Mphamvu yonse yolumikizana ndi ma API imawululidwa ikagwiritsidwa ntchito limodzi ndi pulogalamu yamapulogalamu, zikafika zotheka kupanga zopempha za API ndi zida zowunikira mayankho a API. Komabe, zikadali zosazindikirika Python Software Development Kit (pamenepa amatchedwa Python SDK) ya Check Point Management API, koma pachabe. Imathandizira kwambiri moyo wa opanga ndi okonda makina. Python yatchuka kwambiri posachedwa ndipo ndidaganiza zodzaza kusiyana ndikuwunikanso zazikuluzikulu. . Nkhaniyi ndiyowonjezera bwino ku nkhani ina ya HabrΓ© . Tiwona momwe tingalembere zolemba pogwiritsa ntchito Python SDK ndikuyang'anitsitsa magwiridwe antchito a Management API mu mtundu 1.6 (wothandizidwa kuyambira pa R80.40). Kuti mumvetse nkhaniyi, mufunika chidziwitso choyambirira chogwira ntchito ndi APIs ndi Python.
Check Point ikupanga API mwachangu ndipo pakali pano zotsatirazi zatulutsidwa:
- - gwirani ntchito ndi seva yowongolera kudzera pa API (ndi kuthekera kolemba zolemba pazipata zoyendetsedwa ndi seva yowongolera)
- - gwiritsani ntchito zipata zachitetezo
- - kugwira ntchito ndi sandbox mumtambo wa Check Point
- - kugwira ntchito ndi tsamba la Identity Awareness pazipata
- - gwirani ntchito ndi SMB gateway management portal ()
- - kuyanjana ndi olamulira a IoT
- - ntchito ndi (SD-WAN chitetezo yankho)
- - ntchito ndi
Python SDK pakadali pano imathandizira kulumikizana ndi Management API ndi Gaia API. Tiwona makalasi ofunikira kwambiri, njira ndi zosintha mu gawoli.
Kuyika moduli
Gawo cpapi imakhazikitsa mwachangu komanso mosavuta kuchokera ndi thandizo pip. Tsatanetsatane unsembe malangizo akupezeka mu . Module iyi idasinthidwa kuti igwire ntchito ndi mitundu ya Python 2.7 ndi 3.7. M'nkhaniyi, zitsanzo zidzaperekedwa pogwiritsa ntchito Python 3.7. Komabe, Python SDK ikhoza kuyendetsedwa mwachindunji kuchokera ku Check Point Management Server (Smart Management), koma imangothandiza Python 2.7, kotero gawo lomaliza lidzapereka code ya version 2.7. Nditangokhazikitsa gawoli, ndikupangira kuyang'ana zitsanzo muzowongolera zitsanzo_python2 ΠΈ zitsanzo_python3.
Kuyamba
Kuti tithe kugwira ntchito ndi zigawo za cpapi module, tiyenera kuitanitsa kuchokera ku module cpapi makalasi osachepera awiri ofunikira:
APIClient ΠΈ APIClientArgs
from cpapi import APIClient, APIClientArgs
Kalasi APIClientArgs imayang'anira magawo olumikizirana ndi seva ya API, ndi kalasi APIClient ali ndi udindo wolumikizana ndi API.
Kusankha magawo olumikizirana
Kuti mufotokoze magawo osiyanasiyana olumikizira ku API, muyenera kupanga chitsanzo cha kalasi APIClientArgs. M'malo mwake, magawo ake amafotokozedwatu ndipo akamayendetsa script pa seva yolamulira, safunikira kufotokozedwa.
client_args = APIClientArgs()Koma mukamagwira ntchito pagulu lachitatu, muyenera kufotokoza adilesi ya IP kapena dzina la seva ya API (yomwe imadziwikanso kuti seva yoyang'anira). Muchitsanzo chomwe chili m'munsimu, timatanthauzira chizindikiro cholumikizira seva ndikuchipatsa adilesi ya IP ya seva yoyang'anira ngati chingwe.
client_args = APIClientArgs(server='192.168.47.241')Tiyeni tiwone magawo onse ndi zosintha zawo zomwe zingagwiritsidwe ntchito polumikizana ndi seva ya API:
Zotsutsana za __init__ njira ya kalasi ya APIClientArgs
class APIClientArgs:
"""
This class provides arguments for APIClient configuration.
