def to_fortinet(self, dev, commands=None, extra=None): self.creds=get_device_password('fortinet') commands = [b'diagnose sys session filter src 10.65.64.1', b'diagnose sys session filter dst 8.8.8.8', ] #proto_state for tcp 1 established, 2 syn sent, 3 syn/ack, 5 time wait, 6 close # first digit is server second is client return commands
def to_adtran(self, dev, commands=None, extra=None): cmds = [b'show running-config'] self.timeout = 300 if dev.deviceType == 'OLT': self.creds = get_device_password('olt') return cmds
def to_fortinet(self, dev, commands=None, extra=None): self.creds = get_device_password('fortinet') commands = [ 'get router info routing-table database', 'diagnose sys sdwan health-check', #check sdwan ip sla probess\ 'get router info kernel 17' ] #show sdwan ip sla routes return commands
def pty_connect(device, action, creds=None, display_banner=None, ping_test=False, init_commands=None): """ Connect to a device and log in. Use SSHv2 or telnet as appropriate. :param device: A :class:`~trigger.netdevices.NetDevice` object. :param action: A Protocol object (not class) that will be activated when the session is ready. :param creds: is a 2-tuple (username, password). By default, .tacacsrc AOL credentials will be used. Override that here. :param display_banner: Will be called for SSH pre-authentication banners. It will receive two args, 'banner' and 'language'. By default, nothing will be done with the banner. :param ping_test: If set, the device is pinged and succeed in order to proceed. :param init_commands: A list of commands to execute upon logging into the device. """ d = defer.Deferred() # Only proceed if ping succeeds if ping_test: log.msg('Pinging %s' % device, debug=True) if not ping(device.nodeName): log.msg('Ping to %s failed' % device, debug=True) return None # SSH? log.msg('SSH TYPES: %s' % settings.SSH_TYPES, debug=True) if device.manufacturer in settings.SSH_TYPES: if hasattr(sys, 'ps1') or not sys.stderr.isatty() \ or not sys.stdin.isatty() or not sys.stdout.isatty(): # Shell not in interactive mode. pass else: if not creds and device.is_firewall(): creds = tacacsrc.get_device_password(str(device)) factory = TriggerSSHPtyClientFactory(d, action, creds, display_banner, init_commands) log.msg('Trying SSH to %s' % device, debug=True) reactor.connectTCP(device.nodeName, 22, factory) # or Telnet? else: factory = TriggerTelnetClientFactory(d, action, creds, init_commands=init_commands) log.msg('Trying telnet to %s' % device, debug=True) reactor.connectTCP(device.nodeName, 23, factory) return d
def to_fortinet(self, dev, commands=None, extra=None): cmds = [ #'config vdom', #'edit ESNH-ICN', 'get system interface' ] self.creds = get_device_password('esnh-icn-fwl') return cmds
def to_fortinet(self, dev, commands=None, extra=None): self.creds = get_device_password('fortinet') commands = [ b'diagnose sniffer packet <interface> "<filter>" <verbosity> <count> <time> <size>' ] """ verbosity 4: shows interface 3,6: show payload """ return commands
def generate_endpoint(device): """Generate Trigger endpoint for a given device. The purpose of this function is to generate endpoint clients for use by a `~trigger.netdevices.NetDevice` object. :param device: `~trigger.netdevices.NetDevice` object """ creds = tacacsrc.get_device_password(device.nodeName) return TriggerSSHShellClientEndpointBase.newConnection( reactor, creds.username, device, password=creds.password)
def to_fortinet(self, dev, commands=None, extra=None): self.creds=get_device_password('fortinet') commands = [b'diagnose debug enable', #disable b'diagnose debug flow filter addr 220.233.199.237', #b'diagnose debug flow filter port 4443', b'diagnose debug flow trace start 100', b'diagnose debug flow trace stop', ] return commands
