def create_rules():
conn = db_worker.create_connection()
api_worker.login()
if conn is not None:
cur = conn.cursor()
cur.execute("SELECT * FROM security_policy")
rows = cur.fetchall()
n = 0
for row in rows:
print(row[0], row[1], row[2], row[3], row[4], row[5], row[6],
row[7], row[8], row[9])
# row[0] - Rule_Number
# row[1] - section
# row[2] - name
# row[3] - comments
# row[4] - src
# row[5] - src_neg
# row[6] - dst
# row[7] - dst_neg
# row[8] - services
# row[9] - action
if row[2] is not None:
rule_name = row[2].strip()
else:
rule_name = ""
if row[1] == "True":
api_worker.create_object("add-access-section", {
"name": rule_name,
"layer": config.layer,
"position": "bottom"
})
else:
if row[4] == "Any":
src = "Any"
else:
src = get_modified_members(row[4].split(","), cur)
if row[6] == "Any":
dst = "Any"
else:
dst = get_modified_members(row[6].split(","), cur)
if row[8] == "Any":
srv = "Any"
else:
srv = get_modified_service_members(row[8].split(","))
rule = network_objects.security_rule(row[0], rule_name, src,
row[5], dst, row[7], srv,
row[9].lower(), row[3])
print(rule.number, rule.name, rule.src, rule.src_neg, rule.dst,
rule.dst_neg, rule.services, rule.action, rule.comments)
api_worker.create_new_rule(rule)
n = n + 1
if n == 100:
api_worker.publish_changes()
api_worker.login()
n = 0
api_worker.publish_changes()
else:
print("Error! cannot create the database connection.")
logging.warning("Error! cannot create the database connection.")
def create_fake_object(host_plain):
logging.info("Trying to add to SMS fake object " + host_plain)
response = api_worker.create_object(
"add-host", {
"name": host_plain,
"ip-address": "1.1.1.1",
"color": "green",
"ignore-warnings": "true"
})
response_analyze(response, host_plain)
def create_service(service, cur):
cur.execute("SELECT * FROM services WHERE name='%s'" % (service, ))
rows = cur.fetchone()
service_obj = network_objects.service(rows[0], rows[1], rows[2],
rows[3].lower(), rows[4])
if service_obj.type == "tcp":
# print("TCP servcie!!")
service_obj.print_service()
logging.info("Trying to add to SMS service " + service_obj.name)
response = api_worker.create_object(
"add-service-tcp", {
"name": service_obj.name,
"comments": service_obj.comments,
"port": service_obj.port,
"color": api_worker.choose_color(service_obj),
"ignore-warnings": "true"
})
if response is None:
success_added_services.append(service_obj.name)
else:
error_added_services[service_obj.name] = response
elif service_obj.type == "udp":
service_obj.print_service()
logging.info("Trying to add to SMS service " + service_obj.name)
response = api_worker.create_object(
"add-service-udp", {
"name": service_obj.name,
"comments": service_obj.comments,
"port": service_obj.port,
"color": api_worker.choose_color(service_obj),
"ignore-warnings": "true"
})
if response is None:
success_added_services.append(service_obj.name)
else:
error_added_services[service_obj.name] = response
else:
logging.info("Other service " + service_obj.name)
service_obj.print_service()
def create_host_plain(host_plain, cur):
cur.execute("SELECT * FROM host_plain WHERE name='%s'" % (host_plain, ))
rows = cur.fetchone()
host_plain_obj = network_objects.host_plain(db_worker.del_g_host(rows[0]),
rows[1], rows[2].lower(),
rows[3])
logging.info("Trying to add to SMS host_plain " + host_plain_obj.name)
response = api_worker.create_object(
"add-host", {
"name": host_plain_obj.name,
"comments": host_plain_obj.comments,
"ip-address": host_plain_obj.ip_address,
"color": api_worker.choose_color(host_plain_obj),
"ignore-warnings": "true"
})
response_analyze(response, host_plain_obj.name)
def create_network(network, cur):
cur.execute("SELECT * FROM network WHERE name='%s'" % (network, ))
rows = cur.fetchone()
network_obj = network_objects.network(db_worker.del_g_net(rows[0]),
rows[1], rows[2].lower(), rows[3])
logging.info("Trying to add to SMS network " + network_obj.name + " " +
network_obj.ip_address)
ip = ipaddress.ip_network(network_obj.ip_address)
response = api_worker.create_object(
"add-network", {
"name": network_obj.name,
"comments": network_obj.comments,
"subnet": str(ip.network_address),
"mask-length": str(ip.prefixlen),
"color": api_worker.choose_color(network_obj),
"ignore-warnings": "true"
})
response_analyze(response, network_obj.name)
def create_address_range(address_range, cur):