All the arguments are configured with their default values.
"""
# port is set to None by default, but it gets replaced with 443 if not specified
# context possible values - web_api (default) or gaia_api
def __init__(self, port=None, fingerprint=None, sid=None, server="127.0.0.1", http_debug_level=0,
api_calls=None, debug_file="", proxy_host=None, proxy_port=8080,
api_version=None, unsafe=False, unsafe_auto_accept=False, context="web_api"):
self.port = port
# management server fingerprint
self.fingerprint = fingerprint
# session-id.
self.sid = sid
# management server name or IP-address
self.server = server
# debug level
self.http_debug_level = http_debug_level
# an array with all the api calls (for debug purposes)
self.api_calls = api_calls if api_calls else []
# name of debug file. If left empty, debug data will not be saved to disk.
self.debug_file = debug_file
# HTTP proxy server address (without "http://")
self.proxy_host = proxy_host
# HTTP proxy port
self.proxy_port = proxy_port
# Management server's API version
self.api_version = api_version
# Indicates that the client should not check the server's certificate
self.unsafe = unsafe
# Indicates that the client should automatically accept and save the server's certificate
self.unsafe_auto_accept = unsafe_auto_accept
# The context of using the client - defaults to web_api
self.context = contextNdikukhulupirira kuti mikangano yomwe ingagwiritsidwe ntchito pagulu la APIClientArgs ndi yabwino kwa oyang'anira Check Point ndipo safuna ndemanga zowonjezera.
Kulumikizana kudzera pa APIClient ndi woyang'anira nkhani
Kalasi APIClient Njira yabwino kwambiri yogwiritsira ntchito ndi kudzera mwa woyang'anira nkhani. Zonse zomwe zimayenera kuperekedwa ku chitsanzo cha APIClient kalasi ndi magawo olumikizira omwe adafotokozedwa mu sitepe yapitayi.
with APIClient(client_args) as client:
Woyang'anira nkhani sangangoyimba foni yolowera ku seva ya API, koma imayimba foni ikatuluka. Ngati pazifukwa zina kutuluka sikofunikira mukamaliza kugwira ntchito ndi mafoni a API, muyenera kuyamba kugwira ntchito osagwiritsa ntchito woyang'anira nkhani:
client = APIClient(clieng_args)Mayeso a kulumikizana
Njira yosavuta yowonera ngati kulumikizana kukugwirizana ndi magawo omwe atchulidwa ndikugwiritsa ntchito njirayi check_zisindikizo zala. Ngati chitsimikiziro cha sha1 hash sum pa chala cha satifiketi ya API sichikanika (njira yobwerera chonyenga), ndiye izi nthawi zambiri zimayamba chifukwa cha zovuta zolumikizana ndipo titha kuyimitsa pulogalamuyo (kapena kupatsa wogwiritsa ntchito mwayi wokonza zolumikizira):
if client.check_fingerprint() is False:
print("Could not get the server's fingerprint - Check connectivity with the server.")
exit(1)
Chonde dziwani kuti m'tsogolo kalasi APIClient iwona kuyimba kulikonse kwa API (njira api_call ΠΈ api_query, tikambirana za iwo patsogolo pang'ono) satifiketi ya sha1 pa seva ya API. Koma ngati, poyang'ana chala cha sha1 cha satifiketi ya seva ya API, cholakwika chapezeka (satifiketi sichidziwika kapena chasinthidwa), njirayo. check_zisindikizo zala adzapereka mwayi kuwonjezera / kusintha zambiri za izo pa makina m'deralo basi. Cheke ichi chikhoza kuzimitsidwa kwathunthu (koma izi zitha kulimbikitsidwa ngati zolemba zikuyendetsedwa pa seva ya API yokha, polumikizana ndi 127.0.0.1), pogwiritsa ntchito mkangano wa APIClientArgs - osatetezeka_auto_accept (onani zambiri za APIClientArgs koyambirira kwa "Kufotokozera magawo olumikizirana").
