def auditcreeper():
initialize.variables()
controller = 'push_cfgs'
commands = initialize.configuration
auditcreeper_flag = True
output = False
remediation = True
### AUGUMENT_NODE WILL MATCH EVERY NODES IN THE LIST OF NODE_OBJECT
argument_node = '.+'
template_list = []
os.system('clear')
### NODE_OBJECT IS A LIST OF ALL THE NODES IN THE DATABASE WITH ALL ATTRIBUTES
node_object = process_nodes()
### NODE_TEMPLATE IS A LIST OF ALL THE TEMPLATES BASED ON PLATFORMS AND DEVICE TYPE
node_template = process_templates()
### MATCH_NODE IS A LIST OF NODES THAT MATCHES THE ARGUEMENTS PASSED IN BY USER
match_node = search_node(argument_node, node_object)
### MATCH_TEMPLATE IS A LIST OF 'MATCH' AND/OR 'NO MATCH' IT WILL USE THE MATCH_NODE
### RESULT, RUN IT AGAINST THE NODE_OBJECT AND COMPARES IT WITH NODE_TEMPLATE DATABASE
### TO SEE IF THERE IS A TEMPLATE FOR THE SPECIFIC PLATFORM AND TYPE.
match_template = search_template(template_list, match_node, node_template,
node_object, auditcreeper_flag)
node_create(match_node, node_object)
auditdiff_engine(template_list, node_object, auditcreeper_flag, output,
remediation)
multithread_engine(initialize.ntw_device, controller, commands)
threading.Timer(5.0, auditcreeper).start()
def pull_cfgs(args):
argument_confirm = args.confirm
argument_node = args.node
commands = initialize.configuration
output = False
redirect = []
authentication = True
"""
:param argument_configm: Argument accepted as boolean
:type augument_confirm: bool
:param argument_node: Argument accepted as regular expression.
:type augument_node: str
:param commands: Referenced to global variable commands which keeps track of all commands per node.
:type commands: list
:param output: Flag to output to stdout.
:type ext: bool
:param redirect: A list of which method superloop will access. This variable is sent to the multithread_engine. Each element is a redirect per node.
:type alt_key_file: list
"""
try:
if argument_confirm is None or argument_confirm.lower() == 'true':
confirm_flag = True
elif argument_confirm.lower() == 'false':
confirm_flag = False
else:
raise argparse.ArgumentTypeError('Boolean value expected.')
node_object = process_nodes()
match_node = search_node(argument_node, node_object)
"""
:param node_object: All node(s) in the database with all attributes.
:type node_object: list
:param match_node: Nodes that matches the arguements passed in by user.
:type match_node: list
"""
if len(match_node) == 0:
print('+ No matching node(s) found in database.')
print('')
else:
node_element(match_node, node_object)
node_create(match_node, node_object)
for index in initialize.element:
redirect.append('pull_cfgs')
if (confirm_flag):
confirm(redirect, commands, authentication)
else:
multithread_engine(initialize.ntw_device, redirect, commands,
authentication)
print('')
except Exception as error:
print('ExceptionError: an exception occured')
print(error)
return None
def auditcreeper():
argument_node = '.+'
auditcreeper = True
commands = initialize.configuration
output = True
redirect = []
template_list = []
with_remediation = True
"""
:param argument_node: Argument accepted as regular expression.
:type augument_node: str
:param auditcreeper: When auditcreeper is active/non-active.
:type auditcreeper: bool
:param commands: Referenced to global variable commands which keeps track of all commands per node.
:type commands: list
:param output: Flag to output to stdout.
:type ext: bool
:param redirect: A list of which method superloop will access. This variable is sent to the multithread_engine. Each element is a redirect per node.
:type alt_key_file: list
:param template_list_original: Take a duplicate copy of template_list
:type template_list_original: list
:param with_remediation: Current function to remediate or not remediate.
:type ext: bool
"""
initialize.variables()
redirect.append('push_cfgs')
os.system('clear')
node_object = process_nodes()
node_template = process_templates()
match_node = search_node(argument_node, node_object)
match_template = search_template(template_list, match_node, node_template,
node_object, auditcreeper)
"""
:param node_object: All node(s) in the database with all attributes.
:type node_object: list
:param node_template: All templates based on hardware_vendor and device type.
:type node_template: list
:param match_node: Nodes that matches the arguements passed in by user.
:type match_node: list
:param match_template: Return a list of 'match' and/or 'no match'.
:type match_template: list
"""
node_create(match_node, node_object)
mediator(template_list, node_object, auditcreeper, output,
with_remediation)
for index in initialize.element:
redirect.append('push_cfgs')
multithread_engine(initialize.ntw_device, redirect, commands)
threading.Timer(5.0, auditcreeper).start()
def push_config(args):
ext = '.jinja2'
controller = 'push_config'
commands = initialize.configuration
auditcreeper_flag = False
argument_node = args.node
if(args.file is None):
# print("ARGS.FILE IS NONE")
template_list = []
auditcreeper_flag = True
else:
# print("ARGS.FILE IS VALID")
template = args.file + ext
template_list = []
template_list.append(template)
### NODE_OBJECT IS A LIST OF ALL THE NODES IN THE DATABASE WITH ALL ATTRIBUTES
node_object = process_nodes()
### NODE_TEMPLATE IS A LIST OF ALL THE TEMPLATES BASED ON PLATFORMS AND DEVICE TYPE
node_template = process_templates()
### MATCH_NODE IS A LIST OF NODES THAT MATCHES THE ARGUEMENTS PASSED IN BY USER
match_node = search_node(argument_node,node_object)
