def reset(self): # Reset everything except: # # - The install language # - The keyboard self.instClass = None self.network = network.Network() self.firewall = firewall.Firewall() self.security = security.Security() self.timezone = timezone.Timezone() self.timezone.setTimezoneInfo( self.instLanguage.getDefaultTimeZone(self.anaconda.rootPath)) self.users = None self.rootPassword = {"isCrypted": False, "password": "", "lock": False} self.auth = "--enableshadow --passalgo=sha512" self.desktop = desktop.Desktop() self.upgrade = None if flags.cmdline.has_key("preupgrade"): self.upgrade = True self.storage = storage.Storage(self.anaconda) self.bootloader = booty.getBootloader(self) self.upgradeRoot = None self.rootParts = None self.upgradeSwapInfo = None self.escrowCertificates = {} if self.anaconda.isKickstart: self.firstboot = FIRSTBOOT_SKIP else: self.firstboot = FIRSTBOOT_DEFAULT # XXX I still expect this to die when kickstart is the data store. self.ksdata = None
def reset(self): # Reset everything except: # # - The mouse # - The install language # - The keyboard self.langSupport = language.Language() self.instClass = None self.network = network.Network() self.firewall = firewall.Firewall() self.security = security.Security() self.timezone = timezone.Timezone() self.accounts = users.Accounts() self.rootPassword = users.RootPassword() self.auth = users.Authentication() self.desktop = desktop.Desktop() self.grpset = None self.upgrade = Boolean() # XXX move fsset and/or diskset into Partitions object? self.fsset.reset() self.diskset = partedUtils.DiskSet() self.partitions = partitions.Partitions() self.bootloader = bootloader.getBootloader() self.dependencies = [] self.handleDeps = CHECK_DEPS self.dbpath = None self.upgradeRoot = None self.rootParts = None self.upgradeSwapInfo = None self.upgradeDeps = "" self.upgradeRemove = [] self.upgradeInfoFound = None self.configFileData = self.tmpData self.firstboot = FIRSTBOOT_DEFAULT
def testFirewall(self): fw = firewall.Firewall('firewallRules.csv') #common cases self.assertTrue(fw.accept_packet("inbound", "tcp", 80, "192.168.1.2")) self.assertTrue( not fw.accept_packet("inbound", "tcp", 8, "192.168.1.2")) self.assertTrue( fw.accept_packet("outbound", "udp", 12, "192.192.19.192")) self.assertTrue( fw.accept_packet("outbound", "tcp", 13054, "192.168.10.11")) self.assertTrue( not fw.accept_packet("outbound", "tcp", 13, "192.192.192.192")) #testing for wrongly ordered set of parameters self.assertTrue( not fw.accept_packet("tcp", "inbound", 81, "192.168.1.2")) #test for invalid port value self.assertTrue( not fw.accept_packet("inbound", "tcp", -80, "192.168.1.2")) self.assertTrue( not fw.accept_packet("outbound", "udp", 0, "192.192.19.192")) #test for invalid ip address self.assertTrue( not fw.accept_packet("outbound", "udp", 1354, "52.12.256.92")) self.assertTrue( not fw.accept_packet("outbound", "udp", 1354, "52.12.256"))
def test_rules2(self): fw = firewall.Firewall("rules2.csv") self.assertEqual(fw.accept_packet("inbound", "tcp", 80, "192.168.1.2"), True) self.assertEqual(fw.accept_packet("inbound", "udp", 53, "192.168.2.1"), False) self.assertEqual( fw.accept_packet("outbound", "tcp", 10234, "192.168.10.11"), False) self.assertEqual(fw.accept_packet("inbound", "tcp", 81, "192.168.1.2"), True) self.assertEqual(fw.accept_packet("inbound", "udp", 24, "52.12.48.92"), False) def test_rules3(self): fw = firewall.Firewall("rules3.csv") self.assertEqual( fw.accept_packet("inbound", "tcp", 0, "192.168.1.2"), True) self.assertEqual( fw.accept_packet("inbound", "udp", 53, "192.168.2.1"), False) self.assertEqual( fw.accept_packet("outbound", "tcp", 10234, "192.168.10.11"), False) self.assertEqual( fw.accept_packet("inbound", "tcp", 81, "192.168.1.2"), False) self.assertEqual( fw.accept_packet("inbound", "udp", 24, "52.12.48.92"), False)