client_args = APIClientArgs(unsafe_auto_accept=True)Lowani ku seva ya API
Π£ APIClient pali njira zambiri za 3 zolowera mu seva ya API, ndipo iliyonse imamvetsetsa tanthauzo lake sid(gawo-id), yomwe imagwiritsidwa ntchito yokha pa kuyimba kulikonse kotsatira kwa API pamutu (dzina lomwe lili pamutu wa parameter iyi ndi X-chkp-sid), kotero palibe chifukwa chopititsira patsogolo ndondomekoyi.
njira yolowera
Njira yolowera ndi mawu achinsinsi (mwachitsanzo, dzina lolowera ndi mawu achinsinsi 1q2w3e amaperekedwa ngati mikangano):
login = client.login('admin', '1q2w3e') Zowonjezera zina zomwe mungasankhe ziliponso munjira yolowera; nawa mayina awo ndi mayendedwe osakhazikika:
continue_last_session=False, domain=None, read_only=False, payload=NoneLogin_with_api_key njira
Kusankha pogwiritsa ntchito kiyi ya api (yothandizidwa kuyambira mtundu wa kasamalidwe R80.40/Management API v1.6, "3TsbPJ8ZKjaJGvFyoFqHFA==" ili ndiye chinsinsi cha API cha m'modzi mwa ogwiritsa ntchito pa seva yoyang'anira ndi njira yololeza makiyi a API):
login = client.login_with_api_key('3TsbPJ8ZKjaJGvFyoFqHFA==') Mu njira lowani_ndi_api_key zomwezo zomwe mungasankhe zilipo monga momwe zilili mu njira Lowani muakaunti.
login_as_root njira
Njira yolowera kumakina akomweko ndi seva ya API:
login = client.login_as_root()Pali magawo awiri okha omwe angatsatire njira iyi:
domain=None, payload=NoneNdipo potsiriza API amadzitcha okha
Tili ndi njira ziwiri zopangira mafoni a API kudzera munjira api_call ΠΈ api_query. Tiyeni tione kusiyana pakati pawo.
api_call
Njirayi imagwira ntchito pama foni aliwonse. Tiyenera kudutsa gawo lomaliza la kuyimba kwa api ndi kulipira mu bungwe lopempha ngati kuli kofunikira. Ngati malipiro alibe kanthu, ndiye kuti sangathe kufalitsidwa konse:
api_versions = client.api_call('show-api-versions') Kutulutsa kwa pempho ili pansipa kudulidwa:
In [23]: api_versions
Out[23]:
APIResponse({
"data": {
"current-version": "1.6",
"supported-versions": [
"1",
"1.1",
"1.2",
"1.3",
"1.4",
"1.5",
"1.6"
]
},
"res_obj": {
"data": {
"current-version": "1.6",
"supported-versions": [
"1",
"1.1",
"1.2",
"1.3",
"1.4",
"1.5",
"1.6"
]
},
"status_code": 200
},
"status_code": 200,
"success": true
})
show_host = client.api_call('show-host', {'name' : 'h_8.8.8.8'})Kutulutsa kwa pempho ili pansipa kudulidwa:
In [25]: show_host
Out[25]:
APIResponse({
"data": {
"color": "black",
"comments": "",
"domain": {
"domain-type": "domain",
"name": "SMC User",
"uid": "41e821a0-3720-11e3-aa6e-0800200c9fde"
},
"groups": [],
"icon": "Objects/host",
"interfaces": [],
"ipv4-address": "8.8.8.8",
"meta-info": {
"creation-time": {
"iso-8601": "2020-05-01T21:49+0300",
"posix": 1588358973517
},
"creator": "admin",
"last-modifier": "admin",
"last-modify-time": {
"iso-8601": "2020-05-01T21:49+0300",
"posix": 1588358973517
},
"lock": "unlocked",
"validation-state": "ok"
},
"name": "h_8.8.8.8",
"nat-settings": {
"auto-rule": false
},
"read-only": false,
"tags": [],
"type": "host",
"uid": "c210af07-1939-49d3-a351-953a9c471d9e"
},
"res_obj": {
"data": {
"color": "black",
"comments": "",
"domain": {
"domain-type": "domain",
