Hōʻike ʻia ka mana piha o ka launa pū ʻana me nā API ke hoʻohana pū ʻia me ka code program, i ka wā e hiki ai ke hoʻohua i nā noi API a me nā mea hana no ka nānā ʻana i nā pane API. Eia nō naʻe, ʻaʻole ʻike ʻia Kit Hoʻomohala Pūnaewele Python (ma hope aku i kapa ʻia ʻo Python SDK) no API no ka hooponopono wahi kiko, aka, makehewa. Hoʻomaʻamaʻa nui ia i ke ola o nā mea hoʻomohala a me nā mea hoihoi automation. Ua loaʻa iā Python ka kaulana nui i kēia mau lā a ua hoʻoholo wau e hoʻopiha i ka hakahaka a nānā i nā hiʻohiʻona nui. . He mea hoʻohui maikaʻi kēia ʻatikala i kahi ʻatikala ʻē aʻe ma Habré . E nānā mākou pehea e kākau ai i nā palapala me ka Python SDK a e nānā pono i ka hana hou Management API ma ka mana 1.6 (kākoʻo ʻia mai R80.40). No ka hoʻomaopopo ʻana i ka ʻatikala, pono ʻoe i ka ʻike kumu o ka hana ʻana me nā API a me Python.
Ke hoʻomohala nei ʻo Check Point i ka API a i kēia manawa ua hoʻokuʻu ʻia kēia mau mea:
- - hana pū me ke kikowaena mana ma o ka API (a me ka hiki ke hoʻokō i nā palapala ma nā ʻīpuka i hoʻomalu ʻia e ka server mana)
- - hana me nā ʻīpuka palekana
- — e hana ana me ka pahu one ma ke ao Check Point
- - hana pū me ka ʻike ʻike maka ma nā ʻīpuka
- - hana me ka SMB puka hoʻokele hoʻokele puka ()
- - ka launa pū me nā mea hoʻokele IoT
- - hana me (Hoʻonā palekana SD-WAN)
- - hana me
Kākoʻo ka Python SDK i kēia manawa i ka launa pū ʻana me ka Management API a API Gaia. E nānā mākou i nā papa koʻikoʻi, nā ʻano a me nā loli i kēia module.
Ke hoʻokomo nei i ka module
Module cpapi hoʻouka wikiwiki a maʻalahi mai me ke kōkuaʻana o pip. Loaʻa nā ʻōlelo kuhikuhi hoʻonohonoho kikoʻī ma . Hoʻololi ʻia kēia module e hana me nā mana Python 2.7 a me 3.7. Ma kēia ʻatikala, e hāʻawi ʻia nā hiʻohiʻona me ka hoʻohana ʻana iā Python 3.7. Eia naʻe, hiki ke holo pololei ʻia ka Python SDK mai ka Check Point Management Server (Smart Management), akā kākoʻo wale lākou iā Python 2.7, no laila e hāʻawi ka ʻāpana hope i ke code no ka mana 2.7. Ma hope koke o ka hoʻokomo ʻana i ka module, paipai wau e nānā i nā hiʻohiʻona ma nā papa kuhikuhi examples_python2 и examples_python3.
noho hoʻomaka 'ana
I mea e hiki ai iā mākou ke hana me nā ʻāpana o ka module cpapi, pono mākou e lawe mai i ka module cpapi ʻelua mau papa i koi ʻia:
APIClient и APIClientArgs
from cpapi import APIClient, APIClientArgs
Papa APIClientArgs kuleana no ka pili pili i ke kikowaena API, a me ka papa APIClient kuleana no ka launa pū ʻana me ka API.
Ke hoʻoholo nei i nā palena pili
No ka wehewehe ʻana i nā ʻāpana like ʻole no ka hoʻopili ʻana i ka API, pono ʻoe e hana i kahi laʻana o ka papa APIClientArgs. Ma ke kumu, ua koho mua ʻia kāna mau ʻāpana a i ka wā e holo ana i ka palapala ma ka server control, ʻaʻole pono lākou e kuhikuhi.
client_args = APIClientArgs()Akā, i ka wā e holo ai ma luna o kahi mea hoʻokipa ʻaoʻao ʻekolu, pono ʻoe e kuhikuhi i ka liʻiliʻi o ka IP address a i ʻole ka inoa host o ka server API (i ʻike ʻia ʻo ka server hoʻokele). Ma ka laʻana ma lalo nei, wehewehe mākou i ka ʻāpana pili kikowaena a hāʻawi iā ia i ka IP address o ke kikowaena hoʻokele ma ke ʻano he kaula.
client_args = APIClientArgs(server='192.168.47.241')E nānā i nā ʻāpana āpau a me kā lākou mau waiwai paʻamau i hiki ke hoʻohana ʻia i ka wā e pili ana i ka server API:
Nā hoʻopaʻapaʻa o ke ʻano __init__ o ka papa APIClientArgs
class APIClientArgs:
"""
This class provides arguments for APIClient configuration.