### MATCH_TEMPLATE IS A LIST OF 'MATCH' AND/OR 'NO MATCH' IT WILL USE THE MATCH_NODE
### RESULT, RUN IT AGAINST THE NODE_OBJECT AND COMPARES IT WITH NODE_TEMPLATE DATABASE
### TO SEE IF THERE IS A TEMPLATE FOR THE SPECIFIC PLATFORM AND TYPE.
match_template = search_template(template_list,match_node,node_template,node_object,auditcreeper_flag)
### THIS WILL PARSE OUT THE GENERATED CONFIGS FROM THE *.JINJA2 FILE TO A LIST
if(len(match_node) == 0):
print("+ [NO MATCHING NODES AGAINST DATABASE]")
print("")
elif('NO MATCH' in match_template):
print("+ [NO MATCHING TEMPLATE AGAINST DATABASE]")
print("")
else:
render(template_list,node_object,auditcreeper_flag)
node_create(match_node,node_object)
print("")
proceed = raw_input("PROCEED? [Y/N]: ")
if(proceed == 'y' or proceed == 'Y'):
print("")
print("PUSHING CODE...")
multithread_engine(initialize.ntw_device,controller,commands)
elif(proceed == 'n' or proceed == 'N'):
print("ABORT...")
def confirm_push(controller,commands):
check = str(raw_input("Push configs? [y/N]: ")).strip()
try:
if check[0] == 'y':
multithread_engine(initialize.ntw_device,controller,commands)
elif check[0] == 'N':
return False
else:
print("RuntimeError: aborted at user request")
except Exception as error:
print("ExceptionError: an exception occured")
print(error)
def confirm(redirect, commands, authentication):
index = 0
if (redirect[index] == 'push_cfgs'):
check = str(input("Push configs? [y/N]: ")).strip()
else:
check = str(input("Pull configs? [y/N]: ")).strip()
try:
if check[0] == 'y':
multithread_engine(initialize.ntw_device, redirect, commands,
authentication)
elif check[0] == 'N':
return False
else:
print("RuntimeError: aborted at user request")
except Exception as error:
print("ExceptionError: an exception occured")
print(error)
return None
def exec_cmd(args):
argument_command = args.command
argument_node = args.node
redirect = []
authentication = True
"""
:param argument_command: Referenced to global variable commands which keeps track of all commands per node.
:type commands: list
:param argument_node: Argument accepted as regular expression.
:type augument_node: str
:param redirect: A list of which method superloop will access. This variable is sent to the multithread_engine. Each element is a redirect per node.
:type alt_key_file: list
"""
redirect.append('exec_cmd')
try:
if argument_command == 'reload' or argument_command == 'reboot':
print("superloopError: command not supported")
return False
else:
node_object = process_nodes()
match_node = search_node(argument_node,node_object)
"""
:param node_object: All node(s) in the database with all attributes.
:type node_object: list
:param match_node: Nodes that matches the arguements passed in by user.
:type match_node: list
"""
if len(match_node) == 0:
print('+ No matching node(s) found in database.')
print()
else:
node_element(match_node,node_object)
node_create(match_node,node_object)
multithread_engine(initialize.ntw_device,redirect,argument_command,authentication)
except Exception as error:
print("ExceptionError: an exception occured")
print(error)
return None
def exec_command(args):
controller = 'exec_command'
command = args.argument
argument_node = args.node
### NODE_OBJECT IS A LIST OF ALL THE NODES IN THE DATABASE WITH ALL ATTRIBUTES
node_object = process_nodes()
### MATCH_NODE IS A LIST OF NODES THAT MATCHES THE ARGUEMENTS PASSED IN BY USER
match_node = search_node(argument_node, node_object)
if (len(match_node) == 0):
print("+ [NO MATCHING NODES AGAINST DATABASE]")
print("")
else:
node_element(match_node, node_object)
node_create(match_node, node_object)
multithread_engine(initialize.ntw_device, controller, command)
def auditdiff_engine(template_list, node_object, auditcreeper, output,
remediation):
redirect = []
command = []
### RENDERED_CONFIG IS TO ACCOMODATE JUNIPER PLATFORM BY APPENDING A 'LOAD REPLACE TERMINAL' TO GET THE DIFF OUTPUT
rendered_config = []
rendered_config.append('load replace terminal')
edit_list = []
no_diff = 0
### PUSH_CONFIGS IS A LIST OF THE FINAL CONFIGS TO BE PUSHED
# push_configs = []
### INDEX_POSITION IS THE INDEX OF ALL THE MATCHED FILTER_CONFIG AGAINST THE BACKUP_CONFIGS. THE INDEX IS COMING FROM THE BACKUP_CONFIG
index_position = 0
### NODE_INDEX KEEPS TRACK OF THE INDEX IN INITIALIZE.NTW_DEVICE. IF REMEDIATION IS NOT REQUIRED (CONFIGS MATCHES TEMPLATE), THEN THE NODE IS POPPED OFF
### INITIALIZE.NTW_DEVICE AND NOTHING IS CHANGED ON THAT DEVICE
node_index = 0
### AUDIT_FILTER_RE IS THE REGULAR EXPRESSION TO FILTER OUT THE AUDIT FILTER IN EVERY TEMPLATE
AUDIT_FILTER_RE = r"\[.*\]"
### TEMPLATE_LIST_COPY TAKE A COPY OF THE CURRENT TEMPLATE_LIST
template_list_original = template_list[:]
template_list_copy = template_list
if (auditcreeper):
template_list = template_list_copy[0]
# print "TEMPLATE_LIST: {}".format(template_list)
### THIS SECTION OF CODE WILL GATHER ALL RENDERED CONFIGS FIRST AS IT'S REQUIRED FOR ALL PLATFORMS (CISCO & JUNIPER)
### JUNIPER DOES NOT REQUIRE BACKUP-CONFIGS IN ORDER TO BE DIFFED SO INSTEAD IT WILL JUST PUSH (PUSH_CFGS) THE TEMPLATE AND PERFORM THE DIFF ON THE DEVICE ITSELF.