"name": "SMC User",
"uid": "41e821a0-3720-11e3-aa6e-0800200c9fde"
},
"groups": [],
"icon": "Objects/host",
"interfaces": [],
"ipv4-address": "8.8.8.8",
"meta-info": {
"creation-time": {
"iso-8601": "2020-05-01T21:49+0300",
"posix": 1588358973517
},
"creator": "admin",
"last-modifier": "admin",
"last-modify-time": {
"iso-8601": "2020-05-01T21:49+0300",
"posix": 1588358973517
},
"lock": "unlocked",
"validation-state": "ok"
},
"name": "h_8.8.8.8",
"nat-settings": {
"auto-rule": false
},
"read-only": false,
"tags": [],
"type": "host",
"uid": "c210af07-1939-49d3-a351-953a9c471d9e"
},
"status_code": 200
},
"status_code": 200,
"success": true
})
api_query
Ndiroleni ndisungitse nthawi yomweyo kuti njirayi imagwira ntchito pama foni okha omwe kutulutsa kwawo kumakhudza kuchotsera. Kulingalira koteroko kumachitika pamene ili ndi zambiri kapena ingakhale ndi zambiri. Mwachitsanzo, izi zitha kukhala pempho la mndandanda wazinthu zonse zomwe zidapangidwa pa seva yoyang'anira. Pazopempha zoterezi, API imabwezera mndandanda wa zinthu 50 mwachisawawa (mukhoza kuwonjezera malire ku zinthu 500 poyankha). Ndipo kuti musakoke zambiri kangapo, kusintha magawo osinthika mu pempho la API, pali njira ya api_query yomwe imagwira ntchitoyi yokha. Zitsanzo za mafoni omwe njira iyi ikufunika: magawo owonetsera, otsogolera, owonetsera-mawonekedwe, makadi owonetsera, magulu owonetsera, ma adilesi-madiresi, zipata zowonetsera, magulu owonetsera-osavuta, magawo owonetsera, makasitomala odalirika, mawonekedwe-paketi. M'malo mwake, tikuwona mawu ochulukirapo m'dzina la mafoni a API awa, kotero kuti mafoniwa azikhala osavuta kuthana nawo api_query
show_hosts = client.api_query('show-hosts') Kutulutsa kwa pempho ili pansipa kudulidwa:
In [21]: show_hosts
Out[21]:
APIResponse({
"data": [
{
"domain": {
"domain-type": "domain",
"name": "SMC User",
"uid": "41e821a0-3720-11e3-aa6e-0800200c9fde"
},
"ipv4-address": "192.168.47.1",
"name": "h_192.168.47.1",
"type": "host",
"uid": "5d7d7086-d70b-4995-971a-0583b15a2bfc"
},
{
"domain": {
"domain-type": "domain",
"name": "SMC User",
"uid": "41e821a0-3720-11e3-aa6e-0800200c9fde"
},
"ipv4-address": "8.8.8.8",
"name": "h_8.8.8.8",
"type": "host",
"uid": "c210af07-1939-49d3-a351-953a9c471d9e"
}
],
"res_obj": {
"data": {
"from": 1,
"objects": [
{
"domain": {
"domain-type": "domain",
"name": "SMC User",
"uid": "41e821a0-3720-11e3-aa6e-0800200c9fde"
},
"ipv4-address": "192.168.47.1",
"name": "h_192.168.47.1",
"type": "host",
"uid": "5d7d7086-d70b-4995-971a-0583b15a2bfc"
},
{
"domain": {
"domain-type": "domain",
"name": "SMC User",
"uid": "41e821a0-3720-11e3-aa6e-0800200c9fde"
},
"ipv4-address": "8.8.8.8",
"name": "h_8.8.8.8",
"type": "host",
"uid": "c210af07-1939-49d3-a351-953a9c471d9e"
}
],
"to": 2,
"total": 2
},
"status_code": 200
},
"status_code": 200,
"success": true
})
Kukonza zotsatira za mafoni a API
Pambuyo pake, mutha kugwiritsa ntchito zosinthika ndi njira zamakalasi APIResponse(onse mkati mwa woyang'anira nkhani ndi kunja). Ku kalasi APIResponse Njira 4 ndi masinthidwe 5 adafotokozedweratu; tidzakambirana zofunika kwambiri mwatsatanetsatane.
