Plena potestas commercii cum APIs revelatur cum simul cum codice programmatis adhibetur, quando possibilis fit API petitiones et instrumenta analysendi responsa API dynamice generare. Tamen adhuc inobservabile manet Python Software Development Kit (Pythonem SDK infra referendum) for Reprehendo Point API Managementsed frustra. Significanter simplicificat vitam tincidunt et automation fanaticus. Python nuper popularis inmensam consecutus est et lacunam explere decrevi et praecipuas notas recensere. . Hic articulus amplior additamento ad alium articulum in Habre . Inspiciemus quomodo scripta Pythone SDK utentes scribere et propius inspicere in nova Management API functionem in versione 1.6 (sustentari incipiendo ab R80.40). Articulum ad intelligendum, basic scientia opus erit cum APIs et Pythone.
Perscriptio punctum API active explicans et in momento sequentis dimissi sunt:
- - opus cum potestate servo per API (et facultas faciendi scripta in portarum refrenat a potestate servo)
- - opus cum portae securitatis
- - opus cum sandbox in nubem Reprehendo Point
- - opus cum Identity Awareness ferrum in porta
- - opus cum administratione porta porta)
- - commercium cum IoT moderatoris
- - opus (D LURIDUS securitatem solution)
- - opus
Python SDK currently tantum commercium cum Management API sustinet et Gaia API. Praecipuas classes, modos et variabiles in hoc modulo spectabimus.
Modulus installing
OMNIBUS cpapi installs cito ac facile a propter SEMEN. Detailed instructiones sunt available in . Modulus hic accommodatus est ad opus cum versionibus Pythonis 2.7 et 3.7. In hoc articulo exempla Pythone 3.7. Python autem SDK directe currere potest a Servo Procurationis Moderare (Smart Management), sed Python 2.7 tantum sustinent, sic postrema pars codicem versionis 2.7. Post modulum inauguratum, suadeo exempla in directoriis spectantes examples_python2 и examples_python3.
questus Coepi
Ut nobis cum elementis cpapi moduli laborare possimus, ex modulo importare necesse est cpapi saltem duo genera requiratur:
APIClient и APIClientArgs
from cpapi import APIClient, APIClientArgs
Класс APIClientArgs reus nexum parametri ad API servo ac classium APIClient reus est commercii cum API.
Connexionem determinans parametri
Varios parametros definire pro connectendo cum API, exemplum in genere creare debes APIClientArgs. In principio, eius ambitum praefigurantur et cum currit scriptor in potestate servo, specificari non oportet.
client_args = APIClientArgs()Cum autem in tertia factione exercitus currens, saltem IP inscriptionem seu exercitum nomen API servientis (etiam notae servientis administrationis) designare debes. In exemplo infra, nexum servo parametri definimus eique IP oratio administrationis servo ut filo assignamus.
client_args = APIClientArgs(server='192.168.47.241')Inspice parametros omnes eorumque valores default qui adhiberi possunt cum servo API connectens:
Argumenta __init__ methodi APIClientArgs class
class APIClientArgs:
"""
This class provides arguments for APIClient configuration.
All the arguments are configured with their default values.
"""
# port is set to None by default, but it gets replaced with 443 if not specified
# context possible values - web_api (default) or gaia_api
def __init__(self, port=None, fingerprint=None, sid=None, server="127.0.0.1", http_debug_level=0,
api_calls=None, debug_file="", proxy_host=None, proxy_port=8080,
api_version=None, unsafe=False, unsafe_auto_accept=False, context="web_api"):
self.port = port
# management server fingerprint
self.fingerprint = fingerprint
# session-id.
self.sid = sid
# management server name or IP-address
self.server = server
# debug level
self.http_debug_level = http_debug_level
# an array with all the api calls (for debug purposes)
self.api_calls = api_calls if api_calls else []
# name of debug file. If left empty, debug data will not be saved to disk.
self.debug_file = debug_file
# HTTP proxy server address (without "http://")
self.proxy_host = proxy_host
# HTTP proxy port
self.proxy_port = proxy_port
# Management server's API version
self.api_version = api_version
# Indicates that the client should not check the server's certificate
self.unsafe = unsafe
# Indicates that the client should automatically accept and save the server's certificate
self.unsafe_auto_accept = unsafe_auto_accept
# The context of using the client - defaults to web_api
self.context = contextArgumenta quae in instantiis APIClientArgs classium adhiberi possunt, credo intuitivas ad administratores reprimendos puncta et additamenta commentaria non requirunt.