### CISCO WILL REQUIRE BACKUP-CONFIGS (GET_CONFIG)
for index in initialize.element:
if (node_object[index]['platform'] == 'juniper'):
### THIS WILL RETURN A SORTED JUNIPER TEMPLATE LIST BASED ON JUNIPER'S 'SHOW CONFIGURATION' OUTPUT
template_list = get_sorted_juniper_template_list(template_list)
# print("TEMPLATE_LIST FIRST PHASE: {}".format(template_list))
for template in template_list:
### THIS SECTION OF CODE WILL PROCESS THE TEMPLATE AND OUTPUT TO A *.CONF FILE
directory = get_template_directory(node_object[index]['platform'],
node_object[index]['opersys'],
node_object[index]['type'])
env = Environment(loader=FileSystemLoader("{}".format(directory)))
baseline = env.get_template(template)
f = open(
"/rendered-configs/{}.{}".format(
node_object[index]['hostname'],
template.split('.')[0]) + ".conf", "w")
### GENERATING TEMPLATE BASED ON NODE OBJECT
config = baseline.render(nodes=node_object[index])
f.write(config)
f.close
if (node_object[index]['platform'] == 'cisco'):
### THIS SECTION OF CODE WILL OPEN THE RENDERED-CONFIG *.CONF FILE AND STORE IN RENDERED_CONFIG AS A LIST
f = open(
"/rendered-configs/{}.{}".format(
node_object[index]['hostname'],
template.split('.')[0]) + ".conf", "r")
init_config = f.readlines()
### RENDERED_CONFIG IS A LIST OF ALL THE CONFIGS THAT WAS RENDERED FROM THE TEMPLATES (SOURCE OF TRUTH)
if (node_object[index]['platform'] == 'juniper'):
### THIS SECTION OF CODE WILL OPEN THE RENDERED-CONFIG *.CONF FILE AND STORE IN RENDERED_CONFIG AS A LIST
f = open(
"/rendered-configs/{}.{}".format(
node_object[index]['hostname'],
template.split('.')[0]) + ".conf", "r")
init_config = f.readlines()
### RENDERED_CONFIG IS A LIST OF ALL THE CONFIGS THAT WAS RENDERED FROM THE TEMPLATES (SOURCE OF TRUTH)
for config_line in init_config:
strip_config = config_line.strip('\n')
### THIS WILL REMOVE ANY LINES THAT ARE EMPTY OR HAS A '!' MARK
if (strip_config == '' or strip_config == "!"):
continue
else:
rendered_config.append(strip_config)
###UN-COMMENT THE BELOW PRINT STATEMENT FOR DEBUGING PURPOSES
# print ("RENDERED CONFIG: {}".format(rendered_config))
template_list = get_updated_list(template_list_copy)
if (node_object[index]['platform'] == 'cisco'):
redirect.append('get_config')
command.append([''])
### JUNIPER DEVICES WILL RECEIVE A DIFFERENT REDIRECT THAN CISCO PLATFORM
### THREE ADDITIONAL COMMANDS ARE APPENEDED AT THE END, ^D, SHOW | COMPARE AND ROLLBACK 0
### ALL TEMPLATES MATCHING ARE EXECUTED AT ONCE PER DEVICE
elif (node_object[index]['platform'] == 'juniper'):
redirect.append('get_diff')
rendered_config.append('\x04')
rendered_config.append('show | compare')
rendered_config.append('rollback 0')
command.append(rendered_config)
###UN-COMMENT THE BELOW PRINT STATEMENT FOR DEBUGING PURPOSES
# print"REDIRECT: {}".format(redirect)
###UN-COMMENT THE BELOW PRINT STATEMENT FOR DEBUGING PURPOSES
# print"COMMAND: {}".format(command)
# print("[+] [COMPUTING DIFF. STANDBY...]")
multithread_engine(initialize.ntw_device, redirect, command)
### RESETING TEMPLATE_LIST TO ORIGINAL LIST
###UN-COMMENT THE BELOW PRINT STATEMENT FOR DEBUGING PURPOSES
# print("ORIGINAL_LIST: {}".format(template_list_original))
template_list = template_list_original
###UN-COMMENT THE BELOW PRINT STATEMENT FOR DEBUGING PURPOSES
# print("TEMPLATE_LIST: {}".format(template_list))
### REINITIALIZING TEMPLATE_LIST TO THE ORIGINAL LIST OF TEMPLATES
if (auditcreeper):
template_list = template_list_original[0]
### THIS FOR LOOP WILL LOOP THROUGH ALL THE MATCHED ELEMENTS FROM THE USER SEARCH AND AUDIT ON SPECIFIC TEMPLATE OR IF NO ARGUMENT IS GIVEN, ALL TEMPLATES
for index in initialize.element:
### NODE_CONFIG IS THE FINALIZED CONFIG TO PUSH TO THE NODE FOR REMEDIATION
node_configs = []
ntw_device_pop = True
### TEMPLATE_NAME IS SET TO TRUE IN ORDER TO PRINT OUT THE TEMPLATE HEADING WHEN RECURSING
template_name = True
if (not remediation):
print("Only in the device: -")
print("Only in the generated config: +")
print("{}".format(node_object[index]['hostname']))
###UN-COMMENT THE BELOW PRINT STATEMENT FOR DEBUGING PURPOSES
template_list_juniper = template_list[:]
if (node_object[index]['platform'] == 'juniper'):
### THIS WILL RETURN A SORTED JUNIPER TEMPLATE LIST BASED ON JUNIPER'S 'SHOW CONFIGURATION' OUTPUT
template_list = get_sorted_juniper_template_list(template_list)
### THIS WILL LOOP THROUGH ALL THE TEMPLATES SPECIFIED FOR THE PARTICULAR HOST IN NODES.YAML
for template in template_list:
### THIS SECTION IS FOR CISCO SYSTEMS PLATFORM ###
if (node_object[index]['platform'] == 'cisco'):
cisco_audit_diff(node_object, index, template, AUDIT_FILTER_RE,
output, remediation)
### THIS SECTION IS FOR JUNIPER NETWORKS PLATFORM ###
if (node_object[index]['platform'] == 'juniper'):
directory = get_template_directory(
node_object[index]['platform'],
node_object[index]['opersys'], node_object[index]['type'])
### THIS SECTION OF CODE WILL OPEN DIFF-CONFIG *.CONF FILE AND STORE IN DIFF_CONFIG AS A LIST
f = open(
"/diff-configs/{}".format(node_object[index]['hostname']) +
".conf", "r")