cur.execute("SELECT * FROM address_range WHERE name='%s'" %
(address_range, ))
rows = cur.fetchone()
address_range_obj = network_objects.address_range(rows[0], rows[1],
rows[2].lower(), rows[3],
rows[4])
logging.info("Trying to add to SMS address_range " +
address_range_obj.name)
response = api_worker.create_object(
"add-address-range", {
"name": address_range_obj.name,
"comments": address_range_obj.comments,
"ip-address-first": address_range_obj.ipaddr_first,
"ip-address-last": address_range_obj.ipaddr_last,
"color": api_worker.choose_color(address_range_obj),
"ignore-warnings": "true"
})
response_analyze(response, address_range_obj.name)
def create_service_group(group, cur):
n = 0
for row in get_members(group, cur):
logging.info(row)
cur.execute("SELECT type FROM service_index WHERE name =(?)", (row, ))
rows_ = cur.fetchone()
# logging.info(rows_)
row_str = str(rows_).strip("()',")
logging.info(row_str)
if row_str == "services" and row not in list_services:
list_services.append(row)
logging.info("Creating service " + row)
create_service(row, cur)
elif row_str == "service_groups" and row not in list_services:
create_service_group(row, cur)
n = n + 1
if n == 100:
api_worker.publish_changes()
api_worker.login()
n = 0
list_services.append(group)
logging.info("Creating service group " + group)
cur.execute("SELECT * FROM service_groups WHERE name='%s'" % (group, ))
rows = cur.fetchone()
print(rows)
service_group_obj = network_objects.service_group(rows[0], rows[1],
rows[2].lower(), rows[3])
logging.info("Trying to add to SMS service group " +
service_group_obj.name)
print("Trying to add to SMS service group " + service_group_obj.name)
response = api_worker.create_object(
"add-service-group", {
"name": service_group_obj.name,
"comments": service_group_obj.comments,
"color": api_worker.choose_color(service_group_obj),
"members": service_group_obj.members.split(","),
"ignore-warnings": "true"
})
if response is None:
success_added_services.append(service_group_obj.name)
else:
error_added_services[service_group_obj.name] = response
def create_network_object_group(network_object_group, cur):
n = 0
for s_ in get_members(network_object_group, cur):
logging.info(s_)
cur.execute("SELECT type FROM network_object_index WHERE name =(?)",
(s_, ))
rows = cur.fetchone()
# logging.info(rows_)
row_str_ = str(rows).strip("()',")
logging.info(row_str_)
print(s_ + " " + row_str_)
if row_str_ == "host_plain" and db_worker.del_g_host(
s_) not in list_network_objects:
s2_ = db_worker.del_g_host(s_)
list_network_objects.append(s2_)
logging.info("Creating host_plain " + s2_)
create_host_plain(s_, cur)
elif row_str_ == "network" and db_worker.del_g_net(
s_) not in list_network_objects:
s2_ = db_worker.del_g_net(s_)
list_network_objects.append(s2_)
logging.info("Creating network " + s2_)
create_network(s_, cur)
elif row_str_ == "address_range" and s_ not in list_network_objects:
list_network_objects.append(s_)
logging.info("Creating address_range " + s_)
create_address_range(s_, cur)
elif row_str_ in obj_should_be_fake and "F_" + s_ not in list_network_objects:
list_network_objects.append("F_" + s_)
logging.info("Creating " + row_str_ + " " + "F_" + s_)
create_fake_object("F_" + s_)
elif row_str_ == "network_object_group" and db_worker.del_g_group(
s_) not in list_network_objects:
s2_ = db_worker.del_g_group(s_)
list_network_objects.append(s2_)
logging.info("Creating network_object_group " + s2_)
create_network_object_group(s_, cur)
n = n + 1
if n == 100:
api_worker.publish_changes()
api_worker.login()
n = 0
cur.execute("SELECT * FROM network_object_group WHERE name='%s'" %
(network_object_group, ))
rows = cur.fetchone()
print(rows)
network_object_group_obj = network_objects.network_object_group(
db_worker.del_g_group(rows[0]), rows[1], rows[2].lower(), rows[3])
logging.info("Trying to add to SMS network_object_group " +
network_object_group_obj.name)
print("Trying to add to SMS network_object_group " +
network_object_group_obj.name)
response = api_worker.create_object(
"add-group", {
"name":
network_object_group_obj.name,
"comments":
network_object_group_obj.comments,
"color":
api_worker.choose_color(network_object_group_obj),
"members":
get_modified_members(network_object_group_obj.members.split(","),
cur),
"ignore-warnings":
"true"
})
response_analyze(response, network_object_group_obj.name)