def __init__(self, ifc_key='ScanningThreatRate', asa_key = ScanningThreatDetection.THREAT_DETECTION_SCANNING_RATE): '''Constructor''' self.extra_cli = None SimpleType.__init__(self, ifc_key = ifc_key, asa_key = asa_key, asa_gen_template = ScanningThreatDetection.THREAT_DETECTION_SCANNING_RATE + ' rate-interval %(rate_interval)s average-rate %(average_rate)s burst-rate %(burst_rate)s', response_parser = ScanningThreatDetection.ignore_msg_response_parser)
def ifc2asa(self, no_asa_cfg_stack, asa_cfg_list, interfaces = None): '''Generate ASA configuration from IFC configuration delta. @see DMObject.ifc2asa for parameter details ''' if not self.has_ifc_delta_cfg(): return action = self.get_action() if action == State.NOCHANGE: return if action == State.DESTROY and self.is_removable: self.generate_cli(no_asa_cfg_stack, 'no ' + self.get_cli()) else: self.generate_cli(asa_cfg_list, self.get_cli()) # apply the pool to the management interface value = normalize_param_dict(self.delta_ifc_cfg_value['value']) intf = self.get_top().get_mgmt_interface() if not intf: # default management interface: m0/0 intf = 'm0/0' attr = self.get_mgmt_intf_attributes(intf) if attr == None: return clii = CLIInteraction(mode_command='interface ' + util.normalize_interface_name(intf), command='ip address ' + attr['ip'] + ' ' + attr['mask'] + ' cluster-pool ' + value['pool_name'], response_parser=cluster_response_parser) asa_cfg_list.append(clii) SimpleType.ifc2asa(self, no_asa_cfg_stack, asa_cfg_list)
def __init__(self, name, asa_key = "flow-export destination"): '''Constructor''' self.interface = None SimpleType.__init__(self, name, asa_key, asa_gen_template = 'flow-export destination %(interface)s %(host)s %(port)s', response_parser = TemplateAndCollectors.ignore_msg_response_parser)
def __init__(self, name): SimpleType.__init__( self, name, asa_gen_template="failover link %(interface_name)s %(interface)s", response_parser=failover_response_parser, )
def __init__(self, name): SimpleType.__init__( self, name, is_removable=True, asa_gen_template="failover interface ip %(interface_name)s %(active_ip)s", response_parser=failover_response_parser, )
def __init__(self, name): '''@todo: use Route.__init__ instead of SimpleType.__init__ Route.__init__(self, name, defaults=None, asa_gen_template = 'ipv6 route %(interface)s %(prefix)s %(gateway)s') ''' SimpleType.__init__(self, name, asa_gen_template = 'ipv6 route %(interface)s %(prefix)s %(gateway)s %(hop_count)s %(tunneled)s', defaults = {'hop_count': '', 'tunneled': ''}, response_parser = static_route_response_parser)
def __init__(self): ''' Constructor ''' SimpleType.__init__(self, ifc_key = 'IPSSettings', asa_key = 'ips', asa_gen_template='ips %(operate_mode)s %(fail_mode)s', response_parser = cli_interaction.ignore_warning_response_parser)
def __init__(self, ifc_key='BasicThreatDetectionRateAclDrop', asa_key='threat-detection rate acl-drop'): '''Constructor ''' self.rate_type = None self.extra_cli = None SimpleType.__init__(self, ifc_key, asa_key, asa_gen_template = 'threat-detection rate %(rate)s rate-interval %(rate_interval)s average-rate %(average_rate)s burst-rate %(burst_rate)s', response_parser = cli_interaction.ignore_warning_response_parser)
def __init__(self, ifc_key, asa_key, on_value, response_parser): ''' @param on_value: str The value in the dictionary to turn on the feature, e.g. 'enable' ''' SimpleType.__init__(self, ifc_key, asa_key) self.on_value = on_value self.response_parser = response_parser
def __init__(self, name): SimpleType.__init__( self, name, is_removable=True, asa_gen_template="ip address %(active_ip)s %(netmask)s standby %(standby_ip)s", asa_mode_template="interface %(interface)s", response_parser=failover_response_parser, )