def to_fortinet(self, dev, commands=None, extra=None): self.creds = get_device_password('fortinet') commands = [ b'config log memory setting', b'set status enable', b'end', b'get log memory filter', b'config log memory filter', b'set severity information', b'end', b'execute log filter field srcip ' + sys.argv[1].encode('utf-8'), b'execute log display' ] return commands
def generate_endpoint(device): """Generate Trigger endpoint for a given device. The purpose of this function is to generate endpoint clients for use by a `~trigger.netdevices.NetDevice` object. :param device: `~trigger.netdevices.NetDevice` object """ creds = tacacsrc.get_device_password(device.nodeName) return TriggerSSHShellClientEndpointBase.newConnection( reactor, creds.username, device, password=creds.password )
def test_trigger(): from twisted.internet import reactor nd = NetDevices() dev = nd.find('fortinet') d = defer.Deferred() creds = tacacsrc.get_device_password(dev.nodeName) factory = TriggerSSHPtyClientFactory(d, Interactor(), creds, display_banner=None, init_commands=None, device=dev) reactor.connectTCP(dev.nodeName, 22, factory) d.addCallback(lambda x: stop_reactor()) cli.setup_tty_for_pty(reactor.run)
def __init__(self, deferred, creds=None, init_commands=None): self.d = deferred self.tcrc = tacacsrc.Tacacsrc() if creds is None: log.msg('creds not defined, fetching...', debug=True) realm = settings.DEFAULT_REALM creds = self.tcrc.creds.get(realm, tacacsrc.get_device_password(realm)) self.creds = creds self.results = None self.err = None # Setup and run the initial commands if init_commands is None: init_commands = [] # We need this to be a list self.init_commands = init_commands log.msg('INITIAL COMMANDS: %r' % self.init_commands, debug=True) self.initialized = False
def execute_netscreen(device, commands, creds=None, incremental=None, with_errors=False, timeout=settings.DEFAULT_TIMEOUT): """ Connect to a NetScreen device. See execute_junoscript(). """ assert device.manufacturer in ('JUNIPER', 'NETSCREEN TECHNOLOGIES') assert device.is_firewall() if not creds: creds = tacacsrc.get_device_password(str(device)) d = defer.Deferred() channel = TriggerSSHNetscreenChannel factory = TriggerSSHChannelFactory(d, commands, creds, incremental, with_errors, timeout, channel) log.msg('Trying Netscreen SSH to %s' % device, debug=True) reactor.connectTCP(device.nodeName, 22, factory) return d
def to_fortinet(self, dev, commands=None, extra=None): self.creds=get_device_password('fortinet') commands = [b'diagnose ip address list'] return commands
def to_fortinet(self, dev, commands=None, extra=None): cmds = [b'show'] self.timeout = 300 self.creds = get_device_password('fortinet') return cmds
def to_juniper(self, dev, commands=None, extra=None): cmds = [b'show system users'] self.creds = creds = get_device_password('tor') return cmds
def to_adtran(self, dev, commands=None, extra=None): cmds = [b'show users'] if dev.deviceType == 'OLT': self.creds = get_device_password('olt') return cmds
nothing more than device type and credentials this can provide extremely helpful to just build a quick NetDevices CSV and gather a bunch of info quickly. For example:: """ import os from trigger import tacacsrc from trigger.conf import settings from trigger.netdevices import NetDevices from trigger.contrib.commando.plugins import gather_info settings.NETDEVICES_SOURCE = os.path.abspath('het-netdevices.json') settings.DEFAULT_REALM = 'het' os.environ['TRIGGER_ENABLEPW'] = \ tacacsrc.get_device_password(settings.DEFAULT_REALM).password device_list = NetDevices() gi = GatherInfo(devices=device_list) gi.run() print(gi.results) gi = GatherInfo(devices='hsc-hmg-uu-gw') gi.run() print(gi.results) from trigger.netdevices import NetDevices from trigger.contrib.commando.plugins import gather_info nd = NetDevices()