bwino
Poyamba, lingakhale lingaliro labwino kuwonetsetsa kuti kuyimba kwa API kunali kopambana ndikubweza zotsatira. Pali njira ya izi bwino:
In [49]: api_versions.success
Out[49]: True
Kubweza Zoona ngati kuyimba kwa API kudachita bwino (khodi yoyankhira - 200) ndi Zonama ngati sizinapambane (khodi ina iliyonse yoyankhira). Ndikosavuta kugwiritsa ntchito mukangoyimba foni ya API kuti muwonetse zidziwitso zosiyanasiyana kutengera nambala yoyankha.
if api_ver.success:
print(api_versions.data)
else:
print(api_versions.err_message) kodi kodi
Imabweza khodi yoyankhira foni ya API itayimbidwa.
In [62]: api_versions.status_code
Out[62]: 400
Makhodi omwe mungayankhe: 200,400,401,403,404,409,500,501.
set_success_status
Pankhaniyi, pangakhale kofunikira kusintha mtengo wa chipambano. Mwaukadaulo, mutha kuyika chilichonse pamenepo, ngakhale chingwe chokhazikika. Koma chitsanzo chenicheni chingakhale kukhazikitsanso parameter iyi ku False pansi pazifukwa zina. Pansipa, tcherani khutu ku chitsanzo ngati pali ntchito zomwe zikuyenda pa seva yoyang'anira, koma tiwona kuti pempholi silinapambane (tidzakhazikitsa kusintha kopambana kuti chonyenga, ngakhale kuti kuyimba kwa API kunali kopambana ndikubweza khodi 200).
for task in task_result.data["tasks"]:
if task["status"] == "failed" or task["status"] == "partially succeeded":
task_result.set_success_status(False)
breakyankho ()
Njira yoyankhira imakupatsani mwayi wowona mtanthauzira mawu ndi nambala yoyankhira (status_code) ndi gulu loyankhira (thupi).
In [94]: api_versions.response()
Out[94]:
{'status_code': 200,
'data': {'current-version': '1.6',
'supported-versions': ['1', '1.1', '1.2', '1.3', '1.4', '1.5', '1.6']}}
deta
Amakulolani kuti muwone thupi lokhalo (thupi) popanda chidziwitso chosafunika.
In [93]: api_versions.data
Out[93]:
{'current-version': '1.6',
'supported-versions': ['1', '1.1', '1.2', '1.3', '1.4', '1.5', '1.6']}
error_message
Izi zimangopezeka pamene cholakwika chidachitika pokonza pempho la API (kodi yoyankha osati 200). Chitsanzo chotuluka
In [107]: api_versions.error_message
Out[107]: 'code: generic_err_invalid_parameter_namenmessage: Unrecognized parameter [1]n'
Zitsanzo zothandiza
Zotsatirazi ndi zitsanzo zomwe zimagwiritsa ntchito mafoni a API omwe adawonjezedwa mu Management API 1.6.
Choyamba, tiyeni tiwone momwe mafoni amagwirira ntchito add-host ΠΈ kuwonjezera-adilesi-siyana. Tiyerekeze kuti tikufunika kupanga ma adilesi onse a IP a subnet 192.168.0.0/24, octet yomaliza yomwe ndi 5, monga zinthu zamtundu wa wolandila, ndikulemba ma adilesi ena onse a IP ngati zinthu zamtundu wa ma adilesi. Pankhaniyi, osaphatikiza adilesi ya subnet ndi adilesi yowulutsa.
Chifukwa chake, pansipa pali script yomwe imathetsa vutoli ndikupanga zinthu 50 zamtundu wa wolandila ndi zinthu 51 zamtundu wa adilesi. Kuti athetse vutoli, mafoni a 101 API amafunikira (osawerengera kuyimba komaliza). Komanso, pogwiritsa ntchito gawo la timeit, timawerengera nthawi yomwe imafunika kuti tigwiritse ntchito script mpaka zosinthazo zitasindikizidwa.