def main(): args = parse_args() logging.basicConfig( level=args.loglevel, format='%(name)s [%(process)d] %(levelname)s %(message)s') if args.loglevel and not args.debug_requests: logging.getLogger('requests').setLevel(logging.WARN) LOG.info('Starting up') LOG.info('Kubernetes is %s', args.kube_endpoint) LOG.info('Etcd is %s', args.etcd_endpoint) LOG.info('Managing interface %s', args.interface) if args.no_driver: iface_driver = None fw_driver = None else: iface_driver = interface.Interface(args.interface) fw_driver = firewall.Firewall(fwchain=args.fwchain, fwmark=args.fwmark) mgr = manager.Manager(etcd_endpoint=args.etcd_endpoint, kube_endpoint=args.kube_endpoint, etcd_prefix=args.etcd_prefix, iface_driver=iface_driver, fw_driver=fw_driver, cidr_ranges=args.cidr_range, refresh_interval=args.refresh_interval, id=args.agent_id) LOG.info('My id is: %s', mgr.id) mgr.run()
def test_part_one(self): "Test part one example of Firewall object" # 1. Create Firewall object from text myobj = firewall.Firewall(text=aoc_20.from_text(PART_ONE_TEXT)) # 2. Check the part one result self.assertEqual(myobj.part_one(verbose=False), PART_ONE_RESULT)
def setUp(self): config = { 'mode': 'firewall', 'rule': 'rules.conf', } iface_int = MockInterface() iface_ext = MockInterface() self.firewall = firewall.Firewall(config, iface_int, iface_ext)
def test_firewall_rules(): firewall_obj = firewall.Firewall("tests/test1.csv") #pdb.set_trace() assert firewall_obj.rules == [ 'inbound,tcp,80,192.168.1.2\r\n', 'outbound,tcp,10000-20000,192.168.10.11\r\n', 'inbound,udp,53,192.168.1.1-192.168.2.5\r\n', 'outbound,udp,1000-2000,52.12.48.92' ]
def test_part_two(self): "Test part two example of Firewall object" # 1. Create Firewall object from text myobj = firewall.Firewall(part2=True, text=aoc_20.from_text(PART_TWO_TEXT)) # 2. Check the part two result self.assertEqual(myobj.part_two(verbose=False), PART_TWO_RESULT)
def __init__(self, config, rawprompt='', stdin=sys.stdin, stdout=sys.stdout): # super(CommandPrompt, self).__init__() CommandPrompt.__init__(self, config, rawprompt="lvsm(live)# ") self.modules = ['director', 'firewall', 'nat', 'virtual', 'real'] self.protocols = ['tcp', 'udp', 'fwm'] self.firewall = firewall.Firewall(self.config['iptables'])
def __init__(self, config, rawprompt='', stdin=sys.stdin, stdout=sys.stdout): # super(CommandPrompt, self).__init__() CommandPrompt.__init__(self, config, rawprompt="lvsm(live)(firewall)# ") self.firewall = firewall.Firewall(self.config['iptables'])
def test_empty_init(self): "Test the default Firewall creation" # 1. Create default Firewall object myobj = firewall.Firewall() # 2. Make sure it has the default values self.assertEqual(myobj.part2, False) self.assertEqual(myobj.text, None) self.assertEqual(len(myobj.ranges), 0)
def test_empty_init(self): """Test default Firewall creation""" # 1. Create default Pipes object myfw = firewall.Firewall() # 2. Make sure it has the default values self.assertEqual(myfw.part2, False) self.assertEqual(myfw.levels, {}) self.assertEqual(myfw.picosecond, 0) self.assertEqual(myfw.final, 0)
def __init__(self, config, rawprompt='', stdin=sys.stdin, stdout=sys.stdout): # Change the word delimiters so that - or . don't cause a new match try: import readline readline.set_completer_delims(' ') except ImportError: pass # super(CommandPrompt, self).__init__() CommandPrompt.__init__(self, config, rawprompt="lvsm(live)(virtual)# ") self.modules = ['director', 'firewall', 'nat', 'virtual', 'real'] self.protocols = ['tcp', 'udp', 'fwm'] self.firewall = firewall.Firewall(self.config['iptables'])