APIClient connectens et contextus procurator
Класс APIClient Via commodissima est uti procurator per contextum. Omnia quae ad instanciam classis APIClient praetermittenda sunt connexio parametri est quae priore gradu definita sunt.
with APIClient(client_args) as client:
Procurator contextus non statim vocationem login ut API servo faciet, sed vocationem concludere faciet cum exeunti. Si propter aliquam causam concludere non requiritur peractis operibus cum API vocatis, debes incipere operari sine procurator contextus:
client = APIClient(clieng_args)Connection test
Facillima via est ad reprimendam utrum nexus in certo ambitu ambitum utens occurrat check_fingerprint. Si verificationem de sha1 Nullam summa ad fingerprints servo API libellum deficit (modus rediit False), tunc plerumque ex nexu problematum causari et executionem programmatis prohibere possumus (vel occasionem utentis nexum datam corrigendi da);
if client.check_fingerprint() is False:
print("Could not get the server's fingerprint - Check connectivity with the server.")
exit(1)
Lorem quod in posterum classium APIClient reprehendo omnis API vocatione (modos api_call и api_query, paulo longius de eis loquemur) sha1 fingerprint libellum de API servo. Sed si, cum iniecta sha1 fingerprints libellum API servitoris, error detegitur (incognitum est libellum vel mutatum est), modus check_fingerprint Occasionem addere/mutandi informationes de ea in machina locali automatice praebebit. Haec perscriptio omnino debilitari potest (sed hoc tantum commendari potest si scripta in ipso servo API currunt, cum ad 127.0.0.1) coniunguntur, argumento APIClientArgs adhibito - unsafe_auto_accept (vide plura de APIClientArgs ante in "Definiendi nexum parametri").
client_args = APIClientArgs(unsafe_auto_accept=True)Positum API server
У APIClient totidem modi sunt colligationis in API servo, et uterque eorum significationem intelligit sid(sessionis-id), quae automatice in singulis subsequentibus API in titulo capitis adhibetur (nomen in capite huius parametri est. X-chkp-sid) ut ulterius progrediatur hunc modulum non oportet.
login modum
Optio utendi login et tesserae (in exemplo, usoris admin et tessera 1q2w3e pro argumentis positionalibus traditi sunt);
login = client.login('admin', '1q2w3e') Additional ad libitum parametri quoque in login methodo praesto sunt: eorum nomina hic sunt et valores default:
continue_last_session=False, domain=None, read_only=False, payload=NoneLogin_with_api_key methodo
Option utendi clavis api (subnixus ab administratione versionis R80.40/Management API v1.6 incipiens; "3TsbPJ8ZKjaJGvFyoFqHFA==" hoc est API valorem clavis unius usorum in servo administrationis cum API methodo electronicae auctoritatis);
login = client.login_with_api_key('3TsbPJ8ZKjaJGvFyoFqHFA==') in modum login_with_api_key idem libitum parametri sunt praesto quam in modum Login.
login_as_root modum
Option to login to a local machine with an API server:
login = client.login_as_root()Duo tantum parametri ad libitum huius methodi praesto sunt:
domain=None, payload=NoneEt tandem API se vocat
Habemus duas optiones ut API vocat per modos api_call и api_query. Quid inter eos intersit, instare videamus.