init_config = f.readlines()
### DIFF_CONFIG ARE THE DIFFERENTIAL CONFIGS GENERATED BY THE /DIFF-CONFIGS/*.CONF FILE
diff_config = []
for config_line in init_config:
strip_config = config_line.strip('\n')
diff_config.append(strip_config)
###UN-COMMENT THE BELOW PRINT STATEMENT FOR DEBUGING PURPOSES
# print ("DIFF CONFIG: {}".format(diff_config))
RE = re.compile(r'\[edit\s({})'.format(template.split('.')[0]))
search = list(filter(RE.match, diff_config))
if (len(search) == 0):
print("{}{} (none)".format(directory, template))
print('')
no_diff = no_diff + 1
if (no_diff == len(template_list)):
break
if (len(template_list) > 1):
juniper_audit_diff(directory, template, template_list,
diff_config, edit_list, search)
else:
continue
else:
### THIS FIRST SECTION WILL FIND ALL THE INDEXES WITH THE '[edit <TEMPLATE>]' AND APPEND IT TO THE EDIT_LIST
### EDIT_LIST MAINTAINS A LIST OF ALL THE INDEXES THAT PERTAIN TO THE TEMPLATES
for line in diff_config:
if (re.search(
'\[edit\s{}'.format(template.split('.')[0]),
line)):
element = diff_config.index(line)
edit_list.append(element)
###UN-COMMENT THE BELOW PRINT STATEMENT FOR DEBUGING PURPOSES
# print('ELEMENT: {}'.format(element))
# print("{}".format(line))
###UN-COMMENT THE BELOW PRINT STATEMENT FOR DEBUGING PURPOSES
# print('EDIT_LIST 1st: {}'.format(edit_list))
# print("index_of_template_list: {}".format(index_of_template_list))
# print("length_template_list: {}".format(length_template_list))
juniper_audit_diff(directory, template, template_list,
diff_config, edit_list, search)
# print("end_of_template_list: {}".format(end_of_template_list))
### UPON THE LAST TEMPLATE, IT WILL THEN FIND THE CLOSING CURLY BRACES INDEX NUMBER TO APPEND TO THE EDIT_LIST
if (auditcreeper):
initialize.configuration.append(node_configs)
if (ntw_device_pop == True):
initialize.ntw_device.pop(node_index)
initialize.configuration.pop(node_index)
template_list = get_updated_list(template_list_original)
# if(remediation):
# print("[+]: PUSH ENABLED")
# print("[!]: PUSH DISABLED")
return None
def mediator(template_list,node_object,auditcreeper,output,with_remediation):
redirect = []
command = []
template_counter = 0
node_index = 0
AUDIT_FILTER_RE = r'\[.*\]'
template_list_original = template_list[:]
template_list_copy = template_list
authentication = True
"""
:param redirect: A list of which method superloop will access. This variable is sent to the multithread_engine. Each element is a redirect per node.
:type alt_key_file: list
:param command: A list within a list where each element represents per node of commands to execute.
:type command: list
:param template_counter: Used to keep track of the number of templates it cycles through for Juniper.
:type template_counter: int
:param node_index: Keeps track of the index in initialize.ntw_device. If remediation is not required (configs matches template), then the node is popped of initialize.ntw_device and nothing is changed on that device.
:type node_index: int
:param AUDIT_FILTER_RE: Regular expression to filter out the audit filter in every template.
:type AUDIT_FILTER_RE: str
:param template_list_original: Take a duplicate copy of template_list
:type template_list_original: list
:param template_list_copy: Memory reference to template_list
:type template_list_copy: list
"""
"""
The mediator is broken up into two sections. The first section of code will gather all rendered configs first as it's required for all hardware vendors
(Cisco, Juniper & F5). Juniper does not require backup-configs in order to be diff'ed. The diff is server (node) side processed and the results
are returned back to superloop. Cisco hardware_vendors will require backup-configs (get_config) where the diffs are processed locally.
"""
if auditcreeper:
template_list = template_list_copy[0]
for index in initialize.element:
rendered_config = []
if node_object[index]['hardware_vendor'] == 'juniper':
"""
Juniper's diff output are always in a certain stanza order.
The template_list ordered processed may very well not be in the
same order as Juniper's. In order to keep it consistent, we must
call the function get_sorted_juniper_template() and it will
return a sorted Juniper's stanza list.
"""
template_list = get_sorted_juniper_template_list(template_list)
rendered_config.append('load replace terminal')
for template in template_list:
process_jinja2_template(node_object,index,template,with_remediation)
"""
Compiling the rendered configs from template and preparing
for pushing to node.
"""
if node_object[index]['hardware_vendor'] == 'juniper':
template_counter = template_counter + 1
with open('{}/rendered-configs/{}.{}'.format(get_home_directory(),node_object[index]['name'],template.split('.')[0]) + '.conf','r') as file:
init_config = file.readlines()
for config_line in init_config:
strip_config = config_line.strip('\n')
if(strip_config == '' or strip_config == "!"):
continue
else:
rendered_config.append(strip_config)
"""
This below statement will check to see if it's the last
template for the node. It will then append 3 commands to the list.