All the arguments are configured with their default values.
"""
# port is set to None by default, but it gets replaced with 443 if not specified
# context possible values - web_api (default) or gaia_api
def __init__(self, port=None, fingerprint=None, sid=None, server="127.0.0.1", http_debug_level=0,
api_calls=None, debug_file="", proxy_host=None, proxy_port=8080,
api_version=None, unsafe=False, unsafe_auto_accept=False, context="web_api"):
self.port = port
# management server fingerprint
self.fingerprint = fingerprint
# session-id.
self.sid = sid
# management server name or IP-address
self.server = server
# debug level
self.http_debug_level = http_debug_level
# an array with all the api calls (for debug purposes)
self.api_calls = api_calls if api_calls else []
# name of debug file. If left empty, debug data will not be saved to disk.
self.debug_file = debug_file
# HTTP proxy server address (without "http://")
self.proxy_host = proxy_host
# HTTP proxy port
self.proxy_port = proxy_port
# Management server's API version
self.api_version = api_version
# Indicates that the client should not check the server's certificate
self.unsafe = unsafe
# Indicates that the client should automatically accept and save the server's certificate
self.unsafe_auto_accept = unsafe_auto_accept
# The context of using the client - defaults to web_api
self.context = contextKe manaʻoʻiʻo nei au ʻo nā ʻōlelo hoʻopaʻapaʻa hiki ke hoʻohana ʻia i nā manawa o ka papa APIClientArgs he intuitive i nā luna Check Point a ʻaʻole koi i nā manaʻo hou.
Hoʻohui ʻia ma o APIClient a me ka luna pōʻaiapili
Papa APIClient ʻO ke ala maʻalahi loa e hoʻohana ai ma o ka luna hoʻoponopono. ʻO nā mea āpau e pono e hāʻawi ʻia i kahi ʻano o ka papa APIClient nā ʻāpana pili i wehewehe ʻia ma ka pae mua.
with APIClient(client_args) as client:
ʻAʻole e hana ʻakomi ka luna pōʻaiapili i ke kelepona ʻeʻe i ka kikowaena API, akā e hana ia i kahi kelepona puka i ka wā e puka ai. Inā no kekahi kumu ʻaʻole koi ʻia ka haʻalele ʻana ma hope o ka pau ʻana o ka hana ʻana me nā kelepona API, pono ʻoe e hoʻomaka e hana me ka hoʻohana ʻole ʻana i ka luna pōʻaiapili:
client = APIClient(clieng_args)Ke nānā nei i ka pilina
ʻO ke ala maʻalahi e nānā inā pili ka pilina i nā ʻāpana i kuhikuhi ʻia e hoʻohana ana i ke ʻano kaha manamana lima. Inā hāʻule ka hōʻoia ʻana o ka sha1 hash sum no ka manamana lima o ka palapala API server (hoʻihoʻi ʻia ke ʻano wahahee), a laila ma muli o nā pilikia pili a hiki iā mākou ke ho'ōki i ka hoʻokō ʻana o ka papahana (a i ʻole e hāʻawi i ka mea hoʻohana i ka manawa e hoʻoponopono ai i ka ʻikepili pili):
if client.check_fingerprint() is False:
print("Could not get the server's fingerprint - Check connectivity with the server.")
exit(1)
E ʻoluʻolu e hoʻomaopopo i ka papa e hiki mai ana APIClient e nānā i kēlā me kēia kelepona API (methods api_kahea и api_query, e kamaʻilio hou mākou e pili ana iā lākou) sha1 palapala manamana lima ma ka server API. Akā inā, i ka nānā ʻana i ka sha1 fingerprint o ka palapala kikowaena API, ʻike ʻia kahi hewa (ʻaʻole ʻike ʻia ka palapala hōʻoia a i hoʻololi ʻia paha), ke ala kaha manamana lima e hāʻawi i ka manawa e hoʻohui / hoʻololi i ka ʻike e pili ana iā ia ma ka mīkini kūloko. Hiki ke hoʻopau loa ʻia kēia hōkeo (akā hiki ke ʻōlelo ʻia inā holo nā palapala ma ka server API ponoʻī, i ka wā e hoʻopili ai iā 127.0.0.1), me ka hoʻohana ʻana i ka hoʻopaʻapaʻa APIClientArgs - ʻae_pono_ʻae (e ʻike hou aku e pili ana i APIClientArgs ma mua i ka "Defining connection parameters").
client_args = APIClientArgs(unsafe_auto_accept=True)E komo i ka kikowaena API
У APIClient aia ka nui o nā ʻano 3 no ke komo ʻana i ka server API, a maopopo kēlā me kēia o lākou i ke ʻano ala(session-id), i hoʻohana aunoa ʻia i kēlā me kēia kelepona API ma ke poʻo (ʻo ka inoa ma ke poʻo o kēia ʻāpana. X-chkp-sid), no laila ʻaʻohe pono e hana hou i kēia ʻāpana.