api_call
Haec methodus cuilibet vo- catur. Non opus est nobis extremam partem transire pro api vocatione et payload in petitione corporis, si necesse est. Si payload vacua est, omnino transferri non potest;
api_versions = client.api_call('show-api-versions') Output petitio infra sectis
In [23]: api_versions
Out[23]:
APIResponse({
"data": {
"current-version": "1.6",
"supported-versions": [
"1",
"1.1",
"1.2",
"1.3",
"1.4",
"1.5",
"1.6"
]
},
"res_obj": {
"data": {
"current-version": "1.6",
"supported-versions": [
"1",
"1.1",
"1.2",
"1.3",
"1.4",
"1.5",
"1.6"
]
},
"status_code": 200
},
"status_code": 200,
"success": true
})
show_host = client.api_call('show-host', {'name' : 'h_8.8.8.8'})Output petitio infra sectis
In [25]: show_host
Out[25]:
APIResponse({
"data": {
"color": "black",
"comments": "",
"domain": {
"domain-type": "domain",
"name": "SMC User",
"uid": "41e821a0-3720-11e3-aa6e-0800200c9fde"
},
"groups": [],
"icon": "Objects/host",
"interfaces": [],
"ipv4-address": "8.8.8.8",
"meta-info": {
"creation-time": {
"iso-8601": "2020-05-01T21:49+0300",
"posix": 1588358973517
},
"creator": "admin",
"last-modifier": "admin",
"last-modify-time": {
"iso-8601": "2020-05-01T21:49+0300",
"posix": 1588358973517
},
"lock": "unlocked",
"validation-state": "ok"
},
"name": "h_8.8.8.8",
"nat-settings": {
"auto-rule": false
},
"read-only": false,
"tags": [],
"type": "host",
"uid": "c210af07-1939-49d3-a351-953a9c471d9e"
},
"res_obj": {
"data": {
"color": "black",
"comments": "",
"domain": {
"domain-type": "domain",
"name": "SMC User",
"uid": "41e821a0-3720-11e3-aa6e-0800200c9fde"
},
"groups": [],
"icon": "Objects/host",
"interfaces": [],
"ipv4-address": "8.8.8.8",
"meta-info": {
"creation-time": {
"iso-8601": "2020-05-01T21:49+0300",
"posix": 1588358973517
},
"creator": "admin",
"last-modifier": "admin",
"last-modify-time": {
"iso-8601": "2020-05-01T21:49+0300",
"posix": 1588358973517
},
"lock": "unlocked",
"validation-state": "ok"
},
"name": "h_8.8.8.8",
"nat-settings": {
"auto-rule": false
},
"read-only": false,
"tags": [],
"type": "host",
"uid": "c210af07-1939-49d3-a351-953a9c471d9e"
},
"status_code": 200
},
"status_code": 200,
"success": true
})
api_query
Reservationem statim faciamus hanc methodum solum applicari ad vocat, quorum output offset implicat. Talis consequentia incidit cum multam informationem continere vel continere potest. Exempli gratia, haec petitio potest esse index omnium rerum exercitum creatorum in administratione servo. Pro huiusmodi petitionibus, API indicem obiectorum 50 per defaltam reddit ( limitem ad 500 res in responsione augere potes). Et ne pluries notitias detrahamus, mutato offset parametri in API rogatu, api_query methodus est quae hoc facto opus facit. Exempla vocat ubi haec ratio opus est; monstra sessiones , monstra exercitus , monstra retia , monstra ferarum , spectaculum coetus , electronica ordinibus , monstra simplicium portarum , monstra simplicium , monstratio munerum , spectaculum clientium . ostende, packages. Re vera pluralia verba in nomine harum API vocatorum videmus, ut haec appellatio facilior per tractetur api_query
show_hosts = client.api_query('show-hosts') Output petitio infra sectis
In [21]: show_hosts
Out[21]:
APIResponse({
"data": [
{
"domain": {
"domain-type": "domain",
"name": "SMC User",
"uid": "41e821a0-3720-11e3-aa6e-0800200c9fde"
},
"ipv4-address": "192.168.47.1",
"name": "h_192.168.47.1",
"type": "host",
"uid": "5d7d7086-d70b-4995-971a-0583b15a2bfc"
},
{
"domain": {
"domain-type": "domain",
"name": "SMC User",
"uid": "41e821a0-3720-11e3-aa6e-0800200c9fde"
},
"ipv4-address": "8.8.8.8",
"name": "h_8.8.8.8",
"type": "host",
"uid": "c210af07-1939-49d3-a351-953a9c471d9e"
}
],
"res_obj": {
"data": {
"from": 1,
"objects": [
{
"domain": {
"domain-type": "domain",
"name": "SMC User",
"uid": "41e821a0-3720-11e3-aa6e-0800200c9fde"
},
"ipv4-address": "192.168.47.1",
"name": "h_192.168.47.1",
"type": "host",
"uid": "5d7d7086-d70b-4995-971a-0583b15a2bfc"
},
{
"domain": {
"domain-type": "domain",
"name": "SMC User",
"uid": "41e821a0-3720-11e3-aa6e-0800200c9fde"
},
"ipv4-address": "8.8.8.8",
"name": "h_8.8.8.8",
"type": "host",
"uid": "c210af07-1939-49d3-a351-953a9c471d9e"
}
],
"to": 2,
"total": 2
},
"status_code": 200
},
"status_code": 200,
"success": true
})
Processus eventus API vocat
Post hoc uti potes variabilibus ac modis classium APIResponse(sive procurator intra contextum et extra). In classium APIResponse 4 modi et 5 variabiles praefinitae sunt, in principalioribus accuratius habitabimus.
