def to_fortinet(self, dev, commands=None, extra=None):
self.creds=get_device_password('fortinet')
commands = [b'diagnose sys session filter src 10.65.64.1',
b'diagnose sys session filter dst 8.8.8.8',
] #proto_state for tcp 1 established, 2 syn sent, 3 syn/ack, 5 time wait, 6 close
# first digit is server second is client
return commands
def to_adtran(self, dev, commands=None, extra=None):
cmds = [b'show running-config']
self.timeout = 300
if dev.deviceType == 'OLT':
self.creds = get_device_password('olt')
return cmds
def to_fortinet(self, dev, commands=None, extra=None):
self.creds = get_device_password('fortinet')
commands = [
'get router info routing-table database',
'diagnose sys sdwan health-check', #check sdwan ip sla probess\
'get router info kernel 17'
] #show sdwan ip sla routes
return commands
def pty_connect(device, action, creds=None, display_banner=None,
ping_test=False, init_commands=None):
"""
Connect to a device and log in. Use SSHv2 or telnet as appropriate.
:param device: A :class:`~trigger.netdevices.NetDevice` object.
:param action: A Protocol object (not class) that will be activated when
the session is ready.
:param creds: is a 2-tuple (username, password). By default, .tacacsrc AOL
credentials will be used. Override that here.
:param display_banner: Will be called for SSH pre-authentication banners.
It will receive two args, 'banner' and 'language'. By default,
nothing will be done with the banner.
:param ping_test: If set, the device is pinged and succeed in order to
proceed.
:param init_commands: A list of commands to execute upon logging into
the device.
"""
d = defer.Deferred()
# Only proceed if ping succeeds
if ping_test:
log.msg('Pinging %s' % device, debug=True)
if not ping(device.nodeName):
log.msg('Ping to %s failed' % device, debug=True)
return None
# SSH?
log.msg('SSH TYPES: %s' % settings.SSH_TYPES, debug=True)
if device.manufacturer in settings.SSH_TYPES:
if hasattr(sys, 'ps1') or not sys.stderr.isatty() \
or not sys.stdin.isatty() or not sys.stdout.isatty():
# Shell not in interactive mode.
pass
else:
if not creds and device.is_firewall():
creds = tacacsrc.get_device_password(str(device))
factory = TriggerSSHPtyClientFactory(d, action, creds, display_banner,
init_commands)
log.msg('Trying SSH to %s' % device, debug=True)
reactor.connectTCP(device.nodeName, 22, factory)
# or Telnet?
else:
factory = TriggerTelnetClientFactory(d, action, creds,
init_commands=init_commands)
log.msg('Trying telnet to %s' % device, debug=True)
reactor.connectTCP(device.nodeName, 23, factory)
return d
def to_fortinet(self, dev, commands=None, extra=None):
cmds = [
#'config vdom',
#'edit ESNH-ICN',
'get system interface'
]
self.creds = get_device_password('esnh-icn-fwl')
return cmds
def to_fortinet(self, dev, commands=None, extra=None):
self.creds = get_device_password('fortinet')
commands = [
b'diagnose sniffer packet <interface> "<filter>" <verbosity> <count> <time> <size>'
]
"""
verbosity 4: shows interface
3,6: show payload
"""
return commands
def generate_endpoint(device):
"""Generate Trigger endpoint for a given device.
The purpose of this function is to generate endpoint clients for use by a `~trigger.netdevices.NetDevice` object.
:param device: `~trigger.netdevices.NetDevice` object
"""
creds = tacacsrc.get_device_password(device.nodeName)
return TriggerSSHShellClientEndpointBase.newConnection(
reactor, creds.username, device, password=creds.password)
def to_fortinet(self, dev, commands=None, extra=None):
self.creds=get_device_password('fortinet')
commands = [b'diagnose debug enable', #disable
b'diagnose debug flow filter addr 220.233.199.237',
#b'diagnose debug flow filter port 4443',
b'diagnose debug flow trace start 100',
b'diagnose debug flow trace stop',
]
return commands
def to_fortinet(self, dev, commands=None, extra=None):
self.creds = get_device_password('fortinet')
commands = [
b'config log memory setting', b'set status enable', b'end',
b'get log memory filter', b'config log memory filter',
b'set severity information', b'end',
b'execute log filter field srcip ' + sys.argv[1].encode('utf-8'),
b'execute log display'
]
return commands
def generate_endpoint(device):
"""Generate Trigger endpoint for a given device.