ʻano komo
Ke koho e hoʻohana ana i ka inoa inoa a me ka ʻōlelo huna (ma ka laʻana, ua hoʻoholo ʻia ka inoa inoa admin a me ka ʻōlelo huna 1q2w3e ma ke ʻano he hoʻopaʻapaʻa kūlana):
login = client.login('admin', '1q2w3e') Loaʻa nā ʻāpana koho ʻē aʻe i ke ala komo; eia ko lākou mau inoa a me nā waiwai paʻamau:
continue_last_session=False, domain=None, read_only=False, payload=NoneKe ala komo_me_api_key
Koho e hoʻohana ana i kahi kī api (kākoʻo ʻia mai ka mana hoʻokele R80.40/Management API v1.6, "3TsbPJ8ZKjaJGvFyoFqHFA=" ʻO kēia ka waiwai kī API no kekahi o nā mea hoʻohana ma ke kikowaena hoʻokele me ke ala ʻae kī API):
login = client.login_with_api_key('3TsbPJ8ZKjaJGvFyoFqHFA==') Ma ke ʻano login_me_api_key loaʻa nā ʻāpana koho e like me ke ʻano ʻeʻe.
login_as_root ala
Ke koho e komo i kahi mīkini kūloko me kahi kikowaena API:
login = client.login_as_root()ʻElua wale nō ʻāpana koho i loaʻa no kēia ʻano hana:
domain=None, payload=NoneA ʻo ka hope ua kāhea ka API iā lākou iho
Loaʻa iā mākou nā koho ʻelua e hana i nā kelepona API ma o nā ala api_kahea и api_query. E noʻonoʻo kākou i ka ʻokoʻa ma waena o lākou.
api_kahea
Pili kēia ʻano no nā kelepona. Pono mākou e hāʻawi i ka ʻāpana hope no ke kāhea api a me ka uku i ke kino noi inā pono. Inā nele ka uku, a laila ʻaʻole hiki ke hoʻouna ʻia:
api_versions = client.api_call('show-api-versions') Hoʻopuka no kēia noi ma lalo o ka ʻoki:
In [23]: api_versions
Out[23]:
APIResponse({
"data": {
"current-version": "1.6",
"supported-versions": [
"1",
"1.1",
"1.2",
"1.3",
"1.4",
"1.5",
"1.6"
]
},
"res_obj": {
"data": {
"current-version": "1.6",
"supported-versions": [
"1",
"1.1",
"1.2",
"1.3",
"1.4",
"1.5",
"1.6"
]
},
"status_code": 200
},
"status_code": 200,
"success": true
})
show_host = client.api_call('show-host', {'name' : 'h_8.8.8.8'})Hoʻopuka no kēia noi ma lalo o ka ʻoki:
In [25]: show_host
Out[25]:
APIResponse({
"data": {
"color": "black",
"comments": "",
"domain": {
"domain-type": "domain",
"name": "SMC User",
"uid": "41e821a0-3720-11e3-aa6e-0800200c9fde"
},
"groups": [],
"icon": "Objects/host",
"interfaces": [],
"ipv4-address": "8.8.8.8",
"meta-info": {
"creation-time": {
"iso-8601": "2020-05-01T21:49+0300",
"posix": 1588358973517
},
"creator": "admin",
"last-modifier": "admin",
"last-modify-time": {
"iso-8601": "2020-05-01T21:49+0300",
"posix": 1588358973517
},
"lock": "unlocked",
"validation-state": "ok"
},
"name": "h_8.8.8.8",
"nat-settings": {
"auto-rule": false
},
"read-only": false,
"tags": [],
"type": "host",
"uid": "c210af07-1939-49d3-a351-953a9c471d9e"
},
"res_obj": {
"data": {
"color": "black",
"comments": "",
"domain": {
"domain-type": "domain",
"name": "SMC User",
"uid": "41e821a0-3720-11e3-aa6e-0800200c9fde"
},
"groups": [],
"icon": "Objects/host",
"interfaces": [],
"ipv4-address": "8.8.8.8",
"meta-info": {
"creation-time": {
"iso-8601": "2020-05-01T21:49+0300",
"posix": 1588358973517
},
"creator": "admin",
"last-modifier": "admin",
"last-modify-time": {
"iso-8601": "2020-05-01T21:49+0300",
"posix": 1588358973517
},
"lock": "unlocked",
"validation-state": "ok"
},
"name": "h_8.8.8.8",
"nat-settings": {
"auto-rule": false
},
