def delete_module_api_config(argspec, module, deepsec_request):
    if module.params and module.params.get("api_keys"):
        deleted_key = []
        for each in module.params["api_keys"]:
            key_name = each["key_name"]
            want = map_params_to_obj(each, key_transform)
            search_by_id = search_for_pre_existing_key(want, deepsec_request)
            if "id" in search_by_id:
                delete_return = delete_config_with_id(
                    module,
                    deepsec_request,
                    api_object.split("/")[2],
                    search_by_id["id"],
                    api_return,
                )
                if delete_return.get("message"):
                    error_msg = "Delete for ApiKey with key_name: {0}, failed with error: {1}".format(
                        key_name, delete_return["message"])
                    module.fail_json(msg=error_msg)
                deleted_key.append(key_name)
        if deleted_key:
            module.exit_json(
                msg="{0} with name: {1} deleted successfully!".format(
                    api_return, deleted_key),
                changed=True,
            )
        else:
            module.exit_json(changed=False)
def main():

    argspec = dict(
        state=dict(choices=["present", "absent"], default="present"),
        name=dict(required=True, type="str"),
        description=dict(type="str"),
        scan_type=dict(type="str", choices=["real-time", "on-demand"]),
        document_exploit_protection_enabled=dict(type="bool"),
        document_exploit_protection=dict(
            type="str", choices=["critical-only", "critical-and-heuristic"]),
        document_exploit_heuristic_level=dict(
            type="str", choices=["default", "default-and-agressive"]),
        machine_learning_enabled=dict(type="bool"),
        behavior_monitoring_enabled=dict(type="bool"),
        document_recovery_enabled=dict(type="bool"),
        intelli_trap_enabled=dict(type="bool"),
        memory_scan_enabled=dict(type="bool"),
        spyware_enabled=dict(type="bool"),
        alert_enabled=dict(type="bool"),
        directories_to_scan=dict(type="str",
                                 choices=["all-directories",
                                          "directory-list"]),
        directory_list_id=dict(type="int"),
        files_to_scan=dict(
            type="str",
            choices=[
                "all-files",
                "intelliscan-file-types",
                "file-extension-list",
            ],
        ),
        file_extension_list_id=dict(type="int"),
        excluded_directory_list_id=dict(type="int"),
        excluded_file_list_id=dict(type="int"),
        excluded_file_extension_list_id=dict(type="int"),
        excluded_process_image_file_list_id=dict(type="int"),
        real_time_scan=dict(type="str",
                            choices=["read-only", "write-only", "read-write"]),
        scan_compressed_enabled=dict(type="bool"),
        scan_compressed_maximum_size=dict(type="int"),
        scan_compressed_maximum_levels=dict(type="int"),
        scan_compressed_maximum_files=dict(type="int"),
        microsoft_office_enabled=dict(type="bool"),
        microsoft_office_layers=dict(type="int"),
        network_directories_enabled=dict(type="bool"),
        custom_remediation_actions_enabled=dict(type="bool"),
        custom_scan_actions_enabled=dict(type="bool"),
        scan_action_for_virus=dict(
            type="str",
            choices=["pass", "delete", "quarantine", "clean", "deny-access"],
        ),
        scan_action_for_trojans=dict(
            type="str",
            choices=["pass", "delete", "quarantine", "deny-access"]),
        scan_action_for_packer=dict(
            type="str",
            choices=["pass", "delete", "quarantine", "deny-access"]),
        scan_action_for_spyware=dict(
            type="str",
            choices=["pass", "delete", "quarantine", "deny-access"]),
        scan_action_for_other_threats=dict(
            type="str",
            choices=["pass", "delete", "quarantine", "clean", "deny-access"],
        ),
        scan_action_for_cookies=dict(type="str", choices=["pass", "delete"]),
        scan_action_for_cve=dict(
            type="str",
            choices=["pass", "delete", "quarantine", "deny-access"]),
        scan_action_for_heuristics=dict(
            type="str",
            choices=["pass", "delete", "quarantine", "deny-access"]),
        scan_action_for_possible_malware=dict(
            type="str",
            choices=[
                "active-action",
                "pass",
                "delete",
                "quarantine",
                "deny-access",
            ],
        ),
        cpu_usage=dict(type="str", choices=["low", "medium", "high"]),
    )