rebus
Imprimis, utilem fore fac ut API vocatio prospere evenit ac rediit. Est modus huius rebus:
In [49]: api_versions.success
Out[49]: True
Vera redit si API vocatio felix fuit (responsum codici - 200) et falsum si non felix (quodlibet aliud signum responsionis). Convenit uti statim post API vocationem ad varias informationes prout in codice responsionis propono.
if api_ver.success:
print(api_versions.data)
else:
print(api_versions.err_message) statuscode
Redit responsio codice postquam API vocatio facta est.
In [62]: api_versions.status_code
Out[62]: 400
Responsum potest codicibus: 200,400,401,403,404,409,500,501.
set_success_status
In hoc casu, necesse est ut status successus valeat mutare. Technice, aliquid ibi ponere potes, etiam chorda regularis. Sed verum exemplum hoc modulo restitueret falsis sub certis comitantibus conditionibus. Infra, exemplum attende cum officia sunt in servo administratione currentes, sed hanc petitionem infeliciter considerabimus (de eventu variabili ponemus. False, non obstante quod API nomen obtinuit et codicem 200 reddidit).
for task in task_result.data["tasks"]:
if task["status"] == "failed" or task["status"] == "partially succeeded":
task_result.set_success_status(False)
breakresponsio ()
Methodus responsionis permittit te videre glossarium cum codice responsionis (status_code) et responsione corporis (corporis).
In [94]: api_versions.response()
Out[94]:
{'status_code': 200,
'data': {'current-version': '1.6',
'supported-versions': ['1', '1.1', '1.2', '1.3', '1.4', '1.5', '1.6']}}
Data
Permittit te videre solum corpus responsionis sine notitia superflua.
In [93]: api_versions.data
Out[93]:
{'current-version': '1.6',
'supported-versions': ['1', '1.1', '1.2', '1.3', '1.4', '1.5', '1.6']}
error_message
Haec notitia est available solum cum error occurrit in API petitionem (responsionem codice non 200). Exemplum output
In [107]: api_versions.error_message
Out[107]: 'code: generic_err_invalid_parameter_namenmessage: Unrecognized parameter [1]n'
Utile exempla
Exempla sunt quae in usu API vocat quae addita sunt in Management API 1.6.
Primum videamus quomodo opus vocat addendi exercitum и addere-inscriptio-range. Dicamus nos necesse est ut omnes IP inscriptiones subnet 192.168.0.0/24 creare, quarum ultima octetarum est 5, ut generis exercitus obiecti, et omnes alias IP inscriptiones sicut objecta electronicae speciei range scribere. In hoc casu, inscriptionem subnet excludere et electronicam spargere.
Ita, infra scriptum est quod hanc quaestionem solvit et 50 obiecta exercitus generis et objecta 51 obiecti electronici generis eminus efficit. Ad problema solvendum, CI API vocat requiruntur (non computando finalem vocationem praedicationis). Etiam tempus moduli utentes, tempus computamus scriptionem exsequi, donec mutationes divulgentur.