"read-only": false,
"tags": [],
"type": "host",
"uid": "c210af07-1939-49d3-a351-953a9c471d9e"
},
"status_code": 200
},
"status_code": 200,
"success": true
})
api_query
E ʻae mai iaʻu e hoʻopaʻa koke no ka pili ʻana o kēia ʻano hana no nā kelepona wale nō e pili ana i ka offset. Loaʻa ia manaʻo ke loaʻa a i ʻole ka nui o ka ʻike. No ka laʻana, hiki i kēia ke noi no ka papa inoa o nā mea hoʻokipa a pau i hana ʻia ma ke kikowaena hoʻokele. No kēlā mau noi, hoʻihoʻi ka API i kahi papa inoa o nā mea 50 ma ke ʻano maʻamau (hiki iā ʻoe ke hoʻonui i ka palena i 500 mau mea i ka pane). A i ʻole e huki i ka ʻike i nā manawa he nui, e hoʻololi i ka ʻāpana offset i ka noi API, aia kahi ala api_query e hana maʻalahi i kēia hana. Nā laʻana o nā kelepona kahi e pono ai kēia ʻano hana: hōʻike-kau, hōʻike-hoʻokipa, hōʻike-networks, hōʻike-wildcards, hōʻike-hui, hōʻike-address-pae, hōʻike-maʻalahi-'īpuka, hōʻike-maʻalahi-hui, hōʻike-komo- kuleana, hōʻike-hilinaʻi-mea kūʻai mai, hōʻike pūʻolo. ʻOiaʻiʻo, ʻike mākou i nā huaʻōlelo plural ma ka inoa o kēia mau kelepona API, no laila e maʻalahi kēia mau kelepona api_query
show_hosts = client.api_query('show-hosts') Hoʻopuka no kēia noi ma lalo o ka ʻoki:
In [21]: show_hosts
Out[21]:
APIResponse({
"data": [
{
"domain": {
"domain-type": "domain",
"name": "SMC User",
"uid": "41e821a0-3720-11e3-aa6e-0800200c9fde"
},
"ipv4-address": "192.168.47.1",
"name": "h_192.168.47.1",
"type": "host",
"uid": "5d7d7086-d70b-4995-971a-0583b15a2bfc"
},
{
"domain": {
"domain-type": "domain",
"name": "SMC User",
"uid": "41e821a0-3720-11e3-aa6e-0800200c9fde"
},
"ipv4-address": "8.8.8.8",
"name": "h_8.8.8.8",
"type": "host",
"uid": "c210af07-1939-49d3-a351-953a9c471d9e"
}
],
"res_obj": {
"data": {
"from": 1,
"objects": [
{
"domain": {
"domain-type": "domain",
"name": "SMC User",
"uid": "41e821a0-3720-11e3-aa6e-0800200c9fde"
},
"ipv4-address": "192.168.47.1",
"name": "h_192.168.47.1",
"type": "host",
"uid": "5d7d7086-d70b-4995-971a-0583b15a2bfc"
},
{
"domain": {
"domain-type": "domain",
"name": "SMC User",
"uid": "41e821a0-3720-11e3-aa6e-0800200c9fde"
},
"ipv4-address": "8.8.8.8",
"name": "h_8.8.8.8",
"type": "host",
"uid": "c210af07-1939-49d3-a351-953a9c471d9e"
}
],
"to": 2,
"total": 2
},
"status_code": 200
},
"status_code": 200,
"success": true
})
Hoʻoponopono i nā hopena o nā kelepona API
Ma hope o kēia hiki iā ʻoe ke hoʻohana i nā ʻano a me nā ʻano o ka papa APIPane(ma loko o ka luna pōʻaiapili a ma waho). Ma ka papa APIPane Ua koho mua ʻia nā ʻano 4 a me nā ʻano 5; e noʻonoʻo mākou i nā mea nui loa i ka kikoʻī.
holomua
No ka hoʻomaka ʻana, he manaʻo maikaʻi ia e hōʻoia i ka holomua o ke kelepona API a hoʻihoʻi i kahi hopena. Aia kahi ala no kēia holomua:
In [49]: api_versions.success
Out[49]: True
Hoʻihoʻi ʻoiaʻiʻo inā kūleʻa ke kelepona API (pane code - 200) a me False inā ʻaʻole kūleʻa (kekahi helu pane ʻē aʻe). He mea maʻalahi ke hoʻohana koke ma hope o kahi kelepona API e hōʻike i nā ʻike like ʻole ma muli o ke code pane.
if api_ver.success:
print(api_versions.data)
else:
print(api_versions.err_message) code status
Hoʻihoʻi i ke code pane ma hope o ke kāhea ʻia ʻana o kahi kelepona API.