"""
if template_counter == len(template_list):
rendered_config.append('\x04')
rendered_config.append('show | compare')
rendered_config.append('rollback 0')
"""
Uncomment the below print statement for debugging purposes
"""
#print("RENDERED CONFIG: {}".format(rendered_config))
"""
The below statement will only execute if user is auditing
against multiple templates. If only one template is being
audited, do no pop off element.
"""
if len(template_list) != 1:
template_list = get_updated_list(template_list_copy)
if node_object[index]['hardware_vendor'] == 'cisco' or node_object[index]['hardware_vendor'] == 'f5':
redirect.append('get_config')
command.append([''])
"""
Juniper devices will receive a different redirect than
Cisco. Three additional commands are appeneded
at the end, ^d, show | compare and rollback 0. All templates
matching are executed at once per device
"""
elif node_object[index]['hardware_vendor'] == 'juniper':
redirect.append('get_diff')
command.append(rendered_config)
template_counter = 0
"""
Uncomment the below print statement for debugging purposes
"""
#print('REDIRECT: {}'.format(redirect))
#print('TEMPLATE_LIST: {}'.format(template_list))
#print('COMMAND: {}'.format(command))
multithread_engine(initialize.ntw_device,redirect,command,authentication)
template_list = template_list_original
if(auditcreeper):
template_list = template_list_original[0]
for index in initialize.element:
edit_list = []
node_configs = []
diff_config = []
ntw_device_pop = True
"""
:param edit_list: Anchor points for Juniper audits based on the edit stanza.
:type edit_list: list
:param node_configs: Finalized configs used to push to device
:type node_configs: list
:param diff_config: Differential configs generated by the ~/diff-configs/*.conf file
:type diff_config: list
:param ntw_device_pop: Pop off each node once audit is complete.
:type ntw_device_pop: bool
"""
if not with_remediation:
print("Only in the device: -")
print("Only in the generated config: +")
print ("{}".format(node_object[index]['name']))
if node_object[index]['hardware_vendor'] == 'cisco' or node_object[index]['hardware_vendor'] == 'f5':
generic_audit_diff(node_object,index,template,template_list,AUDIT_FILTER_RE,output,with_remediation)
elif node_object[index]['hardware_vendor'] == 'juniper':
template_list = get_sorted_juniper_template_list(template_list)
directory = get_template_directory(node_object[index]['hardware_vendor'],node_object[index]['opersys'],node_object[index]['type'])
with open('{}/diff-configs/{}'.format(get_home_directory(),node_object[index]['name']) + '.conf','r') as file:
init_config = file.readlines()
for config_line in init_config:
strip_config = config_line.strip('\n')
diff_config.append(strip_config)
for output in diff_config:
if 'errors' in output:
error = True
break
else:
error = False
if error:
print('+ Please check error(s) in template(s)')
break
else:
juniper_mediator(node_object,template_list,diff_config,edit_list,index)
juniper_audit_diff(directory,template_list,diff_config,edit_list)
if auditcreeper:
initialize.configuration.append(node_configs)
if ntw_device_pop == True:
initialize.ntw_device.pop(node_index)
initialize.configuration.pop(node_index)
template_list = get_updated_list(template_list_original)
return None
def auditdiff_engine(template_list, node_object, auditcreeper, output,
remediation):
controller = 'get_config'
command = ''
### PUSH_CONFIGS IS A LIST OF THE FINAL CONFIGS TO BE PUSHED
# push_configs = []
### INDEX_POSITION IS THE INDEX OF ALL THE MATCHED FILTER_CONFIG AGAINST THE BACKUP_CONFIGS. THE INDEX IS COMING FROM THE BACKUP_CONFIG
index_position = 0
### NODE_INDEX KEEPS TRACK OF THE INDEX IN INITIALIZE.NTW_DEVICE. IF REMEDIATION IS NOT REQUIRED (CONFIGS MATCHES TEMPLATE), THEN THE NODE IS POPPED OFF
### INITIALIZE.NTW_DEVICE AND NOTHING IS CHANGED ON THAT DEVICE
node_index = 0
### AUDIT_FILTER_RE IS THE REGULAR EXPRESSION TO FILTER OUT THE AUDIT FILTER IN EVERY TEMPLATE
AUDIT_FILTER_RE = r"\[.*\]"
### TEMPLATE_LIST_COPY TAKE A COPY OF THE CURRENT TEMPLATE_LIST
template_list_copy = template_list
if (auditcreeper):
template_list = template_list_copy[0]
print("[+] [COMPUTING DIFF. STANDBY...]")