Scriptor per addendi exercitum et addendi inscriptio-range
import timeit
from cpapi import APIClient, APIClientArgs
start = timeit.default_timer()
first_ip = 1
last_ip = 4
client_args = APIClientArgs(server="192.168.47.240")
with APIClient(client_args) as client:
login = client.login_with_api_key('3TsbPJ8ZKjaJGvFyoFqHFA==')
for ip in range(5,255,5):
add_host = client.api_call("add-host", {"name" : f"h_192.168.0.{ip}", "ip-address": f'192.168.0.{ip}'})
while last_ip < 255:
add_range = client.api_call("add-address-range", {"name": f"r_192.168.0.{first_ip}-{last_ip}", "ip-address-first": f"192.168.0.{first_ip}", "ip-address-last": f"192.168.0.{last_ip}"})
first_ip+=5
last_ip+=5
stop = timeit.default_timer()
publish = client.api_call("publish")
print(f'Time to execute batch request: {stop - start} seconds')
In mea lab environment, hoc scriptum accipit inter 30 et 50 seconds ad exsequendum, secundum sarcinam in calculonis servi.
Nunc videamus quomodo eandem quaestionem solvere utens API vocatione addendi obiecti-batchadminiculum pro quod additum est in API versione 1.6. Haec vocatio permittit ut multa simul in uno API petitionem creares. Haec autem diversa genera esse possunt (exempli gratia, exercituum, subnet, et oratio pervagantur). Quapropter munus nostrum intra unius API vocant compaginem solvi potest.
Scriptor per addendi obiecti-batch
import timeit
from cpapi import APIClient, APIClientArgs
start = timeit.default_timer()
client_args = APIClientArgs(server="192.168.47.240")
objects_list_ip = []
objects_list_range = []
for ip in range(5,255,5):
data = {"name": f'h_192.168.0.{ip}', "ip-address": f'192.168.0.{ip}'}
objects_list_ip.append(data)
first_ip = 1
last_ip = 4
while last_ip < 255:
data = {"name": f"r_192.168.0.{first_ip}-{last_ip}", "ip-address-first": f"192.168.0.{first_ip}", "ip-address-last": f"192.168.0.{last_ip}"}
objects_list_range.append(data)
first_ip+=5
last_ip+=5
data_for_batch = {
"objects" : [ {
"type" : "host",
"list" : objects_list_ip
}, {
"type" : "address-range",
"list" : objects_list_range
}]
}
with APIClient(client_args) as client:
login = client.login_with_api_key('3TsbPJ8ZKjaJGvFyoFqHFA==')
add_objects_batch = client.api_call("add-objects-batch", data_for_batch)
stop = timeit.default_timer()
publish = client.api_call("publish")
print(f'Time to execute batch request: {stop - start} seconds')
Et currit hoc scriptum in mea lab environment ab 3 ad 7 secundis, secundum onus in calculonis servi. Id est, in mediocris, in CI obiectis API, batch genus vocationis 101 tempore velocius decurrit. In pluribus obiectis differentia magis infigenda erit.
Nunc videamus quomodo laborare set obiecti-batch. Hoc API vocatione utens, molem quamlibet modulum mutare possumus. Primum dimidium inscriptionum ab exemplo priore (usque ad .124 exercituum, et etiam vagatur) colori siennae constituamus, et colorem khaki dimidiae inscriptionum adscribamus.
Mutato colore rerum creatarum in exemplo praecedente
from cpapi import APIClient, APIClientArgs
client_args = APIClientArgs(server="192.168.47.240")
objects_list_ip_first = []
objects_list_range_first = []
objects_list_ip_second = []
objects_list_range_second = []
for ip in range(5,125,5):
data = {"name": f'h_192.168.0.{ip}', "color": "sienna"}
objects_list_ip_first.append(data)
for ip in range(125,255,5):
data = {"name": f'h_192.168.0.{ip}', "color": "khaki"}
objects_list_ip_second.append(data)
first_ip = 1
last_ip = 4
while last_ip < 125:
data = {"name": f"r_192.168.0.{first_ip}-{last_ip}", "color": "sienna"}
objects_list_range_first.append(data)
first_ip+=5
last_ip+=5
while last_ip < 255:
data = {"name": f"r_192.168.0.{first_ip}-{last_ip}", "color": "khaki"}
objects_list_range_second.append(data)
first_ip+=5
last_ip+=5
data_for_batch_first = {
"objects" : [ {
"type" : "host",
"list" : objects_list_ip_first
}, {
"type" : "address-range",
"list" : objects_list_range_first
}]
}
data_for_batch_second = {
"objects" : [ {
"type" : "host",
"list" : objects_list_ip_second
}, {
"type" : "address-range",
"list" : objects_list_range_second
}]
}
with APIClient(client_args) as client:
login = client.login_with_api_key('3TsbPJ8ZKjaJGvFyoFqHFA==')
set_objects_batch_first = client.api_call("set-objects-batch", data_for_batch_first)
set_objects_batch_second = client.api_call("set-objects-batch", data_for_batch_second)
publish = client.api_call("publish")
Pluribus obiectis in uno API vocationem delere potes utens delete obiecti, batch. Nunc exemplum inspiciamus codicem qui omnes exercituum deletiones antea per creatas addendi obiecti-batch.