Lembani pogwiritsa ntchito add-host ndi add-address-range
import timeit
from cpapi import APIClient, APIClientArgs
start = timeit.default_timer()
first_ip = 1
last_ip = 4
client_args = APIClientArgs(server="192.168.47.240")
with APIClient(client_args) as client:
login = client.login_with_api_key('3TsbPJ8ZKjaJGvFyoFqHFA==')
for ip in range(5,255,5):
add_host = client.api_call("add-host", {"name" : f"h_192.168.0.{ip}", "ip-address": f'192.168.0.{ip}'})
while last_ip < 255:
add_range = client.api_call("add-address-range", {"name": f"r_192.168.0.{first_ip}-{last_ip}", "ip-address-first": f"192.168.0.{first_ip}", "ip-address-last": f"192.168.0.{last_ip}"})
first_ip+=5
last_ip+=5
stop = timeit.default_timer()
publish = client.api_call("publish")
print(f'Time to execute batch request: {stop - start} seconds')
M'malo anga a labu, script iyi imatenga pakati pa 30 ndi 50 masekondi kuti ichitike, kutengera katundu pa seva yoyang'anira.
Tsopano tiyeni tiwone momwe tingathetsere vuto lomwelo pogwiritsa ntchito foni ya API kuwonjezera-zinthu-gulu, chithandizo chomwe chinawonjezedwa mu API version 1.6. Kuitana uku kumakupatsani mwayi wopanga zinthu zambiri nthawi imodzi muzopempha za API imodzi. Komanso, izi zitha kukhala zinthu zamitundu yosiyanasiyana (mwachitsanzo, makamu, ma subnets ndi ma adilesi osiyanasiyana). Chifukwa chake, ntchito yathu itha kuthetsedwa mkati mwa mayendedwe a foni imodzi ya API.
Lembani pogwiritsa ntchito add-objects-batch
import timeit
from cpapi import APIClient, APIClientArgs
start = timeit.default_timer()
client_args = APIClientArgs(server="192.168.47.240")
objects_list_ip = []
objects_list_range = []
for ip in range(5,255,5):
data = {"name": f'h_192.168.0.{ip}', "ip-address": f'192.168.0.{ip}'}
objects_list_ip.append(data)
first_ip = 1
last_ip = 4
while last_ip < 255:
data = {"name": f"r_192.168.0.{first_ip}-{last_ip}", "ip-address-first": f"192.168.0.{first_ip}", "ip-address-last": f"192.168.0.{last_ip}"}
objects_list_range.append(data)
first_ip+=5
last_ip+=5
data_for_batch = {
"objects" : [ {
"type" : "host",
"list" : objects_list_ip
}, {
"type" : "address-range",
"list" : objects_list_range
}]
}
with APIClient(client_args) as client:
login = client.login_with_api_key('3TsbPJ8ZKjaJGvFyoFqHFA==')
add_objects_batch = client.api_call("add-objects-batch", data_for_batch)
stop = timeit.default_timer()
publish = client.api_call("publish")
print(f'Time to execute batch request: {stop - start} seconds')
Ndipo kuyendetsa script mu labu yanga kumatenga masekondi 3 mpaka 7, kutengera katundu pa seva yoyang'anira. Ndiye kuti, pafupifupi, pa zinthu 101 API, kuyimba kwamtundu wa batch kumathamanga nthawi 10 mwachangu. Pazinthu zazikuluzikulu kusiyana kudzakhala kochititsa chidwi kwambiri.
Tsopano tiyeni tione mmene ntchito seti-zinthu-mgulu. Pogwiritsa ntchito kuyimba kwa API iyi, titha kusintha zambiri. Tiyeni tiyike theka loyamba la maadiresi kuchokera ku chitsanzo cham'mbuyo (mpaka .124 makamu, ndi mizere nawonso) ku mtundu wa sienna, ndikugawa mtundu wa khaki ku theka lachiwiri la maadiresi.