multithread_engine(initialize.ntw_device, controller, command)
### THIS FOR LOOP WILL LOOP THROUGH ALL THE MATCHED ELEMENTS FROM THE USER SEARCH AND AUDIT ON SPECIFIC TEMPLATE OR IF NO ARGUMENT IS GIVEN, ALL TEMPLATES
for index in initialize.element:
### NODE_CONFIG IS THE FINALIZED CONFIG TO PUSH TO THE NODE FOR REMEDIATION
node_configs = []
ntw_device_pop = True
### TEMPLATE_NAME IS SET TO TRUE IN ORDER TO PRINT OUT THE TEMPLATE HEADING WHEN RECURSING
template_name = True
if (not remediation):
print("Only in the device: -")
print("Only in the generated config: +")
print("{}".format(node_object[index]['hostname']))
### THIS WILL LOOP THROUGH ALL THE TEMPLATES SPECIFIED FOR THE PARTICULAR HOST IN NODES.YAML
for template in template_list:
### INDEX_LIST IS A LIST OF ALL THE POSITIONS COLLECTED FROM INDEX_POSITION VARIABLE
index_list = []
### FILTER_CONFIG IS A LIST OF COLLECTION OF ALL THE AUDIT FILTERS THAT MATCHED THE LINES IN BACKUP_CONFIG. THESE ENTRIES DO NOT CONTAIN DEPTHS/DEEP CONFIGS
filtered_config = []
### FILTERED_BACKUP_CONFIG IS THE FINAL LIST OF ALL THE AUDIT FILTERS THAT MATCHES THE LINES IN BACKUP_CONFIG. THESE ENTRIES INCLUDE DEPTHS/DEEP CONFIGS
filtered_backup_config = []
### THIS SECTION OF CODE WILL PROCESS THE TEMPLATE AND OUTPUT TO A *.CONF FILE
directory = get_directory(node_object[index]['platform'],
node_object[index]['os'],
node_object[index]['type'])
env = Environment(loader=FileSystemLoader("{}".format(directory)))
baseline = env.get_template(template)
f = open(
"/rendered-configs/{}".format(node_object[index]['hostname']) +
".conf", "w")
### GENERATING TEMPLATE BASED ON NODE OBJECT
config = baseline.render(nodes=node_object[index])
f.write(config)
f.close
### THIS SECTION OF CODE WILL OPEN THE RENDERED-CONFIG *.CONF FILE AND STORE IN RENDERED_CONFIG AS A LIST
f = open(
"/rendered-configs/{}".format(node_object[index]['hostname']) +
".conf", "r")
init_config = f.readlines()
### RENDERED_CONFIG IS A LIST OF ALL THE CONFIGS THAT WAS RENDERED FROM THE TEMPLATES (SOURCE OF TRUTH)
rendered_config = []
for config_line in init_config:
strip_config = config_line.strip('\n')
### THIS WILL REMOVE ANY LINES THAT ARE EMPTY OR HAS A '!' MARK
if (strip_config == '' or strip_config == "!"):
continue
else:
rendered_config.append(strip_config)
###UN-COMMENT THE BELOW PRINT STATEMENT FOR DEBUGING PURPOSES
# print ("RENDERED CONFIG: {}".format(rendered_config))
### THIS SECTION OF CODE WILL OPEN BACKUP-CONFIG *.CONF FILE AND STORE IN BACKUP_CONFIG AS A LIST
f = open(
"/backup-configs/{}".format(node_object[index]['hostname']) +
".conf", "r")
init_config = f.readlines()
backup_config = []
for config_line in init_config:
strip_config = config_line.strip('\n')
backup_config.append(strip_config)
###UN-COMMENT THE BELOW PRINT STATEMENT FOR DEBUGING PURPOSES
# print ("BACKUP CONFIG: {}".format(backup_config))
### THIS WILL OPEN THE JINJA2 TEMPLATE AND PARSE OUT THE AUDIT_FILTER SECTION VIA REGULAR EXPRESSION
directory = get_directory(node_object[index]['platform'],
node_object[index]['os'],
node_object[index]['type'])
f = open("{}".format(directory) + template, "r")
parse_audit = f.readline()
audit_filter = eval(re.findall(AUDIT_FILTER_RE, parse_audit)[0])
###UN-COMMENT THE BELOW PRINT STATEMENT FOR DEBUGING PURPOSES
# print ("AUDIT_FILTER: {}".format(audit_filter))
### FILTER OUT THE BACKUP_CONFIGS WITH THE AUDIT_FILTER
### THIS WILL TAKE EACH ELEMENT FROM THE AUDIT_FILTER LIST AND SEARCH FOR THE MATCHED LINES IN BACKUP_CONFIG
### MATCHED ENTRIES ARE THEN APPENDED TO FILTER_CONFIG VARIABLE AS A LIST
parse_backup_configs = CiscoConfParse(
"/backup-configs/{}".format(node_object[index]['hostname']) +
".conf")
for audit in audit_filter:
current_template = parse_backup_configs.find_objects(
r"^{}".format(audit))
for audit_string in current_template:
filtered_backup_config.append(audit_string.text)
if (audit_string.is_parent):
for child in audit_string.all_children:
filtered_backup_config.append(child.text)
### UN-COMMENT THE BELOW PRINT STATEMENT FOR DEBUGING PURPOSES
# print("FILTERED BACKUP CONFIG: {}".format(filtered_backup_config))
### SYNC_DIFF WILL DIFF OUT THE FILTERED_BACKUP_COFNIG FROM THE RENDERED CONFIG AND STORE WHATEVER COMMANDS THAT
### NEEDS TO BE ADDED/REMOVE IN PUSH_CONFIGS VARIABLE
parse = CiscoConfParse(filtered_backup_config)
push_configs = parse.sync_diff(rendered_config,
"",
ignore_order=True,
remove_lines=True,
debug=False)
if (len(push_configs) == 0):
if (output):
print("{}{} (none)".format(directory, template))
print
else:
### THIS WILL JUST PRINT THE HEADING OF THE TEMPLATE NAME SO YOU KNOW WHAT IS BEING CHANGED UNDER WHICH TEMPLATE
if (output):
print("{}{}".format(directory, template))
for line in push_configs:
search = parse_backup_configs.find_objects(