In [62]: api_versions.status_code
Out[62]: 400
Nā code pane paha: 200,400,401,403,404,409,500,501.
set_success_status
I kēia hihia, pono paha e hoʻololi i ka waiwai o ke kūlana holomua. Ma keʻano loea, hiki iā ʻoe ke kau i kekahi mea ma laila, ʻo ke kaula maʻamau. Akā ʻo kahi laʻana maoli ka hoʻihoʻi ʻana i kēia ʻāpana i False ma lalo o kekahi mau kūlana. Ma lalo, e hoʻolohe i ka laʻana inā aia nā hana e holo ana ma ka server hoʻokele, akā e noʻonoʻo mākou ʻaʻole i kūleʻa kēia noi (e hoʻonoho mākou i ka loli kūleʻa i wahahee, ʻoiai ua kūleʻa ke kelepona API a hoʻihoʻi ʻia ke code 200).
for task in task_result.data["tasks"]:
if task["status"] == "failed" or task["status"] == "partially succeeded":
task_result.set_success_status(False)
breakpane()
Hiki iā ʻoe ke nānā i ka puke wehewehe ʻōlelo me ke code pane (status_code) a me ke kino pane (kino).
In [94]: api_versions.response()
Out[94]:
{'status_code': 200,
'data': {'current-version': '1.6',
'supported-versions': ['1', '1.1', '1.2', '1.3', '1.4', '1.5', '1.6']}}
ʻikepili
Hiki iā ʻoe ke ʻike i ke kino wale nō o ka pane (kino) me ka ʻike ʻole pono ʻole.
In [93]: api_versions.data
Out[93]:
{'current-version': '1.6',
'supported-versions': ['1', '1.1', '1.2', '1.3', '1.4', '1.5', '1.6']}
error_message
Loaʻa kēia ʻike i ka wā i loaʻa ai kahi hewa i ka wā e hana ana i ka noi API (pane code ole 200). Laʻana hoʻopuka
In [107]: api_versions.error_message
Out[107]: 'code: generic_err_invalid_parameter_namenmessage: Unrecognized parameter [1]n'
Nā laʻana pono
Eia nā laʻana e hoʻohana ana i nā kelepona API i hoʻohui ʻia ma Management API 1.6.
ʻO ka mua, e nānā kākou i ka hana ʻana o nā kelepona hoʻokipa hoʻohui и hoʻohui-address-range. E ʻōlelo kākou, pono mākou e hana i nā helu IP āpau o ka subnet 192.168.0.0/24, ʻo ka octet hope loa he 5, ma ke ʻano he ʻano mea hoʻokipa, a kākau i nā helu IP ʻē aʻe a pau ma ke ʻano he mau mea o ke ʻano laulā helu. I kēia hihia, e kāpae i ka helu subnet a me ka helu hoʻolaha.
No laila, aia ma lalo kahi palapala e hoʻoponopono ai i kēia pilikia a hana i 50 mau mea o ka ʻano hoʻokipa a me 51 mau mea o ke ʻano laulā helu. No ka hoʻoponopono ʻana i ka pilikia, pono nā kelepona API 101 (ʻaʻole helu i ka kelepona hoʻolaha hope). Eia kekahi, me ka hoʻohana ʻana i ka module timeit, helu mākou i ka manawa e hoʻokō ai i ka palapala a hiki i ka paʻi ʻia ʻana o nā loli.
Kākau me ka hoʻohana ʻana i ka add-host a me ka add-address-range
import timeit
from cpapi import APIClient, APIClientArgs
start = timeit.default_timer()
first_ip = 1
last_ip = 4
client_args = APIClientArgs(server="192.168.47.240")
with APIClient(client_args) as client:
login = client.login_with_api_key('3TsbPJ8ZKjaJGvFyoFqHFA==')
for ip in range(5,255,5):
add_host = client.api_call("add-host", {"name" : f"h_192.168.0.{ip}", "ip-address": f'192.168.0.{ip}'})
while last_ip < 255:
add_range = client.api_call("add-address-range", {"name": f"r_192.168.0.{first_ip}-{last_ip}", "ip-address-first": f"192.168.0.{first_ip}", "ip-address-last": f"192.168.0.{last_ip}"})
first_ip+=5
last_ip+=5
stop = timeit.default_timer()
publish = client.api_call("publish")
print(f'Time to execute batch request: {stop - start} seconds')
I loko o kaʻu kaiapuni lab, lawe kēia ʻatikala ma waena o 30 a me 50 kekona e hoʻokō ai, ma muli o ka ukana ma ke kikowaena hoʻokele.