def to_juniper(self, dev, commands=None, extra=None): cmds = ['show vlans brief'] self.creds = creds = get_device_password('esnh-swt-00') return cmds
import pwd import socket import sys from trigger.tacacsrc import Tacacsrc, get_device_password, convert_tacacsrc from trigger.utils.cli import yesno if not yesno('This will overwrite your .tacacsrc.gpg and all gnupg configuration, are you sure?'): sys.exit(1) (username, err, uid, gid, name, homedir, shell) = pwd.getpwuid(os.getuid()) print ''' ======== [ READ ME READ ME READ ME READ ME ] ================ The following settings must be configured: Real name: %s Email Address: %s@%s Comment: First Last ============================================================= ''' % (username, username, socket.getfqdn()) os.system('gpg --gen-key') if yesno('Would you like to convert your OLD tacacsrc configuration file to your new one?') and os.path.isfile(homedir+'/.tacacsrc') convert_tacacsrc() else: print "Old tacacsrc not converted." get_device_password()
def to_juniper(self, dev, commands=None, extra=None): cmds = ['show ethernet-switching table | match ' + self.commands] self.creds = creds = get_device_password('tor') return cmds
def to_adtran(self, dev, commands=None, extra=None): cmds = ['show mac address-table | include ' + self.commands] if dev.deviceType == 'OLT': self.creds = get_device_password('olt') return cmds
def to_fortinet(self, dev, commands=None, extra=None): cmds = ['get system arp | grep ' + self.commands] self.creds = get_device_password('fortinet') return cmds
def to_juniper(self, dev, commands=None, extra=None): return self.commands def printResults(cmd): for c_id, c_info in cmd.results.items(): for key in c_info: print("DEV: {} CMD: {}\n{}".format(c_id, key, c_info[key].decode('utf-8'))) if __name__ == '__main__': tor1 = ['tor1', 'tor', 'tor2'] c_tor1 = Tor1(tor1, creds=get_device_password('tor'), ) instances = [c_tor1] deferreds = [] for i in instances: deferreds.append(i.run()) d = defer.DeferredList(deferreds) d.addBoth(stop_reactor) reactor.run() for i in instances: printResults(i)
def to_juniper(self, dev, commands=None, extra=None): cmds = [b'show configuration | display set'] self.timeout = 300 self.creds = creds = get_device_password('tor') return cmds
def to_juniper(self, dev, commands=None, extra=None): return self.commands def printResults(cmd): for c_id, c_info in cmd.results.items(): for key in c_info: print("DEV: {} CMD: {}\n{}".format(c_id, key, c_info[key].decode('utf-8'))) if __name__ == '__main__': c_tor1 = Tor1( ['tor1'], creds=get_device_password('tor'), ) c_tor2 = Tor2( ['tor2'], creds=get_device_password('tor'), ) instances = [c_tor1, c_tor2] deferreds = [] for i in instances: deferreds.append(i.run()) d = defer.DeferredList(deferreds) d.addBoth(stop_reactor)
def to_fortinet(self, dev, commands=None, extra=None): commands = ['get system admin list'] self.creds = get_device_password('fortinet') return commands
print('Result:') print(data) if __name__ == '__main__': # Replace these with real device IPs/hostnames in your network devices = ['olt'] # nd = NetDevices() # dev = nd.find('svp00c') # async = dev.execute(['show clock']) # async.addCallback(print_me) c1 = showSessionList( devices, creds=get_device_password('olt'), ) instances = [c1] # Once every task has returned a result, stop the reactor deferreds = [] for i in instances: deferreds.append(i.run()) d = defer.DeferredList(deferreds) d.addBoth(stop_reactor) reactor.run() for c_id, c_info in c1.results.items():
def to_fortinet(self, dev, commands=None, extra=None): self.creds = get_device_password('fortinet') commands = [b'get sys session list', b'diag sys session stat'] return commands