Deletis obiecti per delete-obiecti-batch
from cpapi import APIClient, APIClientArgs
client_args = APIClientArgs(server="192.168.47.240")
objects_list_ip = []
objects_list_range = []
for ip in range(5,255,5):
data = {"name": f'h_192.168.0.{ip}'}
objects_list_ip.append(data)
first_ip = 1
last_ip = 4
while last_ip < 255:
data = {"name": f"r_192.168.0.{first_ip}-{last_ip}"}
objects_list_range.append(data)
first_ip+=5
last_ip+=5
data_for_batch = {
"objects" : [ {
"type" : "host",
"list" : objects_list_ip
}, {
"type" : "address-range",
"list" : objects_list_range
}]
}
with APIClient(client_args) as client:
login = client.login_with_api_key('3TsbPJ8ZKjaJGvFyoFqHFA==')
delete_objects_batch = client.api_call("delete-objects-batch", data_for_batch)
publish = client.api_call("publish")
print(delete_objects_batch.data)
Munera omnia quae in novis emissiones punctum programmatis perscriptio apparent API vocat statim acquirunt. Ita in R80.40 tales "lineamenta" ut Revert ad emendationem et Smart Task apparuit, et API vocati respondentes illis statim praeparatae sunt. Praeterea, omnis functionalitas cum ex Legato movens ad Politiam Unitariam solatur, etiam API subsidium acquirit. Exempli gratia, diu expectata renovatio in R80.40 versionis programmata erat motus inspectionis consilii HTTPS a Legacy modo ad modum politiae Unitae, et haec officia statim API vocat. Exemplum huius codicis, qui regulam addit ad summam positionem inspectionis consilii HTTPS quae 3 praedicamenta ab inspectione exclusit (Salus, Finance, Government Services), quae inspectione secundum legem in multis regionibus prohibentur.
Addere regulae in HTTPS inspectionis consilium
from cpapi import APIClient, APIClientArgs
client_args = APIClientArgs(server="192.168.47.240")
data = {
"layer" : "Default Layer",
"position" : "top",
"name" : "Legal Requirements",
"action": "bypass",
"site-category": ["Health", "Government / Military", "Financial Services"]
}
with APIClient(client_args) as client:
login = client.login_with_api_key('3TsbPJ8ZKjaJGvFyoFqHFA==')
add_https_rule = client.api_call("add-https-rule", data)
publish = client.api_call("publish")
Currit pythonem scripta in perscriptio servo perscriptio
Omnia idem est Informationes continet quomodo scripta Python directe e custodia potestate currere possit. Hoc commodum esse potest cum cum servo API ex alia machina coniungere non potes. Dixi sex minutas video in quibus installing modulus aspicio cpapi lineamentaque cursus scriptorum Pythonis in servo moderante. Exemplum, scriptum currit ut automates configurationem portae novae pro munere retis audientis Securitas CheckUp. Inter notas quas agere habui: munus nondum apparuit in Pythone 2.7 input, ita ut processus informationes utentis intrat, functio adhibetur raw_input. Alioquin idem est signum quod ex aliis machinis deducendis, solum officio uti commodius est login_as_root, ita ut ne nomen tuum usoris, tesserae et IP inscriptio iterum servientis designes.