def __init__(self): import desktop, dispatch, firewall, security import system_config_keyboard.keyboard as keyboard from flags import flags self._backend = None self._bootloader = None self.canReIPL = False self.desktop = desktop.Desktop() self.dir = None self.dispatch = dispatch.Dispatcher(self) self.displayMode = None self.extraModules = [] self.firewall = firewall.Firewall() self.id = None self._instClass = None self._instLanguage = None self._intf = None self.isHeadless = False self.keyboard = keyboard.Keyboard() self.ksdata = None self.mediaDevice = None self.methodstr = None self._network = None self.opts = None self._platform = None self.proxy = None self.proxyUsername = None self.proxyPassword = None self.reIPLMessage = None self.rescue = False self.rescue_mount = True self.rootParts = None self.rootPath = "/mnt/sysimage" self.security = security.Security() self.simpleFilter = not iutil.isS390() self.stage2 = None self._storage = None self._timezone = None self.updateSrc = None self.upgrade = flags.cmdline.has_key("preupgrade") self.upgradeRoot = None self.upgradeSwapInfo = None self._users = None self.mehConfig = None self.clearPartTypeSelection = None # User's GUI selection self.clearPartTypeSystem = None # System's selection # *sigh* we still need to be able to write this out self.xdriver = None
def test_part_two_mod(self): """Test the part two example with modulo""" # 1. Create default Pipes object myfw = firewall.Firewall(part2=True, text=aoc_13.from_text(EXAMPLE_TEXT)) # 2. Make sure it has the specified values self.assertEqual(myfw.part2, True) self.assertEqual(len(myfw.levels), 4) self.assertEqual(myfw.picosecond, 0) self.assertEqual(myfw.final, 6) # 3. Test the trip methos self.assertEqual(myfw.part_two_mod(verbose=False, limit=20), 10)
def test_part_one(self): """Test the part one example""" # 1. Create default Pipes object myfw = firewall.Firewall(text=aoc_13.from_text(EXAMPLE_TEXT)) # 2. Make sure it has the specified values self.assertEqual(myfw.part2, False) self.assertEqual(len(myfw.levels), 4) self.assertEqual(myfw.picosecond, 0) self.assertEqual(myfw.final, 6) # 3. Test the trip methos self.assertEqual(myfw.trip(verbose=False), 24)
def part_two(args, input_lines): "Process part two of the puzzle" # 1. Create the puzzle solver solver = firewall.Firewall(part2=True, text=input_lines) # 2. Determine the solution for part two solution = solver.part_two(verbose=args.verbose, limit=args.limit) if solution is None: print("There is no solution") else: print("The solution for part two is %s" % (solution)) # 3. Return result return solution is not None
def testBasicFunctionality(self): firewall = fw.Firewall(testFileName) self.assertTrue( firewall.accept_packet("inbound", "tcp", 80, "192.168.1.2")) self.assertTrue( not firewall.accept_packet("inbound", "tcp", 81, "192.168.1.2")) self.assertTrue( not firewall.accept_packet("inbound", "tcp", 80, "192.168.1.3")) self.assertTrue( firewall.accept_packet("outbound", "udp", 13, "192.192.192.192")) self.assertTrue( firewall.accept_packet("outbound", "udp", 12, "192.192.192.192")) self.assertTrue(not firewall.accept_packet("outbound", "udp", 13, "192.192.192.194")) self.assertTrue(not firewall.accept_packet("outbound", "tcp", 13, "192.192.192.192"))