def __init__(self, ifc_key='ExportAllEvent', asa_key='flow-export event-type all'): self.action = None self.destination = None self.config = None self.status = 'enable' template = None if ifc_key == 'ExportAllEvent': template = self.FLOW_EXPORT_ALL_EVENT_DESTINATION + ' %(event_destination)s' elif ifc_key == 'ExportCreationlEvent': template = self.FLOW_EXPORT_CREATION_EVENT_DESTINATION + ' %(event_destination)s' elif ifc_key == 'ExportDenyEvent': template = self.FLOW_EXPORT_DENY_EVENT_DESTINATION + ' %(event_destination)s' SimpleType.__init__(self, ifc_key, asa_key, asa_gen_template = template, response_parser = TemplateAndCollectors.ignore_msg_response_parser)
def parse_multi_parameter_cli(self, cli): """ Override the default implementation in case the CLI does not match asa_gen_template due to optional parameter """ # Take care of the mandatory parameters result = SimpleType.parse_multi_parameter_cli(self, cli, alternate_asa_gen_template=self.asa_gen_template) "Take care of the optional parameters" tokens = cli.split() # The number of tokens must greater than 3, i.e. 'failover interface ip ...' assert len(tokens) > 3 for name in ["interface_name", "active_ip", "standby_ip"]: result[(Type.PARAM, name, "")] = {"state": State.NOCHANGE, "value": ""} option = tokens[3:] # for ipv4, option is: %(interface_name)s %(active_ip)s %(netmask)s standby %(standby_ip)s # for ipv6, option is: %(interface_name)s %(active_ip)s standby %(standby_ip)s result[Type.PARAM, "interface_name", ""]["value"] = option[0] result[Type.PARAM, "active_ip", ""]["value"] = option[1] if ":" not in option[1]: # ipv4 result[(Type.PARAM, "netmask", "")] = {"state": State.NOCHANGE, "value": ""} result[Type.PARAM, "netmask", ""]["value"] = option[2] # skip option[3], which should be the 'standby' keyword result[Type.PARAM, "standby_ip", ""]["value"] = option[4] else: # ipv6, no netmask # skip option[2], which should be the 'standby' keyword result[Type.PARAM, "standby_ip", ""]["value"] = option[3] return result
def parse_multi_parameter_cli(self, cli, alternate_asa_gen_template = None): ''' Override the default implementation in case the CLI does not match asa_gen_template due to optional parameter ''' if not cli.endswith(AdvancedThreatDetection.THREAT_DETECTION_STATISTICS_TCP_INTERCEPT): return SimpleType.parse_multi_parameter_cli(self, cli, alternate_asa_gen_template) return self.parse_intercept_cli(cli)
def parse_multi_parameter_cli(self, cli, alternate_asa_gen_template = None): ''' Override the default implementation in case the CLI does not match asa_gen_template due to optional parameter ''' # Take care of the mandatory parameters result = SimpleType.parse_multi_parameter_cli(self, cli, alternate_asa_gen_template = self.asa_gen_template) #Take care of the optional parameters tokens = cli.split() if tokens[0] == 'no': result = {(Type.PARAM, 'status', '') : {'state': State.NOCHANGE, 'value': 'disable'}} return result # The number of mandatory parameters is 3, i.e. 'threat-detection statistics host' if len(tokens) == 3: return result # no optional parameter option = tokens[3:] if 'number-of-rate' in option: pos = option.index('number-of-rate') + 1 result = {(Type.PARAM, 'number_of_rate', '') : {'state': State.NOCHANGE, 'value': option[pos]}} else: return result return result
def create_cli(self, config, state): ''' Create the CLI using the config and the state ''' if state == State.NOCHANGE: return '' if not config: return '' result = AdvancedThreatDetection.THREAT_DETECTION_STATISTICS if state == State.DESTROY: if self.parent.is_audit(): if self.parent.statistics_exists('statistics'): return None return 'no ' + AdvancedThreatDetection.THREAT_DETECTION_STATISTICS + ' ' + self.stat_type status = 'enable' try: if isinstance(config, dict): status = config.get('status') else: return '' except KeyError: return SimpleType.get_cli(self) if status and status.startswith('disable'): return 'no ' + AdvancedThreatDetection.THREAT_DETECTION_STATISTICS + ' ' + self.stat_type result += ' ' + self.stat_type rate = config.get('number_of_rate') if rate: result += ' number-of-rate ' + str(rate) return result
def parse_cli(self, cli): '''Override ''' if cli.endswith(ScanningThreatDetection.THREAT_DETECTION_SCANNING): return 'disable' if cli.startswith('no ') else 'enable' return SimpleType.parse_cli(self, cli)