    module = AnsibleModule(argument_spec=argspec, supports_check_mode=True)
    deepsec_request = DeepSecurityRequest(module)
    want = map_params_to_obj(remove_empties(module.params))
    # Search for existing Anti Malware config via Get call
    search_existing_anti_malware_config = check_if_config_exists(
        deepsec_request,
        want["name"],
        "antimalwareconfigurations",
        "antiMalwareConfigurations",
    )

    if ("ID" in search_existing_anti_malware_config
            and module.params["state"] == "absent"):
        delete_config_with_id(
            module,
            deepsec_request,
            "antimalwareconfigurations",
            search_existing_anti_malware_config["ID"],
            "antiMalwareConfigurations",
            handle_return=True,
        )
    elif ("ID" not in search_existing_anti_malware_config
          and module.params["state"] == "absent"):
        module.exit_json(changed=False)
    else:
        anti_malware_config = deepsec_request.post(
            "/api/antimalwareconfigurations", data=want)
        if "ID" in search_existing_anti_malware_config:
            module.exit_json(
                anti_malware_config=search_existing_anti_malware_config,
                changed=False,
            )
        elif anti_malware_config.get("message"):
            module.fail_json(msg=anti_malware_config["message"])
        else:
            module.exit_json(anti_malware_config=anti_malware_config,
                             changed=True)
    module.exit_json(changed=False)
示例#3
0
def main():

    argspec = dict(
        state=dict(choices=["present", "absent"], required=True),
        name=dict(required=True, type="str"),
        description=dict(type="str", required=False),
        action=dict(
            type="str",
            choices=["log-only", "allow", "deny", "force-allow", "bypass"],
            required=False,
        ),
        priority=dict(type="str",
                      choices=["0", "1", "2", "3", "4"],
                      required=False),
        direction=dict(type="str",
                       choices=["incoming", "outgoing"],
                       required=False),
        frame_type=dict(
            type="str",
            choices=["any", "ip", "arp", "revarp", "ipv4", "ipv6", "other"],
            required=False,
        ),
        frame_number=dict(type="int", required=False),
        frame_not=dict(type="bool", required=False),
        protocol=dict(
            type="str",
            choices=[
                "any",
                "icmp",
                "igmp",
                "ggp",
                "tcp",
                "pup",
                "udp",
                "idp",
                "nd",
                "raw",
                "tcp-udp",
                "icmp6",
                "other",
            ],
            required=False,
        ),
        protocol_number=dict(type="int", required=False),
        protocol_not=dict(type="bool", required=False),
        source_iptype=dict(
            type="str",
            choices=[
                "any",
                "masked-ip",
                "range",
                "ip-list",
                "single",
                "multiple",
            ],
            required=False,
        ),
        source_ipvalue=dict(type="str", required=False),
        source_ipmask=dict(type="str", required=False),
        source_iprange_from=dict(type="str", required=False),
        source_iprange_to=dict(type="str", required=False),
        source_ipmultiple=dict(type="list", elements="str", required=False),
        source_iplist_id=dict(type="int", required=False),
        source_ipnot=dict(type="bool", required=False),
        source_mactype=dict(
            type="str",
            choices=["any", "single", "mac-list", "multiple"],
            required=False,
        ),
        source_macvalue=dict(type="str", required=False),
        source_macmultiple=dict(type="list", elements="str", required=False),
        source_maclist_id=dict(type="int", required=False),
        source_macnot=dict(type="bool", required=False),
        source_port_type=dict(
            type="str",
            choices=["any", "multiple", "port-list"],
            required=False,
        ),
        source_port_multiple=dict(type="list", elements="str", required=False),
        source_port_list_id=dict(type="int", required=False),
        source_port_not=dict(type="bool", required=False),
        destination_iptype=dict(
            type="str",
            choices=[
                "any",
                "masked-ip",
                "range",
                "ip-list",
                "single",
                "multiple",
            ],
            required=False,
        ),
        destination_ipvalue=dict(type="str", required=False),
        destination_ipmask=dict(type="str", required=False),
        destination_iprange_from=dict(type="str", required=False),
        destination_iprange_to=dict(type="str", required=False),
        destination_ipmultiple=dict(type="list",
                                    elements="str",
                                    required=False),
        destination_iplist_id=dict(type="int", required=False),
        destination_ipnot=dict(type="bool", required=False),
        destination_mactype=dict(
            type="str",
            choices=["any", "single", "mac-list", "multiple"],
            required=False,
        ),
        destination_macvalue=dict(type="str", required=False),
        destination_macmultiple=dict(type="list",
                                     elements="str",
                                     required=False),
        destination_maclist_id=dict(type="int", required=False),
        destination_macnot=dict(type="bool", required=False),
        destination_port_type=dict(
            type="str",
            choices=["any", "multiple", "port-list"],
            required=False,
        ),
        destination_port_multiple=dict(type="list",
                                       elements="str",
                                       required=False),
        destination_port_list_id=dict(type="int", required=False),
        destination_port_not=dict(type="bool", elements="int", required=False),
        any_flags=dict(type="bool", required=False),
        log_disabled=dict(type="bool", required=False),
        include_packet_data=dict(type="bool", required=False),
        alert_enabled=dict(type="bool", required=False),
        context_id=dict(type="int", required=False),
        tcpflags=dict(
            type="list",
            elements="str",
            choices=["fin", "syn", "rst", "psh", "ack", "urg"],
            required=False,
        ),
        tcpnot=dict(type="bool", required=False),
        icmptype=dict(type="int", required=False),
        icmpcode=dict(type="int", required=False),
        icmpnot=dict(type="bool", required=False),
    )