Scriptor enim velox setup de Securitatis CheckUp
from __future__ import print_function
import getpass
import sys, os
sys.path.append(os.path.abspath(os.path.join(os.path.dirname(__file__), '..')))
from cpapi import APIClient, APIClientArgs
def main():
with APIClient() as client:
# if client.check_fingerprint() is False:
# print("Could not get the server's fingerprint - Check connectivity with the server.")
# exit(1)
login_res = client.login_as_root()
if login_res.success is False:
print("Login failed:n{}".format(login_res.error_message))
exit(1)
gw_name = raw_input("Enter the gateway name:")
gw_ip = raw_input("Enter the gateway IP address:")
if sys.stdin.isatty():
sic = getpass.getpass("Enter one-time password for the gateway(SIC): ")
else:
print("Attention! Your password will be shown on the screen!")
sic = raw_input("Enter one-time password for the gateway(SIC): ")
version = raw_input("Enter the gateway version(like RXX.YY):")
add_gw = client.api_call("add-simple-gateway", {'name' : gw_name, 'ipv4-address' : gw_ip, 'one-time-password' : sic, 'version': version.capitalize(), 'application-control' : 'true', 'url-filtering' : 'true', 'ips' : 'true', 'anti-bot' : 'true', 'anti-virus' : 'true', 'threat-emulation' : 'true'})
if add_gw.success and add_gw.data['sic-state'] != "communicating":
print("Secure connection with the gateway hasn't established!")
exit(1)
elif add_gw.success:
print("The gateway was added successfully.")
gw_uid = add_gw.data['uid']
gw_name = add_gw.data['name']
else:
print("Failed to add the gateway - {}".format(add_gw.error_message))
exit(1)
change_policy = client.api_call("set-access-layer", {"name" : "Network", "applications-and-url-filtering": "true", "content-awareness": "true"})
if change_policy.success:
print("The policy has been changed successfully")
else:
print("Failed to change the policy- {}".format(change_policy.error_message))
change_rule = client.api_call("set-access-rule", {"name" : "Cleanup rule", "layer" : "Network", "action": "Accept", "track": {"type": "Detailed Log", "accounting": "true"}})
if change_rule.success:
print("The cleanup rule has been changed successfully")
else:
print("Failed to change the cleanup rule- {}".format(change_rule.error_message))
# publish the result
publish_res = client.api_call("publish", {})
if publish_res.success:
print("The changes were published successfully.")
else:
print("Failed to publish the changes - {}".format(install_tp_policy.error_message))
install_access_policy = client.api_call("install-policy", {"policy-package" : "Standard", "access" : 'true', "threat-prevention" : 'false', "targets" : gw_uid})
if install_access_policy.success:
print("The access policy has been installed")
else:
print("Failed to install access policy - {}".format(install_tp_policy.error_message))
install_tp_policy = client.api_call("install-policy", {"policy-package" : "Standard", "access" : 'false', "threat-prevention" : 'true', "targets" : gw_uid})
if install_tp_policy.success:
print("The threat prevention policy has been installed")
else:
print("Failed to install threat prevention policy - {}".format(install_tp_policy.error_message))
# add passwords and passphrases to dictionary
with open('additional_pass.conf') as f:
line_num = 0
for line in f:
line_num += 1
add_password_dictionary = client.api_call("run-script", {"script-name" : "Add passwords and passphrases", "script" : "printf "{}" >> $FWDIR/conf/additional_pass.conf".format(line), "targets" : gw_name})
if add_password_dictionary.success:
print("The password dictionary line {} was added successfully".format(line_num))
else:
print("Failed to add the dictionary - {}".format(add_password_dictionary.error_message))
main() Exemplum fasciculi cum password dictionary additional_pass.conf
{
"passwords" : ["malware","malicious","infected","Infected"],
"phrases" : ["password","Password","Pass","pass","codigo","key","pwd","пароль","Пароль","Ключ","ключ","шифр","Шифр"]
}
conclusio,
Hic articulus examinat solum praecipuas facultates laboris Python SDK et modulus cpapi(ut suspicari poteras, haec actualiter synonyma sunt), et in hoc modulo perscrutando codicem plura etiam facultates in operando reperies. Fieri potest ut eam suis ordinibus, functionibus, modis et variabilibus rebus supplere velis. Semper communicare potes opus tuum ac videre alia scripta pro Check Point in sectione in civitatem quae efficit utentes productos tincidunt et utentes.
Felix coding et gratiarum actio ad finem legendi!
Source: www.habr.com