I kēia manawa e ʻike kākou pehea e hoʻoponopono ai i ka pilikia like me ka hoʻohana ʻana i kahi kelepona API hoʻohui-mea-puʻu, kākoʻo i hoʻohui ʻia i ka mana API 1.6. Hiki i kēia kelepona iā ʻoe ke hana i nā mea he nui i ka manawa hoʻokahi i hoʻokahi noi API. Eia kekahi, hiki i kēia mau mea ke ʻano o nā ʻano ʻano like ʻole (e laʻana, hosts, subnets a me nā pae helu). No laila, hiki ke hoʻopau ʻia kā mākou hana i loko o ka hoʻolālā o hoʻokahi kelepona API.
Kākau me ka hoʻohana ʻana i nā add-objects-batch
import timeit
from cpapi import APIClient, APIClientArgs
start = timeit.default_timer()
client_args = APIClientArgs(server="192.168.47.240")
objects_list_ip = []
objects_list_range = []
for ip in range(5,255,5):
data = {"name": f'h_192.168.0.{ip}', "ip-address": f'192.168.0.{ip}'}
objects_list_ip.append(data)
first_ip = 1
last_ip = 4
while last_ip < 255:
data = {"name": f"r_192.168.0.{first_ip}-{last_ip}", "ip-address-first": f"192.168.0.{first_ip}", "ip-address-last": f"192.168.0.{last_ip}"}
objects_list_range.append(data)
first_ip+=5
last_ip+=5
data_for_batch = {
"objects" : [ {
"type" : "host",
"list" : objects_list_ip
}, {
"type" : "address-range",
"list" : objects_list_range
}]
}
with APIClient(client_args) as client:
login = client.login_with_api_key('3TsbPJ8ZKjaJGvFyoFqHFA==')
add_objects_batch = client.api_call("add-objects-batch", data_for_batch)
stop = timeit.default_timer()
publish = client.api_call("publish")
print(f'Time to execute batch request: {stop - start} seconds')
A ʻo ka holo ʻana i kēia ʻatikala ma kaʻu wahi lab mai 3 a 7 kekona, ma muli o ka ukana ma ke kikowaena hoʻokele. ʻO ia hoʻi, ma ka awelika, ma 101 mau mea API, he 10 mau manawa ʻoi aku ka wikiwiki o ke kelepona ʻano hui. Ma ka heluna nui o nā mea e ʻoi aku ka maikaʻi o ka ʻokoʻa.
I kēia manawa e ʻike kākou pehea e hana ai me hoʻonohonoho-mea-hui. Ke hoʻohana nei i kēia kelepona API, hiki iā mākou ke hoʻololi nui i kekahi ʻāpana. E hoʻonoho i ka hapa mua o nā helu wahi mai ka laʻana mua (a hiki i .124 hosts, a me nā pae pū kekahi) i ka sienna kala, a hāʻawi i ka kala khaki i ka hapa ʻelua o nā helu wahi.
Ke hoʻololi nei i ke kala o nā mea i hana ʻia ma ka laʻana mua
from cpapi import APIClient, APIClientArgs
client_args = APIClientArgs(server="192.168.47.240")
objects_list_ip_first = []
objects_list_range_first = []
objects_list_ip_second = []
objects_list_range_second = []
for ip in range(5,125,5):
data = {"name": f'h_192.168.0.{ip}', "color": "sienna"}
objects_list_ip_first.append(data)
for ip in range(125,255,5):
data = {"name": f'h_192.168.0.{ip}', "color": "khaki"}
objects_list_ip_second.append(data)
first_ip = 1
last_ip = 4
while last_ip < 125:
data = {"name": f"r_192.168.0.{first_ip}-{last_ip}", "color": "sienna"}
objects_list_range_first.append(data)
first_ip+=5
last_ip+=5
while last_ip < 255:
data = {"name": f"r_192.168.0.{first_ip}-{last_ip}", "color": "khaki"}
objects_list_range_second.append(data)
first_ip+=5
last_ip+=5
data_for_batch_first = {
"objects" : [ {
"type" : "host",
"list" : objects_list_ip_first
}, {
"type" : "address-range",
"list" : objects_list_range_first
}]
}
data_for_batch_second = {
"objects" : [ {
"type" : "host",
"list" : objects_list_ip_second
}, {
"type" : "address-range",
"list" : objects_list_range_second
}]
}
with APIClient(client_args) as client:
login = client.login_with_api_key('3TsbPJ8ZKjaJGvFyoFqHFA==')
set_objects_batch_first = client.api_call("set-objects-batch", data_for_batch_first)
set_objects_batch_second = client.api_call("set-objects-batch", data_for_batch_second)
publish = client.api_call("publish")
Hiki iā ʻoe ke holoi i nā mea he nui i hoʻokahi kelepona API me ka hoʻohana ʻana delete-objects-batch. I kēia manawa, e nānā kākou i kahi laʻana code e hoʻopau i nā pūʻali āpau i hana mua ʻia ma o hoʻohui-mea-puʻu.