    api_object = "/api/firewallrules"
    api_return = "firewallRules"

    module = AnsibleModule(argument_spec=argspec, supports_check_mode=True)
    deepsec_request = DeepSecurityRequest(module)
    want = map_params_to_obj(remove_empties(module.params))

    search_existing_firewallrules = check_if_config_exists(
        deepsec_request, want["name"],
        api_object.split("/")[2], api_return)

    if ("ID" in search_existing_firewallrules
            and module.params["state"] == "absent"):
        delete_config_with_id(
            module,
            deepsec_request,
            api_object.split("/")[2],
            search_existing_firewallrules["ID"],
            api_return,
        )
    elif ("ID" not in search_existing_firewallrules
          and module.params["state"] == "absent"):
        module.exit_json(changed=False)
    else:
        firewallrules = deepsec_request.post("{0}".format(api_object),
                                             data=want)
        if "ID" in search_existing_firewallrules:
            module.exit_json(firewallrules=search_existing_firewallrules,
                             changed=False)
        elif firewallrules.get("message"):
            module.fail_json(msg=firewallrules["message"])
        else:
            module.exit_json(firewallrules=firewallrules, changed=True)
    module.exit_json(changed=False)
示例#4
0
def main():

    log_files_spec_list = {
        "location":
        dict(type="str"),
        "format":
        dict(
            type="str",
            choices=[
                "syslog",
                "snort-full",
                "snort-fast",
                "apache",
                "iis",
                "squid",
                "nmapg",
                "mysql-log",
                "postgresql-log",
                "dbj-multilog",
                "eventlog",
                "single-line-text-log",
            ],
        ),
    }

    log_files_spec = {
        "log_files":
        dict(type="list", elements="dict", options=log_files_spec_list)
    }

    argspec = dict(
        state=dict(choices=["present", "absent"], default="present"),
        name=dict(required=True, type="str"),
        description=dict(type="str"),
        minimum_agent_version=dict(type="str"),
        minimum_manager_version=dict(type="str"),
        type=dict(type="str"),
        original_issue=dict(type="int"),
        last_updated=dict(type="int"),
        identifier=dict(type="str"),
        template=dict(type="str", choices=["basic-rule", "custom"]),
        rule_id=dict(type="int"),
        level=dict(type="int"),
        groups=dict(type="list", elements="str"),
        rule_description=dict(type="str"),
        pattern=dict(type="str"),
        pattern_type=dict(type="str", choices=["string", "regex"]),
        dependency=dict(type="str", choices=["none", "rule", "group"]),
        dependency_rule_id=dict(type="int"),
        dependency_group=dict(type="str"),
        frequency=dict(type="int"),
        time_frame=dict(type="int"),
        rule_xml=dict(type="str"),
        log_files=dict(type="dict", options=log_files_spec),
        alert_enabled=dict(type="bool"),
        alert_minimum_severity=dict(type="int"),
        recommendations_mode=dict(
            type="str", choices=["enabled", "ignored", "unknown", "disabled"]),
        sort_order=dict(type="int"),
        can_be_assigned_alone=dict(type="bool"),
        depends_onrule_id=dict(type="list", elements="str"),
    )