The purpose of this function is to generate endpoint clients for use by a `~trigger.netdevices.NetDevice` object.
:param device: `~trigger.netdevices.NetDevice` object
"""
creds = tacacsrc.get_device_password(device.nodeName)
return TriggerSSHShellClientEndpointBase.newConnection(
reactor, creds.username, device, password=creds.password
)
def test_trigger():
from twisted.internet import reactor
nd = NetDevices()
dev = nd.find('fortinet')
d = defer.Deferred()
creds = tacacsrc.get_device_password(dev.nodeName)
factory = TriggerSSHPtyClientFactory(d,
Interactor(),
creds,
display_banner=None,
init_commands=None,
device=dev)
reactor.connectTCP(dev.nodeName, 22, factory)
d.addCallback(lambda x: stop_reactor())
cli.setup_tty_for_pty(reactor.run)
def __init__(self, deferred, creds=None, init_commands=None):
self.d = deferred
self.tcrc = tacacsrc.Tacacsrc()
if creds is None:
log.msg('creds not defined, fetching...', debug=True)
realm = settings.DEFAULT_REALM
creds = self.tcrc.creds.get(realm, tacacsrc.get_device_password(realm))
self.creds = creds
self.results = None
self.err = None
# Setup and run the initial commands
if init_commands is None:
init_commands = [] # We need this to be a list
self.init_commands = init_commands
log.msg('INITIAL COMMANDS: %r' % self.init_commands, debug=True)
self.initialized = False
def execute_netscreen(device, commands, creds=None, incremental=None,
with_errors=False, timeout=settings.DEFAULT_TIMEOUT):
"""
Connect to a NetScreen device. See execute_junoscript().
"""
assert device.manufacturer in ('JUNIPER', 'NETSCREEN TECHNOLOGIES')
assert device.is_firewall()
if not creds:
creds = tacacsrc.get_device_password(str(device))
d = defer.Deferred()
channel = TriggerSSHNetscreenChannel
factory = TriggerSSHChannelFactory(d, commands, creds, incremental,
with_errors, timeout, channel)
log.msg('Trying Netscreen SSH to %s' % device, debug=True)
reactor.connectTCP(device.nodeName, 22, factory)
return d
def to_fortinet(self, dev, commands=None, extra=None):
self.creds=get_device_password('fortinet')
commands = [b'diagnose ip address list']
return commands
def to_fortinet(self, dev, commands=None, extra=None):
cmds = [b'show']
self.timeout = 300
self.creds = get_device_password('fortinet')
return cmds
def to_juniper(self, dev, commands=None, extra=None):
cmds = [b'show system users']
self.creds = creds = get_device_password('tor')
return cmds
def to_adtran(self, dev, commands=None, extra=None):
cmds = [b'show users']
if dev.deviceType == 'OLT':
self.creds = get_device_password('olt')
return cmds
nothing more than device type and credentials this can provide extremely
helpful to just build a quick NetDevices CSV and gather a bunch of info
quickly. For example::
"""
import os
from trigger import tacacsrc
from trigger.conf import settings
from trigger.netdevices import NetDevices
from trigger.contrib.commando.plugins import gather_info
settings.NETDEVICES_SOURCE = os.path.abspath('het-netdevices.json')
settings.DEFAULT_REALM = 'het'
os.environ['TRIGGER_ENABLEPW'] = \
tacacsrc.get_device_password(settings.DEFAULT_REALM).password
device_list = NetDevices()
gi = GatherInfo(devices=device_list)
gi.run()
print(gi.results)
gi = GatherInfo(devices='hsc-hmg-uu-gw')
gi.run()
print(gi.results)
from trigger.netdevices import NetDevices
from trigger.contrib.commando.plugins import gather_info
nd = NetDevices()
def to_juniper(self, dev, commands=None, extra=None):
cmds = ['show vlans brief']
self.creds = creds = get_device_password('esnh-swt-00')
return cmds
import pwd
import socket
import sys
from trigger.tacacsrc import Tacacsrc, get_device_password, convert_tacacsrc
from trigger.utils.cli import yesno
if not yesno('This will overwrite your .tacacsrc.gpg and all gnupg configuration, are you sure?'):
sys.exit(1)
(username, err, uid, gid, name, homedir, shell) = pwd.getpwuid(os.getuid())
print '''
======== [ READ ME READ ME READ ME READ ME ] ================
The following settings must be configured:
Real name: %s
Email Address: %s@%s
Comment: First Last
=============================================================
''' % (username, username, socket.getfqdn())
os.system('gpg --gen-key')
if yesno('Would you like to convert your OLD tacacsrc configuration file to your new one?')