r"^{}".format(line))
if ('no' in line):
line = re.sub("no", "", line)
if (not remediation):
print("-{}".format(line))
elif (len(search) == 0):
if (not remediation):
print("+ {}".format(line))
elif (len(search) > 1):
if (not remediation):
print("+ {}".format(line))
else:
if (not remediation):
print(" {}".format(line))
###UN-COMMENT THE BELOW PRINT STATEMENT FOR DEBUGING PURPOSES
# print("PUSH_CONFIGS: {}".format(push_configs))
if (remediation):
### THIS STEP WILL APPEND REMEDIATION CONFIGS FROM TEMPLATE (EXPECTED RESULTS)
for config in push_configs:
node_configs.append(config)
ntw_device_pop = False
### INITIALIZE.COFIGURATION APPENDS ALL THE REMEDIATED CONFIGS AND PREPARES IT FOR PUSH
if (auditcreeper == False):
initialize.configuration.append(node_configs)
node_index = node_index + 1
if (auditcreeper):
initialize.configuration.append(node_configs)
if (ntw_device_pop == True):
initialize.ntw_device.pop(node_index)
initialize.configuration.pop(node_index)
template_list = get_template(template_list_copy)
# if(remediation):
# print("[+]: PUSH ENABLED")
# print("[!]: PUSH DISABLED")
return None
def auditdiff_engine(template_list, node_object, auditcreeper):
controller = 'get_config'
command = ''
### PUSH_CONFIGS IS A LIST OF THE FINAL CONFIGS TO BE PUSHED
push_configs = []
### INDEX_POSITION IS THE INDEX OF ALL THE MATCHED FILTER_CONFIG AGAINST THE BACKUP_CONFIGS. THE INDEX IS COMING FROM THE BACKUP_CONFIG
index_position = 0
### NODE_INDEX KEEPS TRACK OF THE INDEX IN INITIALIZE.NTW_DEVICE. IF REMEDIATION IS NOT REQUIRED (CONFIGS MATCHES TEMPLATE), THEN THE NODE IS POPPED OFF
### INITIALIZE.NTW_DEVICE AND NOTHING IS CHANGED ON THAT DEVICE
node_index = 0
### AUDIT_FILTER_RE IS THE REGULAR EXPRESSION TO FILTER OUT THE AUDIT FILTER IN EVERY TEMPLATE
AUDIT_FILTER_RE = r"\[.*\]"
### TEMPLATE_LIST_COPY TAKE A COPY OF THE CURRENT TEMPLATE_LIST
template_list_copy = template_list
if (auditcreeper):
template_list = template_list_copy[0]
print("[+] [GATHERING RUNNING-CONFIG. STANDBY...]")
multithread_engine(initialize.ntw_device, controller, command)
### THIS FOR LOOP WILL LOOP THROUGH ALL THE MATCHED ELEMENTS FROM THE USER SEARCH AND AUDIT ON SPECIFIC TEMPLATE OR IF NO ARGUMENT IS GIVEN, ALL TEMPLATES
for index in initialize.element:
### NODE_CONFIG IS THE FINALIZED CONFIG TO PUSH TO THE NODE FOR REMEDIATION
node_configs = []
ntw_device_pop = True
### TEMPLATE_NAME IS SET TO TRUE IN ORDER TO PRINT OUT THE TEMPLATE HEADING WHEN RECURSING
template_name = True
first_parent = True
previous_parent = ''
print("Only in the device: -")
print("Only in the generated config: +")
print("{}".format(node_object[index]['hostname']))
for template in template_list:
### INDEX_LIST IS A LIST OF ALL THE POSITIONS COLLECTED FROM INDEX_POSITION VARIABLE
index_list = []
### FILTER_CONFIG IS A LIST OF COLLECTION OF ALL THE AUDIT FILTERS THAT MATCHED THE LINES IN BACKUP_CONFIG. THESE ENTRIES DO NOT CONTAIN DEPTHS/DEEP CONFIGS
filtered_config = []
### FILTERED_BACKUP_CONFIG IS THE FINAL LIST OF ALL THE AUDIT FILTERS THAT MATCHES THE LINES IN BACKUP_CONFIG. THESE ENTRIES INCLUDE DEPTHS/DEEP CONFIGS
filtered_backup_config = []
### THIS SECTION OF CODE WILL PROCESS THE TEMPLATE AND OUTPUT TO A *.CONF FILE
directory = get_directory(node_object[index]['platform'],
node_object[index]['os'],
node_object[index]['type'])
env = Environment(loader=FileSystemLoader("{}".format(directory)))
baseline = env.get_template(template)
f = open(
"/rendered-configs/{}".format(node_object[index]['hostname']) +
".conf", "w")
### GENERATING TEMPLATE BASED ON NODE OBJECT
config = baseline.render(nodes=node_object[index])
f.write(config)
f.close
### THIS SECTION OF CODE WILL OPEN THE RENDERED-CONFIG *.CONF FILE AND STORE IN RENDERED_CONFIG AS A LIST
f = open(
"/rendered-configs/{}".format(node_object[index]['hostname']) +
".conf", "r")
init_config = f.readlines()
### RENDERED_CONFIG IS A LIST OF ALL THE CONFIGS THAT WAS RENDERED FROM THE TEMPLATES (SOURCE OF TRUTH)
rendered_config = []
for config_line in init_config:
strip_config = config_line.strip('\n')
### THIS WILL REMOVE ANY LINES THAT ARE EMPTY OR HAS A '!' MARK
if (strip_config == '' or strip_config == "!"):
continue
else:
rendered_config.append(strip_config)
###UN-COMMENT THE BELOW PRINT STATEMENT FOR DEBUGING PURPOSES
# print ("RENDERED CONFIG: {}".format(rendered_config))
### THIS SECTION OF CODE WILL OPEN BACKUP-CONFIG *.CONF FILE AND STORE IN BACKUP_CONFIG AS A LIST
f = open(
"/backup-configs/{}".format(node_object[index]['hostname']) +
".conf", "r")
init_config = f.readlines()
backup_config = []
for config_line in init_config:
strip_config = config_line.strip('\n')
backup_config.append(strip_config)
###UN-COMMENT THE BELOW PRINT STATEMENT FOR DEBUGING PURPOSES