def get_cli(self): '''Generate the CLI for this single cluster ip config. ''' assert self.has_ifc_delta_cfg() config = util.normalize_param_dict(self.delta_ifc_cfg_value['value']) mask = config.get('mask') result = SimpleType.get_cli(self) if mask: result += ' mask ' + mask return ' '.join(result.split())
def get_cli(self): """Generate the CLI for this single failover ip config. """ assert self.has_ifc_delta_cfg() config = util.normalize_param_dict(self.delta_ifc_cfg_value["value"]) netmask = config.get("netmask") if ":" not in config.get("active_ip") else "" standby_ip = config.get("standby_ip") result = SimpleType.get_cli(self) result += " " + netmask + " standby " + standby_ip return " ".join(result.split())
def get_cli(self): ''' Generate the CLI for this single CLI with optional parameter 'reset' ''' assert self.has_ifc_delta_cfg() config = util.normalize_param_dict(self.delta_ifc_cfg_value['value']) reset_option = (config.get('idle_reset') == 'enable') if config is not None else False # default value for reset: disable reset_option = ' ' + TIMEOUT_RESET_CLI if reset_option else '' return SimpleType.get_cli(self) + reset_option
def parse_multi_parameter_cli(self, cli): '''Override the default implementation in case the CLI does not have optional max_retries value ''' # Take care of the optional parameters tokens = cli.split() if len(tokens) < len(self.asa_gen_template.split()): cli += ' ' + MAX_RETRIES_DEFAULT return SimpleType.parse_multi_parameter_cli(self, cli, alternate_asa_gen_template = self.asa_gen_template)
def get_cli(self): '''Generate the CLI for this CLACP system-mac configuration. ''' if not self.has_ifc_delta_cfg(): return '' config = util.normalize_param_dict(self.delta_ifc_cfg_value['value']) priority = config.get('priority') result = SimpleType.get_cli(self) if priority: result += ' system-priority ' + priority return ' '.join(result.split())
def parse_single_parameter_cli(self, cli): ''' Parse CLI ''' result = {} find_id = cli.find(self.get_asa_key()) if find_id >= 0: self.destination = cli[find_id + len(self.get_asa_key()) + 1:] if find_id > 0: self.status = 'disable' else: self.status = 'enable' result[(Type.PARAM, 'status', '')] = {'state': State.NOCHANGE, 'value': self.status} result[(Type.PARAM, 'event_destination', '')] = {'state': State.NOCHANGE, 'value': self.destination} return result return SimpleType.parse_cli(self, cli)
def parse_multi_parameter_cli(self, cli): ''' Override the default implementation in case the CLI does not match asa_gen_template due to optional parameter 'reset' ''' # Take care of the mandatory parameters result = SimpleType.parse_multi_parameter_cli(self, cli, alternate_asa_gen_template = self.asa_gen_template) # Take care of the optional parameters tokens = cli.split() # The number of mandatory parameters is the same as the asa_gen_template, i.e. 'service-policy global_policy global' if (result is None) or (len(tokens) == len(self.asa_gen_template.split())): return result # doesn't match or no optional parameter if TIMEOUT_RESET_CLI in tokens[-1:]: # e.g. set connection timeout idle 2:3:4 reset result[(Type.PARAM, 'idle_reset', TIMEOUT_RESET_CLI)] = {'state': State.NOCHANGE, 'value': 'enable'} return result
def parse_multi_parameter_cli(self, cli): ''' Override the default implementation in case the CLI does not match asa_gen_template due to optional parameter ''' # Take care of the mandatory parameters result = SimpleType.parse_multi_parameter_cli(self, cli, alternate_asa_gen_template = self.asa_gen_template) 'Take care of the optional parameters' tokens = cli.split() # The number of tokens must greater than 3, i.e. 'clacp system-mac [H.H.H | auto]' assert len(tokens) > 3 option = tokens[3:] if len(option) > 0: result[(Type.PARAM, 'system-priority', '')] = {'state': State.NOCHANGE, 'value': ''} result[Type.PARAM, 'system-priority', '']['value'] = option[0] return result