Holoi i nā mea me ka delete-objects-batch
from cpapi import APIClient, APIClientArgs
client_args = APIClientArgs(server="192.168.47.240")
objects_list_ip = []
objects_list_range = []
for ip in range(5,255,5):
data = {"name": f'h_192.168.0.{ip}'}
objects_list_ip.append(data)
first_ip = 1
last_ip = 4
while last_ip < 255:
data = {"name": f"r_192.168.0.{first_ip}-{last_ip}"}
objects_list_range.append(data)
first_ip+=5
last_ip+=5
data_for_batch = {
"objects" : [ {
"type" : "host",
"list" : objects_list_ip
}, {
"type" : "address-range",
"list" : objects_list_range
}]
}
with APIClient(client_args) as client:
login = client.login_with_api_key('3TsbPJ8ZKjaJGvFyoFqHFA==')
delete_objects_batch = client.api_call("delete-objects-batch", data_for_batch)
publish = client.api_call("publish")
print(delete_objects_batch.data)
Loaʻa koke nā hana a pau i hōʻike ʻia ma nā hoʻokuʻu hou o ka polokalamu Check Point i nā kelepona API. No laila, ma R80.40 ua ʻike ʻia nā "hiʻohiʻona" e like me Revert to revision and Smart Task, a ua mākaukau koke nā kelepona API no lākou. Eia kekahi, ʻo nā hana āpau i ka neʻe ʻana mai nā consoles Legacy i ke ʻano Unified Policy e loaʻa pū kekahi i ke kākoʻo API. No ka laʻana, ʻo ka mea hou i kali lōʻihi ʻia ma ka mana polokalamu R80.40 ʻo ia ka neʻe ʻana o ke kulekele HTTPS Inspection mai ke ʻano Legacy i ke ʻano Unified Policy, a ua loaʻa koke kēia hana i nā kelepona API. Eia kahi laʻana o ke code e hoʻohui i kahi lula i ke kūlana kiʻekiʻe o ke kulekele ʻo HTTPS Inspection e hoʻokaʻawale i nā ʻano 3 mai ka nānā ʻana (Health, Waiwai, Government Services), i pāpā ʻia mai ka nānā ʻana e like me ke kānāwai ma kekahi mau ʻāina.
E hoʻohui i kekahi lula i ke kulekele Nānā HTTPS
from cpapi import APIClient, APIClientArgs
client_args = APIClientArgs(server="192.168.47.240")
data = {
"layer" : "Default Layer",
"position" : "top",
"name" : "Legal Requirements",
"action": "bypass",
"site-category": ["Health", "Government / Military", "Financial Services"]
}
with APIClient(client_args) as client:
login = client.login_with_api_key('3TsbPJ8ZKjaJGvFyoFqHFA==')
add_https_rule = client.api_call("add-https-rule", data)
publish = client.api_call("publish")
Ke holo nei i nā palapala Python ma ke kikowaena hoʻokele Check Point
Ua like nā mea a pau aia ka ʻike e pili ana i ka holo pololei ʻana i nā palapala Python mai ke kikowaena mana. Hiki ke maʻalahi kēia inā ʻaʻole hiki iā ʻoe ke hoʻopili i ka server API mai kahi mīkini ʻē aʻe. Ua hoʻopaʻa wau i kahi wikiō ʻeono minuke aʻu e nānā ai i ka hoʻokomo ʻana i ka module cpapi a me nā hiʻohiʻona o ka holo ʻana i nā palapala Python ma ke kikowaena mana. No ka laʻana, holo ʻia kahi palapala e hoʻokaʻawale i ka hoʻonohonoho ʻana i kahi puka hou no kahi hana e like me ka loiloi pūnaewele Hoʻopaʻa palekana. Ma waena o nā hiʻohiʻona aʻu i hana ai: ʻaʻole i ʻike ʻia ka hana ma Python 2.7 hoʻokomo o, no laila e hoʻoponopono i ka ʻike i komo ai ka mea hoʻohana, hoʻohana ʻia kahi hana raw_input. A i ʻole, ua like ke code me ka hoʻomaka ʻana mai nā mīkini ʻē aʻe, ʻoi aku ka maʻalahi o ka hoʻohana ʻana i ka hana login_as_root, i ʻole e kuhikuhi hou i kou inoa inoa, ʻōlelo huna a me ka helu IP o ke kikowaena hoʻokele.
