to push to device
			:type node_configs: list

			:param diff_config: Differential configs generated by the ~/diff-configs/*.conf file
			:type diff_config: list

			:param ntw_device_pop: Pop off each node once audit is complete.
			:type ntw_device_pop: bool
		"""
		if not with_remediation:
			print("Only in the device: -")
			print("Only in the generated config: +")
			print ("{}".format(node_object[index]['name']))
		if node_object[index]['hardware_vendor'] == 'cisco' or node_object[index]['hardware_vendor'] == 'f5':
			generic_audit_diff(node_object,index,template,template_list,AUDIT_FILTER_RE,output,with_remediation)
		elif node_object[index]['hardware_vendor'] == 'juniper':
			template_list = get_sorted_juniper_template_list(template_list)
			directory = get_template_directory(node_object[index]['hardware_vendor'],node_object[index]['opersys'],node_object[index]['type'])
			with open('{}/diff-configs/{}'.format(get_home_directory(),node_object[index]['name']) + '.conf','r') as file:
				init_config = file.readlines()
			for config_line in init_config:
				strip_config = config_line.strip('\n')
				diff_config.append(strip_config)
			for output in diff_config:
				if 'errors' in output:
					error = True
					break
				else:
					error = False
			if error:
				print('+ Please check error(s) in template(s)')
				break
			else:
				juniper_mediator(node_object,template_list,diff_config,edit_list,index)
				juniper_audit_diff(directory,template_list,diff_config,edit_list)
		if auditcreeper:
			initialize.configuration.append(node_configs)
			if ntw_device_pop == True:
				initialize.ntw_device.pop(node_index)
				initialize.configuration.pop(node_index)
			template_list = get_updated_list(template_list_original)

	return None