def parse_multi_parameter_cli(self, cli): '''Override the default implementation in case the CLI does not match asa_gen_template due to optional parameter ''' 'Take care of the mandatory parameters' result = SimpleType.parse_multi_parameter_cli(self, cli, alternate_asa_gen_template = 'ipv6 route %(interface)s %(prefix)s %(gateway)s') 'Take care of the optional parameters' for name, value in self.defaults.iteritems(): result[(Type.PARAM, name, '')] = {'state': State.NOCHANGE, 'value': value} tokens = cli.split() if len(tokens) == 5: return result #no optional parameter option = tokens[5] if option == 'tunneled': result[Type.PARAM, 'tunneled', '']['value'] = option elif option: result[Type.PARAM, 'hop_count', '']['value'] = option return result
def __init__(self): ''' Constructor ''' SimpleType.__init__(self, 'timeout_idle', 'set connection timeout idle', asa_gen_template='set connection timeout idle %(idle_time)s', defaults={'idle_time': IDLE_TIME_DEFAULT})
def __init__(self, ifc_key, asa_key, default): ''' Constructor ''' SimpleType.__init__(self, ifc_key, asa_key, defaults=default)
def ifc2asa(self, no_asa_cfg_stack, asa_cfg_list): value = self.get_value_with_connector() 'Prevent the deletion of route on management interface or IFC will not able to connect to the ASA' self.is_removable = value.get('interface') != 'management' return SimpleType.ifc2asa(self, no_asa_cfg_stack, asa_cfg_list)
def __init__(self, name): SimpleType.__init__(self, name, asa_gen_template = "ip local pool %(pool_name)s %(start_ip)s-%(end_ip)s", response_parser = cluster_response_parser)
def __init__(self): SimpleType.__init__(self, ifc_key = 'priority', asa_key = 'priority', asa_mode_template = 'cluster group %(group_name)s', asa_gen_template = 'priority %(priority)s')
def __init__(self): SimpleType.__init__(self, ifc_key = 'local_unit', asa_key = 'local-unit', asa_mode_template = 'cluster group %(group_name)s', asa_gen_template = 'local-unit %(local_unit)s')
def __init__(self): ''' Constructor ''' SimpleType.__init__(self, 'timeout_dcd', 'set connection timeout dcd', asa_gen_template='set connection timeout dcd %(retry_interval)s %(max_retries)s', defaults={'retry_interval': RETRY_INTERVAL_DEFAULT, 'max_retries': MAX_RETRIES_DEFAULT})
def __init__(self, name): SimpleType.__init__( self, name, asa_gen_template='failover link %(interface_name)s %(interface)s', response_parser=failover_response_parser)
def __init__(self): SimpleType.__init__( self, ifc_key=AccessGroupGlobal.__name__, asa_key='access-group', asa_gen_template='access-group %(access_list_name)s global')
def __init__(self, instance): SimpleType.__init__( self, ifc_key=instance, asa_key='access-group', asa_gen_template='access-group %(access_list_name)s %(direction)s interface %(interface_name)s')
def __init__(self): SimpleType.__init__(self, ifc_key = 'cluster_interface', asa_key = 'cluster-interface', asa_gen_template='cluster-interface %(interface)s ip %(ip)s %(mask)s', is_removable = False, response_parser = cluster_response_parser)
def __init__(self): SimpleType.__init__(self, ifc_key = 'health_check', asa_key = 'health-check', asa_mode_template = 'cluster group %(group_name)s', asa_gen_template = 'health-check holdtime %(health_check)s')
def __init__(self): SimpleType.__init__(self, ifc_key='clacp', asa_key = 'clacp system-mac', asa_gen_template='clacp system-mac %(system_mac)s')
def __init__(self): SimpleType.__init__(self, ifc_key = 'mtu', asa_key = 'mtu cluster', asa_gen_template='mtu cluster %(mtu)s', response_parser = cluster_response_parser)
def __init__(self, name): SimpleType.__init__(self, name, asa_gen_template='failover polltime', response_parser=failover_response_parser)
def __init__(self): SimpleType.__init__( self, ifc_key='trap_level', asa_key='logging trap', response_parser=cli_interaction.ignore_warning_response_parser)
def __init__(self): SimpleType.__init__(self, ifc_key = 'conn_rebalance', asa_key = 'conn-rebalance', asa_mode_template = 'cluster group %(group_name)s', asa_gen_template = 'conn-rebalance frequency %(conn_rebalance)s')