def test_cases(self): fw = firewall.Firewall("firewall_data.csv") self.assertTrue(fw.accept_packet("inbound", "udp", 53, "192.168.2.1")) self.assertTrue(fw.accept_packet("outbound", "tcp", 10234, "192.168.10.11")) self.assertTrue(fw.accept_packet("inbound", "udp", 1001, "1.1.1.1")) self.assertTrue(fw.accept_packet("outbound", "tcp", 70, "78.32.170.4")) self.assertTrue(fw.accept_packet("inbound", "tcp", 68, "10.0.0.8")) self.assertFalse(fw.accept_packet("inbound", "tcp", 81, "192.168.1.2")) self.assertFalse(fw.accept_packet("inbound", "udp", 24, "52.12.48.92")) self.assertFalse(fw.accept_packet("inbound", "udp", 1001, "255.255.255.255")) self.assertFalse(fw.accept_packet("outbound", "tcp", 71, "78.32.170.4")) self.assertFalse(fw.accept_packet("inbound", "udp", 68, "10.0.0.8")) self.assertFalse(fw.accept_packet("inbound", "udp", 53, "192.168.1.0"))
def test_text_init(self): "Test the Firewall object creation from text" # 1. Create Firewall object from text myobj = firewall.Firewall(text=aoc_20.from_text(EXAMPLE_TEXT)) # 2. Make sure it has the expected values self.assertEqual(myobj.part2, False) self.assertEqual(len(myobj.text), 3) self.assertEqual(len(myobj.ranges), 3) self.assertEqual(myobj.ranges[0][0], 0) self.assertEqual(myobj.ranges[0][1], 2) self.assertEqual(myobj.ranges[1][0], 4) self.assertEqual(myobj.ranges[1][1], 7) # 3. Check methods self.assertEqual(myobj.lowest(), 3) self.assertEqual(myobj.count(9), 2)
def test_text_init(self): """Test firewall creation from text""" # 1. Create default Pipes object myfw = firewall.Firewall(text=aoc_13.from_text(EXAMPLE_TEXT)) # 2. Make sure it has the specified values self.assertEqual(myfw.part2, False) self.assertEqual(len(myfw.levels), 4) self.assertEqual(myfw.picosecond, 0) self.assertEqual(myfw.final, 6) self.assertEqual(myfw.levels[0].level, 0) self.assertEqual(myfw.levels[0].depth, 3) self.assertEqual(myfw.levels[0].position, 0) self.assertEqual(myfw.levels[0].direction, 1) self.assertEqual(myfw.levels[1].depth, 2) self.assertEqual(myfw.levels[4].depth, 4) self.assertEqual(myfw.levels[6].depth, 4) # 3. Test advance method myfw.advance() self.assertEqual(myfw.levels[0].position, 1) self.assertEqual(myfw.levels[1].position, 1) self.assertEqual(myfw.levels[4].position, 1) self.assertEqual(myfw.levels[6].position, 1) self.assertEqual(myfw.picosecond, 1) myfw.advance() self.assertEqual(myfw.levels[0].position, 2) self.assertEqual(myfw.levels[1].position, 0) self.assertEqual(myfw.levels[4].position, 2) self.assertEqual(myfw.levels[6].position, 2) self.assertEqual(myfw.picosecond, 2) myfw.advance() self.assertEqual(myfw.levels[0].position, 1) self.assertEqual(myfw.levels[1].position, 1) self.assertEqual(myfw.levels[4].position, 3) self.assertEqual(myfw.levels[6].position, 3) self.assertEqual(myfw.picosecond, 3)
def test_simple(): # inbound,tcp,80,192.168.1.2 f = firewall.Firewall("inputs/test_simple.csv") assert f.accept_packet("inbound", "tcp", "80", "192.168.1.2") assert not f.accept_packet("inbound", "tcp", "81", "192.168.1.2") # inbound,udp,53,192.168.1.1-192.168.2.5 assert f.accept_packet('inbound', 'udp', '53', '192.168.1.1') assert f.accept_packet('inbound', 'udp', '53', '192.168.1.3') # Edge case test assert f.accept_packet('inbound', 'udp', '53', '192.168.2.5') assert not f.accept_packet('outbound', 'udp', '53', '192.168.2.5') assert not f.accept_packet('outbound', 'tcp', '53', '192.168.2.5') # outbound,tcp,10000-20000,192.168.10.11 # Testing port range assert f.accept_packet('outbound', 'tcp', '10000', '192.168.10.11') assert f.accept_packet('outbound', 'tcp', '20000', '192.168.10.11') assert not f.accept_packet('outbound', 'tcp', '90000', '192.168.10.11')