and os.path.isfile(homedir+'/.tacacsrc')
convert_tacacsrc()
else:
print "Old tacacsrc not converted."
get_device_password()
def to_juniper(self, dev, commands=None, extra=None):
cmds = ['show ethernet-switching table | match ' + self.commands]
self.creds = creds = get_device_password('tor')
return cmds
def to_adtran(self, dev, commands=None, extra=None):
cmds = ['show mac address-table | include ' + self.commands]
if dev.deviceType == 'OLT':
self.creds = get_device_password('olt')
return cmds
def to_fortinet(self, dev, commands=None, extra=None):
cmds = ['get system arp | grep ' + self.commands]
self.creds = get_device_password('fortinet')
return cmds
def to_juniper(self, dev, commands=None, extra=None):
return self.commands
def printResults(cmd):
for c_id, c_info in cmd.results.items():
for key in c_info:
print("DEV: {} CMD: {}\n{}".format(c_id,
key,
c_info[key].decode('utf-8')))
if __name__ == '__main__':
tor1 = ['tor1', 'tor', 'tor2']
c_tor1 = Tor1(tor1, creds=get_device_password('tor'), )
instances = [c_tor1]
deferreds = []
for i in instances:
deferreds.append(i.run())
d = defer.DeferredList(deferreds)
d.addBoth(stop_reactor)
reactor.run()
for i in instances:
printResults(i)
def to_juniper(self, dev, commands=None, extra=None):
cmds = [b'show configuration | display set']
self.timeout = 300
self.creds = creds = get_device_password('tor')
return cmds
def to_juniper(self, dev, commands=None, extra=None):
return self.commands
def printResults(cmd):
for c_id, c_info in cmd.results.items():
for key in c_info:
print("DEV: {} CMD: {}\n{}".format(c_id, key,
c_info[key].decode('utf-8')))
if __name__ == '__main__':
c_tor1 = Tor1(
['tor1'],
creds=get_device_password('tor'),
)
c_tor2 = Tor2(
['tor2'],
creds=get_device_password('tor'),
)
instances = [c_tor1, c_tor2]
deferreds = []
for i in instances:
deferreds.append(i.run())
d = defer.DeferredList(deferreds)
d.addBoth(stop_reactor)
def to_fortinet(self, dev, commands=None, extra=None):
commands = ['get system admin list']
self.creds = get_device_password('fortinet')
return commands
print('Result:')
print(data)
if __name__ == '__main__':
# Replace these with real device IPs/hostnames in your network
devices = ['olt']
# nd = NetDevices()
# dev = nd.find('svp00c')
# async = dev.execute(['show clock'])
# async.addCallback(print_me)
c1 = showSessionList(
devices,
creds=get_device_password('olt'),
)
instances = [c1]
# Once every task has returned a result, stop the reactor
deferreds = []
for i in instances:
deferreds.append(i.run())
d = defer.DeferredList(deferreds)
d.addBoth(stop_reactor)
reactor.run()
for c_id, c_info in c1.results.items():
def to_fortinet(self, dev, commands=None, extra=None):
self.creds = get_device_password('fortinet')
commands = [b'get sys session list', b'diag sys session stat']
return commands