Kusintha mtundu wa zinthu zomwe zidapangidwa mu chitsanzo chapitacho
from cpapi import APIClient, APIClientArgs
client_args = APIClientArgs(server="192.168.47.240")
objects_list_ip_first = []
objects_list_range_first = []
objects_list_ip_second = []
objects_list_range_second = []
for ip in range(5,125,5):
data = {"name": f'h_192.168.0.{ip}', "color": "sienna"}
objects_list_ip_first.append(data)
for ip in range(125,255,5):
data = {"name": f'h_192.168.0.{ip}', "color": "khaki"}
objects_list_ip_second.append(data)
first_ip = 1
last_ip = 4
while last_ip < 125:
data = {"name": f"r_192.168.0.{first_ip}-{last_ip}", "color": "sienna"}
objects_list_range_first.append(data)
first_ip+=5
last_ip+=5
while last_ip < 255:
data = {"name": f"r_192.168.0.{first_ip}-{last_ip}", "color": "khaki"}
objects_list_range_second.append(data)
first_ip+=5
last_ip+=5
data_for_batch_first = {
"objects" : [ {
"type" : "host",
"list" : objects_list_ip_first
}, {
"type" : "address-range",
"list" : objects_list_range_first
}]
}
data_for_batch_second = {
"objects" : [ {
"type" : "host",
"list" : objects_list_ip_second
}, {
"type" : "address-range",
"list" : objects_list_range_second
}]
}
with APIClient(client_args) as client:
login = client.login_with_api_key('3TsbPJ8ZKjaJGvFyoFqHFA==')
set_objects_batch_first = client.api_call("set-objects-batch", data_for_batch_first)
set_objects_batch_second = client.api_call("set-objects-batch", data_for_batch_second)
publish = client.api_call("publish")
Mutha kufufuta zinthu zingapo mufoni imodzi ya API pogwiritsa ntchito chotsani-zinthu-gulu. Tsopano tiyeni tiwone chitsanzo cha code chomwe chimachotsa makamu onse omwe adapangidwa kale kudzera kuwonjezera-zinthu-gulu.
Kuchotsa zinthu pogwiritsa ntchito delete-objects-batch
from cpapi import APIClient, APIClientArgs
client_args = APIClientArgs(server="192.168.47.240")
objects_list_ip = []
objects_list_range = []
for ip in range(5,255,5):
data = {"name": f'h_192.168.0.{ip}'}
objects_list_ip.append(data)
first_ip = 1
last_ip = 4
while last_ip < 255:
data = {"name": f"r_192.168.0.{first_ip}-{last_ip}"}
objects_list_range.append(data)
first_ip+=5
last_ip+=5
data_for_batch = {
"objects" : [ {
"type" : "host",
"list" : objects_list_ip
}, {
"type" : "address-range",
"list" : objects_list_range
}]
}
with APIClient(client_args) as client:
login = client.login_with_api_key('3TsbPJ8ZKjaJGvFyoFqHFA==')
delete_objects_batch = client.api_call("delete-objects-batch", data_for_batch)
publish = client.api_call("publish")
print(delete_objects_batch.data)
Ntchito zonse zomwe zimawoneka pazotulutsa zatsopano za pulogalamu ya Check Point nthawi yomweyo zimapeza mafoni a API. Chifukwa chake, mu R80.40 "mawonekedwe" oterowo monga Revert to revision and Smart Task adawonekera, ndipo mafoni ofananira a API adawakonzera nthawi yomweyo. Kuphatikiza apo, magwiridwe antchito onse mukasuntha kuchoka ku Legacy kupita ku Unified Policy mode amapezanso chithandizo cha API. Mwachitsanzo, zosintha zomwe zakhala zikuyembekezeredwa kwanthawi yayitali mu pulogalamu ya R80.40 inali kusuntha kwa HTTPS Inspection policy kuchoka ku Legacy kupita ku Unified Policy mode, ndipo magwiridwe antchitowa nthawi yomweyo adalandira mafoni a API. Pano pali chitsanzo cha code yomwe imawonjezera lamulo ku malo apamwamba a ndondomeko ya HTTPS Inspection yomwe imachotsa magulu a 3 kuchokera pakuwunika (Health, Finance, Government Services), zomwe zimaletsedwa kuyang'aniridwa motsatira malamulo m'mayiko angapo.