def reset(self): # Reset everything except: # # - The mouse # - The install language # - The keyboard self.instClass = None self.network = network.Network() self.iscsi = iscsi.iscsi() self.zfcp = zfcp.ZFCP() self.firewall = firewall.Firewall() self.security = security.Security() self.timezone = timezone.Timezone() self.users = None self.rootPassword = {"isCrypted": False, "password": ""} self.auth = "--enableshadow --enablemd5" self.desktop = desktop.Desktop() self.upgrade = None # XXX move fsset and/or diskset into Partitions object? self.fsset.reset() self.diskset = partedUtils.DiskSet(self.anaconda) self.partitions = partitions.Partitions() self.bootloader = bootloader.getBootloader() self.dependencies = [] self.dbpath = None self.upgradeRoot = None self.rootParts = None self.upgradeSwapInfo = None self.upgradeDeps = "" self.upgradeRemove = [] self.upgradeInfoFound = None if rhpl.getArch() == "s390": self.firstboot = FIRSTBOOT_SKIP else: self.firstboot = FIRSTBOOT_DEFAULT # XXX I expect this to die in the future when we have a single data # class and translate ksdata into that instead. self.ksdata = None
def test_accept_packet(): firewall_obj = firewall.Firewall("tests/test1.csv") #pdb.set_trace() assert firewall_obj.accept_packet("inbound", "tcp", 80, "192.168.1.2") == True assert firewall_obj.accept_packet("inbound", "tcp", 80, "192.168.1.3") == False assert firewall_obj.accept_packet("inbound", "udp", 53, "192.168.2.0") == True assert firewall_obj.accept_packet("inbound", "udp", 53, "192.168.2.7") == False assert firewall_obj.accept_packet("outbound", "tcp", 11000, "192.168.10.11") == True assert firewall_obj.accept_packet("outbound", "tcp", 8000, "192.168.10.11") == False assert firewall_obj.accept_packet("outbound", "udp", 1500, "52.12.48.92") == True assert firewall_obj.accept_packet("outbound", "udp", 2001, "52.12.48.92") == False # Checking on bounds assert firewall_obj.accept_packet("inbound", "udp", 80, "192.168.1.2") == False assert firewall_obj.accept_packet("inbound", "tcp", 53, "192.168.2.0") == False assert firewall_obj.accept_packet("outbound", "tcp", 10000, "192.168.10.11") == True assert firewall_obj.accept_packet("outbound", "tcp", 20000, "192.168.10.11") == True assert firewall_obj.accept_packet("outbound", "udp", 1000, "52.12.48.92") == True assert firewall_obj.accept_packet("outbound", "udp", 2000, "52.12.48.92") == True
def refresh_devices(self, devices=(), only_connected=False, expand_vsys=True, include_device_groups=True, add=False, running_config=False): """Refresh device groups and devices using config and operational commands Uses operational command in addition to configuration to gather as much information as possible about Panorama connected devices. The operational commands used are 'show devices all/connected' and 'show devicegroups'. Information gathered about each device includes: - management IP address (can be different from hostname) - serial - version - high availability peer releationships - panorama connection status - device-group sync status Args: devices (list): Limit refresh to these serial numbers only_connected (bool): Ignore devices that are not 'connected' to Panorama (Default: False) expand_vsys (bool): Instantiate a Firewall object for every Vsys (Default: True) include_device_groups (bool): Instantiate :class:`pandevice.panorama.DeviceGroup` objects with Firewall objects added to them. add (bool): Add the new tree of instantiated DeviceGroup and Firewall objects to the Panorama config tree. Warning: This removes all current DeviceGroup and Firewall objects from the configuration tree, and all their children, so it is typically done before building a configuration tree. (Default: False) running_config (bool): Refresh devices from the running configuration (Default: False) Returns: list: If 'include_device_groups' is True, returns a list containing new DeviceGroup instances which contain new Firewall instances. Any Firewall that is not in a device-group is in the list with the DeviceGroup instances. If 'include_device_groups' is False, returns a list containing new Firewall