    module = AnsibleModule(argument_spec=argspec, supports_check_mode=True)
    deepsec_request = DeepSecurityRequest(module)
    want = map_params_to_obj(remove_empties(module.params))

    search_existing_log_inspection_rules = check_if_config_exists(
        deepsec_request,
        want["name"],
        "loginspectionrules",
        "logInspectionRules",
    )

    if ("ID" in search_existing_log_inspection_rules
            and module.params["state"] == "absent"):
        delete_config_with_id(
            module,
            deepsec_request,
            "loginspectionrules",
            search_existing_log_inspection_rules["ID"],
            "logInspectionRules",
            handle_return=True,
        )
    elif ("ID" not in search_existing_log_inspection_rules
          and module.params["state"] == "absent"):
        module.exit_json(changed=False)
    else:
        log_inspection_rules = deepsec_request.post("/api/loginspectionrules",
                                                    data=want)
        if "ID" in search_existing_log_inspection_rules:
            module.exit_json(
                log_inspection_rules=search_existing_log_inspection_rules,
                changed=False,
            )
        elif log_inspection_rules.get("message"):
            module.fail_json(msg=log_inspection_rules["message"])
        else:
            module.exit_json(log_inspection_rules=log_inspection_rules,
                             changed=True)
    module.exit_json(changed=False)
示例#5
0
def main():
    argspec = dict(
        state=dict(
            choices=["present", "absent", "gathered"], default="present"
        ),
        id=dict(type="str"),
        name=dict(type="str"),
        description=dict(type="str"),
        server=dict(type="str"),
        port=dict(type="int", default=514),
        transport=dict(
            type="str", choices=["udp", "tcp", "tls"], default="udp"
        ),
        event_format=dict(
            type="str", choices=["standard", "cef", "leef"], default="cef"
        ),
        facility=dict(
            type="str",
            choices=[
                "kernel",
                "user",
                "mail",
                "daemon",
                "authorization",
                "syslog",
                "printer",
                "news",
                "uucp",
                "clock",
                "authpriv",
                "ftp",
                "ntp",
                "log-audit",
                "log-alert",
                "cron",
                "local0",
                "local1",
                "local2",
                "local3",
                "local4",
                "local5",
                "local6",
                "local7",
            ],
            default="local0",
        ),
        certificate_chain=dict(type="list", elements="str"),
        private_key=dict(type="str", no_log=True),
        direct=dict(type="bool", default=False),
    )
    api_object = "/rest/syslog-configurations"
    api_return = "syslogConfiguration"
    api_get_return = "syslogConfigurations"
    api_create_obj = "CreateSyslogConfigurationRequest"

    module = AnsibleModule(argument_spec=argspec, supports_check_mode=True)
    deepsec_request = DeepSecurityRequest(module)
    # Get the configured Syslog config when state is gathered
    if module.params["state"] == "gathered":
        result = check_if_syslog_config_exists(
            module, deepsec_request, None, api_object, api_get_return
        )
        module.exit_json(gathered=result, changed=False)
    want = map_params_to_obj(remove_empties(module.params))
    # Search for existing syslog config via Get call
    search_existing_syslog_config = check_if_syslog_config_exists(
        module, deepsec_request, want["name"], api_object, api_get_return
    )

    if (
        "ID" in search_existing_syslog_config
        and module.params["state"] == "absent"
    ):
        delete_config_with_id(
            module,
            deepsec_request,
            api_object.split("/")[2],
            search_existing_syslog_config["ID"],
            api_return,
            False,
            handle_return=True,
        )
    elif (
        "ID" not in search_existing_syslog_config
        and module.params["state"] == "absent"
    ):
        module.exit_json(changed=False)
    else:
        # create legacy API request body for creating Syslog-Configurations
        want = {api_create_obj: {api_return: want}}
        syslog_config = deepsec_request.post(
            "{0}".format(api_object), data=want
        )
        if "ID" in search_existing_syslog_config:
            module.exit_json(
                syslog_config=search_existing_syslog_config, changed=False
            )
        elif syslog_config.get("message"):
            module.fail_json(msg=syslog_config["message"])
        else:
            module.exit_json(syslog_config=syslog_config, changed=True)