# print ("BACKUP CONFIG: {}".format(backup_config))
### THIS WILL OPEN THE JINJA2 TEMPLATE AND PARSE OUT THE AUDIT_FILTER SECTION VIA REGULAR EXPRESSION
directory = get_directory(node_object[index]['platform'],
node_object[index]['os'],
node_object[index]['type'])
f = open("{}".format(directory) + template, "r")
parse_audit = f.readline()
audit_filter = eval(re.findall(AUDIT_FILTER_RE, parse_audit)[0])
###UN-COMMENT THE BELOW PRINT STATEMENT FOR DEBUGING PURPOSES
# print ("{}".format(audit_filter))
### FILTER OUT THE BACKUP_CONFIGS WITH THE AUDIT_FILTER
### THIS WILL TAKE EACH ELEMENT FROM THE AUDIT_FILTER LIST AND SEARCH FOR THE MATCHED LINES IN BACKUP_CONFIG
### MATCHED ENTRIES ARE THEN APPENDED TO FILTER_CONFIG VARIABLE AS A LIST
for audit in audit_filter:
parse_backup_configs = CiscoConfParse(
"/backup-configs/{}".format(node_object[index]
['hostname']) + ".conf")
current_template = parse_backup_configs.find_objects(
r"^{}".format(audit))
for audit_string in current_template:
filtered_backup_config.append(audit_string.text)
if (audit_string.is_parent):
for child in audit_string.all_children:
filtered_backup_config.append(child.text)
###UN-COMMENT THE BELOW PRINT STATEMENT FOR DEBUGING PURPOSES
# print("FILTERED BACKUP CONFIG: {}".format(filtered_backup_config))
### FILTERED_SET/RENDERED_SET RETURNS A DICTIONARY OF THE NUMBER OF TIMES A CONFIG IS REPEATED IN THE LIST
filtered_backup_set = Counter(filtered_backup_config)
rendered_set = Counter(rendered_config)
minus_commands_counter = filtered_backup_set - rendered_set
plus_commands_counter = rendered_set - filtered_backup_set
### MINUS_COMMANDS IS A LIST OF COMMANDS THAT EXIST ON THE NODE THAT SHOULDN'T BE WHEN COMPARED AGAINST THE TEMPLATE
### PLUS_COMMAND IS A LIST OF COMMAND THAT DOESN'T EXIST ON THE NODE THAT SHOULD BE WHEN COMPARED AGAINST THE TEMPLATE
minus_commands = list(minus_commands_counter.elements())
plus_commands = list(plus_commands_counter.elements())
# print("MINUS_COMMANDS: {}".format(minus_commands))
# print("PLUS_COMMANDS:: {}".format(plus_commands))
### THIS SECTION OF CODE CHECKS TO SEE IF THE LENGTH OF THE TWO LIST IS EQUAL TO ZERO, THEN NOTHING HAS TO BE REMEDIATED
if (len(minus_commands) == 0 and len(plus_commands) == 0
and auditcreeper == False):
print("{}{} (none)".format(directory, template))
print
initialize.ntw_device.pop(node_index)
if (len(minus_commands) == 0 and len(plus_commands) == 0
and auditcreeper == True):
print("{}{} (none)".format(directory, template))
print
elif (len(minus_commands) >= 1 or len(plus_commands) >= 1):
### THIS WILL JUST PRINT THE HEADING OF THE TEMPLATE NAME SO YOU KNOW WHAT IS BEING CHANGED UNDER WHICH TEMPLATE
print("{}{}".format(directory, template))
### THIS SECTION OF CODE WILL PRINT THE DIFF OF WHAT CONFIG(S) WILL BE CHANGING
for line in difflib.unified_diff(filtered_backup_config,
rendered_config,
n=5):
if (line.startswith("---") or line.startswith("+++")
or line.startswith("@")):
continue
else:
print line
if (line.startswith("-")):
config_line = line.strip()
### THIS IF CONDITION IS TO SATISFY SOME CASES WHERE IT HAS A HYPEN IN BETWEEN A CONFIG. EX SNMP-SERVER
if (re.match("-\w.+\-", config_line)):
config_line = re.sub("^\-", "no ", config_line)
push_configs.append(config_line)
elif (re.match("-", config_line)):
config_line = re.sub("-", "no ", config_line)
push_configs.append(config_line)
elif (re.match("-\s\w", line)):
config_line = re.sub("-", "no", config_line)
push_configs.append(config_line)
elif (line.startswith("+")):
config_line = line.strip()
config_line = line.strip("+")
push_configs.append(config_line)
else:
config_line = line.strip("\n")
push_configs.append(config_line)
print("")
### THIS SECTION OF CODE WILL CHECK FOR THE WHITE SPACES FROM THE BEGINNING OF THE LIST
### IF THE ELEMENT HAS 1 WHITE SPACE, IT THEN KNOWS IT'S A PARENT CONFIG
### ANYTHING GREATER THAN 1 WHITE SPACE IS A PARENT/CHILD
config_index = 0
whitespace = len(push_configs[config_index]) - len(
push_configs[config_index].lstrip())
while (whitespace != 1):
push_configs.pop(config_index)
whitespace = len(push_configs[config_index]) - len(
push_configs[config_index].lstrip())
###UN-COMMENT THE BELOW PRINT STATEMENT FOR DEBUGING PURPOSES
# print("PUSH_CONFIGS: {}".format(push_configs))
### THIS STEP WILL APPEND REMEDIATION CONFIGS FROM TEMPLATE
for config in push_configs:
node_configs.append(config)
ntw_device_pop = False
### INITIALIZE.COFIGURATION APPENDS ALL THE REMEDIATED CONFIGS AND PREPARES IT FOR PUSH
if (auditcreeper == False):
initialize.configuration.append(node_configs)
node_index = node_index + 1
if (auditcreeper):
initialize.configuration.append(node_configs)
if (ntw_device_pop == True):
initialize.ntw_device.pop(node_index)
initialize.configuration.pop(node_index)
template_list = get_template(template_list_copy)
return None