instances. """ logger.debug(self.hostname + ": refresh_devices called") try: # Test if devices is iterable test_iterable = iter(devices) except TypeError: # This probably means a single device was passed in, not an iterable. # Convert to an iterable with a single item. devices = (devices, ) # Remove None from list of devices devices = [x for x in devices if x is not None] # Get the list of managed devices if only_connected: cmd = "show devices connected" else: cmd = "show devices all" devices_xml = self.op(cmd) devices_xml = devices_xml.find("result/devices") # Filter to only requested devices if devices: filtered_devices_xml = ET.Element("devices") for serial, vsys in [(d.serial, d.vsys) for d in devices]: if serial is None: continue entry = devices_xml.find("entry[@name='%s']" % serial) if entry is None: raise err.PanDeviceError( "Can't find device with serial %s attached to Panorama at %s" % (serial, self.hostname)) multi_vsys = yesno(entry.findtext("multi-vsys")) # Create entry if needed if filtered_devices_xml.find( "entry[@name='%s']" % serial) is None: entry_copy = deepcopy(entry) # If multivsys firewall with vsys defined, erase all vsys in filtered if multi_vsys and vsys != "shared" and vsys is not None: entry_copy.remove(entry_copy.find("vsys")) ET.SubElement(entry_copy, "vsys") filtered_devices_xml.append(entry_copy) # Get specific vsys if vsys != "shared" and vsys is not None: vsys_entry = entry.find("vsys/entry[@name='%s']" % vsys) if vsys_entry is None: raise err.PanDeviceError( "Can't find device with serial %s and" " vsys %s attached to Panorama at %s" % (serial, vsys, self.hostname)) vsys_section = filtered_devices_xml.find( "entry[@name='%s']/vsys" % serial) vsys_section.append(vsys_entry) devices_xml = filtered_devices_xml # Manipulate devices_xml so each vsys is a separate device if expand_vsys: original_devices_xml = deepcopy(devices_xml) devices_xml = ET.Element("devices") for entry in original_devices_xml: serial = entry.findtext("serial") for vsys_entry in entry.findall("vsys/entry"): new_vsys_device = deepcopy(entry) new_vsys_device.set("name", serial) ET.SubElement(new_vsys_device, "vsysid").text = vsys_entry.get("name") ET.SubElement( new_vsys_device, "vsysname").text = vsys_entry.findtext("display-name") devices_xml.append(new_vsys_device) # Create firewall instances firewall_instances = firewall.Firewall.refreshall_from_xml( devices_xml, refresh_children=not expand_vsys) if not include_device_groups: if add: self.removeall(firewall.Firewall) self.extend(firewall_instances) return firewall_instances # Create device-groups # Get the list of device groups from configuration XML api_action = self.xapi.show if running_config else self.xapi.get devicegroup_configxml = api_action( "/config/devices/entry[@name='localhost.localdomain']/device-group" ) devicegroup_configxml = devicegroup_configxml.find( "result/device-group") # Get the list of device groups from operational commands devicegroup_opxml = self.op("show devicegroups") devicegroup_opxml = devicegroup_opxml.find("result/devicegroups") # Combine the config XML and operational command XML to get a complete picture # of the device groups pandevice.xml_combine(devicegroup_opxml, devicegroup_configxml) devicegroup_instances = DeviceGroup.refreshall_from_xml( devicegroup_opxml, refresh_children=False) for dg in devicegroup_instances: dg_serials = [ entry.get("name") for entry in devicegroup_opxml.findall( "entry[@name='%s']/devices/entry" % dg.name) ] # Find firewall with each serial for dg_serial in dg_serials: all_dg_vsys = [ entry.get("name") for entry in devicegroup_opxml.findall( "entry[@name='%s']/devices/entry[@name='%s']/vsys/entry" % (dg.name, dg_serial)) ] # Collect