Palapala no ka hoʻonohonoho wikiwiki ʻana i ka Security CheckUp
from __future__ import print_function
import getpass
import sys, os
sys.path.append(os.path.abspath(os.path.join(os.path.dirname(__file__), '..')))
from cpapi import APIClient, APIClientArgs
def main():
with APIClient() as client:
# if client.check_fingerprint() is False:
# print("Could not get the server's fingerprint - Check connectivity with the server.")
# exit(1)
login_res = client.login_as_root()
if login_res.success is False:
print("Login failed:n{}".format(login_res.error_message))
exit(1)
gw_name = raw_input("Enter the gateway name:")
gw_ip = raw_input("Enter the gateway IP address:")
if sys.stdin.isatty():
sic = getpass.getpass("Enter one-time password for the gateway(SIC): ")
else:
print("Attention! Your password will be shown on the screen!")
sic = raw_input("Enter one-time password for the gateway(SIC): ")
version = raw_input("Enter the gateway version(like RXX.YY):")
add_gw = client.api_call("add-simple-gateway", {'name' : gw_name, 'ipv4-address' : gw_ip, 'one-time-password' : sic, 'version': version.capitalize(), 'application-control' : 'true', 'url-filtering' : 'true', 'ips' : 'true', 'anti-bot' : 'true', 'anti-virus' : 'true', 'threat-emulation' : 'true'})
if add_gw.success and add_gw.data['sic-state'] != "communicating":
print("Secure connection with the gateway hasn't established!")
exit(1)
elif add_gw.success:
print("The gateway was added successfully.")
gw_uid = add_gw.data['uid']
gw_name = add_gw.data['name']
else:
print("Failed to add the gateway - {}".format(add_gw.error_message))
exit(1)
change_policy = client.api_call("set-access-layer", {"name" : "Network", "applications-and-url-filtering": "true", "content-awareness": "true"})
if change_policy.success:
print("The policy has been changed successfully")
else:
print("Failed to change the policy- {}".format(change_policy.error_message))
change_rule = client.api_call("set-access-rule", {"name" : "Cleanup rule", "layer" : "Network", "action": "Accept", "track": {"type": "Detailed Log", "accounting": "true"}})
if change_rule.success:
print("The cleanup rule has been changed successfully")
else:
print("Failed to change the cleanup rule- {}".format(change_rule.error_message))
# publish the result
publish_res = client.api_call("publish", {})
if publish_res.success:
print("The changes were published successfully.")
else:
print("Failed to publish the changes - {}".format(install_tp_policy.error_message))
install_access_policy = client.api_call("install-policy", {"policy-package" : "Standard", "access" : 'true', "threat-prevention" : 'false', "targets" : gw_uid})
if install_access_policy.success:
print("The access policy has been installed")
else:
print("Failed to install access policy - {}".format(install_tp_policy.error_message))
install_tp_policy = client.api_call("install-policy", {"policy-package" : "Standard", "access" : 'false', "threat-prevention" : 'true', "targets" : gw_uid})
if install_tp_policy.success:
print("The threat prevention policy has been installed")
else:
print("Failed to install threat prevention policy - {}".format(install_tp_policy.error_message))
# add passwords and passphrases to dictionary
with open('additional_pass.conf') as f:
line_num = 0
for line in f:
line_num += 1
add_password_dictionary = client.api_call("run-script", {"script-name" : "Add passwords and passphrases", "script" : "printf "{}" >> $FWDIR/conf/additional_pass.conf".format(line), "targets" : gw_name})
if add_password_dictionary.success:
print("The password dictionary line {} was added successfully".format(line_num))
else:
print("Failed to add the dictionary - {}".format(add_password_dictionary.error_message))
main() He waihona laʻana me kahi puke wehewehe ʻōlelo huna additional_pass.conf
{
"passwords" : ["malware","malicious","infected","Infected"],
"phrases" : ["password","Password","Pass","pass","codigo","key","pwd","пароль","Пароль","Ключ","ключ","шифр","Шифр"]
}
hopena
Ke nānā nei kēia ʻatikala i nā mea hiki ke hana ʻO Python SDK a me ka module cpapi(e like me kāu i manaʻo ai, he ʻano like kēia), a ma ke aʻo ʻana i ke code ma kēia module e ʻike ʻoe i nā manawa hou aku e hana pū me ia. Hiki paha iā ʻoe ke hoʻohui iā ia me kāu mau papa ponoʻī, nā hana, nā ʻano a me nā loli. Hiki iā ʻoe ke kaʻana like i kāu hana a nānā i nā palapala ʻē aʻe no Check Point ma ka ʻāpana ma ke kaiāulu , kahi e hui pū ai i nā mea hoʻomohala huahana a me nā mea hoʻohana.
Hauʻoli coding a mahalo no ka heluhelu ʻana a hiki i ka hopena!
Source: www.habr.com