the firewall serial entry to get current status information fw_entry = devicegroup_opxml.find( "entry[@name='%s']/devices/entry[@name='%s']" % (dg.name, dg_serial)) if not all_dg_vsys: # This is a single-context firewall, assume vsys1 all_dg_vsys = ["vsys1"] for dg_vsys in all_dg_vsys: fw = next((x for x in firewall_instances if x.serial == dg_serial and x.vsys == dg_vsys), None) if fw is None: # It's possible for device-groups to reference a serial/vsys that doesn't exist # In this case, create the FW instance if not only_connected: fw = firewall.Firewall(serial=dg_serial, vsys=dg_vsys) dg.add(fw) else: # Move the firewall to the device-group dg.add(fw) firewall_instances.remove(fw) fw.state.connected = yesno( fw_entry.findtext("connected")) fw.state.unsupported_version = yesno( fw_entry.findtext("unsupported-version")) fw.state.set_shared_policy_synced( fw_entry.findtext("shared-policy-status")) if add: for dg in devicegroup_instances: found_dg = self.find(dg.name, DeviceGroup) if found_dg is not None: # Move the firewalls to the existing devicegroup found_dg.removeall(firewall.Firewall) found_dg.extend(dg.children) else: # Devicegroup doesn't exist, add it self.add(dg) # Add firewalls that are not in devicegroups self.removeall(firewall.Firewall) self.extend(firewall_instances) return firewall_instances + devicegroup_instances
def run(self): self.ksHandler = makeVersion() if self.file: self.parser = KickstartParser(self.ksHandler) msg = None try: self.parser.readKickstart(self.file) except (KickstartParseError, KickstartValueError) as e: msg = _("The following error was found while parsing your " "kickstart configuration:\n\n%s" % e) except KickstartError: msg = _( "The kickstart file %s could not be opened.") % self.file if msg: dlg = gtk.MessageDialog(None, 0, gtk.MESSAGE_ERROR, gtk.BUTTONS_OK, msg) dlg.set_title(_("Error Parsing Kickstart Config")) dlg.set_position(gtk.WIN_POS_CENTER_ON_PARENT) dlg.set_modal(True) dlg.run() dlg.destroy() sys.exit(0) self.xml = xml name_tag = (_("Kickstart")) comment_tag = (_("Create a kickstart file")) self.toplevel = xml.get_widget("main_window") self.toplevel.connect("destroy", self.destroy) self.toplevel.set_icon(iconPixbuf) #bring in widgets from glade file self.options_notebook = xml.get_widget("options_notebook") self.install_radiobutton = xml.get_widget("install_radiobutton") self.category_clist = xml.get_widget("category_clist") self.open_menu = xml.get_widget("open_menu") self.preview_menu = xml.get_widget("preview_menu") self.save_menu = xml.get_widget("save_menu") self.quit_menu = xml.get_widget("quit_menu") self.about_menu = xml.get_widget("about_menu") #populate category list self.category_view = xml.get_widget("list_view") self.category_store = gtk.ListStore(gobject.TYPE_STRING) self.category_view.set_model(self.category_store) col = gtk.TreeViewColumn(_("Subsection"), gtk.CellRendererText(), text=0) col.set_sort_column_id(0) self.category_view.append_column(col) self.category_list = [(_("Basic Configuration")), (_("Installation Method")), (_("Boot Loader Options")), (_("Partition Information")), (_("Network Configuration")), (_("Authentication")), (_("Firewall Configuration")), (_("Display Configuration")), (_("Package Selection")), (_("Pre-Installation Script")), (_("Post-Installation Script"))] for item in self.category_list: iter = self.category_store.append() self.category_store.set_value(iter, 0, item) #bring in basic functions self.basic_class = basic.basic(self, xml, self.options_notebook, self.ksHandler) # Now that we've loaded the UI elements for the first active thing in the notebook, # draw it so we can display a progress bar when yum starts doing stuff. self.toplevel.show() while gtk.events_pending(): gtk.main_iteration() self.bootloader_class = bootloader.bootloader(xml, self.options_notebook, self.ksHandler) self.install_class = install.install(self, xml, self.category_store, self.category_view, self.options_notebook, self.ksHandler) self.partition_class = partition.partition(xml, self.ksHandler) self.network_class = network.network(xml, self.ksHandler) self.auth_class = auth.auth(xml, self.ksHandler) self.firewall_class = firewall.Firewall(xml, self.ksHandler) self.X_class = xconfig.xconfig(xml, self.ksHandler) self.progress_window = progressWindow.ProgressWindow(self.toplevel) self.packages_class = packages.Packages(xml, self.ksHandler, self.progress_window) self.scripts_class = scripts.scripts(xml, self.ksHandler) self.open_menu.connect("activate", self.on_activate_open) self.preview_menu.connect("activate", self.on_activate_preview_options) self.save_menu.connect("activate", self.on_activate_save_options) self.quit_menu.connect("activate", gtk.main_quit) self.about_menu.connect("activate", self.on_about_activate) self.category_view.connect("cursor_changed", self.on_list_view_row_activated) self.options_notebook.connect("switch-page", self.on_notebook_changed) #show gui self.applyKickstart() self.toplevel.show() gtk.main()
def setUp(self): self.fw = firewall.Firewall()
import os import time import json import shlex import getpass import firewall from colorama import Fore, Style from netfilterqueue import NetfilterQueue global database_filename, total_packets, packet_accepted f = firewall.Firewall() #performing firewall action def commit( payload, action, ): global packet_accepted if action == "ACCEPT": print(Fore.GREEN + "RESULT :: PACKET ACCEPTED" + Style.RESET_ALL) payload.accept() packet_accepted += 1 else: print(Fore.RED + "RESULT :: PACKET DROPPED" + Style.RESET_ALL) payload.drop() #callback for NFQUEUE
def main(): parser = argparse.ArgumentParser(description='ADD Attack Simulation.\ Blue team Agent.') parser.add_argument('-B', help='Run basic check. \ If want to run without any file, put N.', type=str, default=None) parser.add_argument('-L', help='Enable rsyslog. \ Put N for disable rsyslog', type=str, default=None, choices=('Y', 'N')) parser.add_argument('-C', help='Change configuration file. \ If want to run without any file, put N.', type=str, default=None) parser.add_argument('-S', help='Input Snort Rule file.', type=str, default=None) parser.add_argument('-I', help='Snort Interface.', type=str, default=None) parser.add_argument('-M', help='Input Monitoring file list.', type=str, default=None) parser.add_argument('-T', help='Start time of monitoring.', type=int, default=None) parser.add_argument('-F', help='ADD iptable rule file.', type=str, default=None) args = parser.parse_args() sd = static_defense.StaticDefense() if args.B is not None: if args.B == "N": sd.basic_check() else: sd.basic_check(args.B) if args.L == "Y": sd.enable_log() elif args.L == "N": command = "sudo service rsyslog stop" sd._cmd_run(command) if args.C is not None: if args.C == "N": sd.change_file() else: sd.change_file(args.C) sn = snort.Snort() if (args.S is not None) and (args.I is not None): if args.S != "N": sn.add_snort_rule(args.S) sn.snort_start(args.I) mr = monitoring.Monitor() if args.M is not None: with open(args.M, 'r') as file: data = json.load(file) files = data["files"] mr.file_hash(files) if args.T is None: t = int(time.time()) while (1): mr.monitoring(files, t) time.sleep(30) else: while (1): mr.monitoring(files, args.T) time.sleep(30) fw = firewall.Firewall() if args.F is not None: if args.F != "N": fw.add_firewall_rule(args.F) else: fw.add_firewall_rule()