Onjezani lamulo ku HTTPS Inspection policy
from cpapi import APIClient, APIClientArgs
client_args = APIClientArgs(server="192.168.47.240")
data = {
"layer" : "Default Layer",
"position" : "top",
"name" : "Legal Requirements",
"action": "bypass",
"site-category": ["Health", "Government / Military", "Financial Services"]
}
with APIClient(client_args) as client:
login = client.login_with_api_key('3TsbPJ8ZKjaJGvFyoFqHFA==')
add_https_rule = client.api_call("add-https-rule", data)
publish = client.api_call("publish")
Kuthamanga zolemba za Python pa seva yoyang'anira Check Point
Zonse ndi zofanana lili ndi zambiri zamomwe mungayendetsere zolemba za Python mwachindunji kuchokera pa seva yolamulira. Izi zitha kukhala zabwino mukalephera kulumikizana ndi seva ya API kuchokera pamakina ena. Ndinajambulitsa kanema wamphindi zisanu ndi chimodzi momwe ndimayang'ana pakuyika gawoli cpapi ndi mawonekedwe ogwiritsira ntchito zolemba za Python pa seva yolamulira. Mwachitsanzo, script imayendetsedwa yomwe imangosintha kasinthidwe kachipata chatsopano cha ntchito monga kuwunika kwa netiweki. Security CheckUp. Zina mwazinthu zomwe ndimayenera kuthana nazo: ntchitoyi sinawonekere mu Python 2.7 Zowonjezera, kotero kuti mugwiritse ntchito zomwe wogwiritsa ntchito amalowa, ntchito imagwiritsidwa ntchito yaiwisi_zolowetsa. Kupanda kutero, nambalayo ndi yofanana ndi yoyambira pamakina ena, ndizosavuta kugwiritsa ntchito ntchitoyi lowani_monga_root, kuti musatchule dzina lanu lolowera, mawu achinsinsi ndi adilesi ya IP ya seva yoyang'anira kachiwiri.
Script kuti mukhazikitse mwachangu Security CheckUp
from __future__ import print_function
import getpass
import sys, os
sys.path.append(os.path.abspath(os.path.join(os.path.dirname(__file__), '..')))
from cpapi import APIClient, APIClientArgs
def main():
with APIClient() as client:
# if client.check_fingerprint() is False:
# print("Could not get the server's fingerprint - Check connectivity with the server.")
# exit(1)
login_res = client.login_as_root()
if login_res.success is False:
print("Login failed:n{}".format(login_res.error_message))
exit(1)
gw_name = raw_input("Enter the gateway name:")
gw_ip = raw_input("Enter the gateway IP address:")
if sys.stdin.isatty():
sic = getpass.getpass("Enter one-time password for the gateway(SIC): ")
else:
print("Attention! Your password will be shown on the screen!")
sic = raw_input("Enter one-time password for the gateway(SIC): ")
version = raw_input("Enter the gateway version(like RXX.YY):")
add_gw = client.api_call("add-simple-gateway", {'name' : gw_name, 'ipv4-address' : gw_ip, 'one-time-password' : sic, 'version': version.capitalize(), 'application-control' : 'true', 'url-filtering' : 'true', 'ips' : 'true', 'anti-bot' : 'true', 'anti-virus' : 'true', 'threat-emulation' : 'true'})
if add_gw.success and add_gw.data['sic-state'] != "communicating":
print("Secure connection with the gateway hasn't established!")
exit(1)
elif add_gw.success:
print("The gateway was added successfully.")
gw_uid = add_gw.data['uid']
gw_name = add_gw.data['name']
else:
print("Failed to add the gateway - {}".format(add_gw.error_message))
exit(1)
change_policy = client.api_call("set-access-layer", {"name" : "Network", "applications-and-url-filtering": "true", "content-awareness": "true"})
if change_policy.success:
print("The policy has been changed successfully")
else:
print("Failed to change the policy- {}".format(change_policy.error_message))
change_rule = client.api_call("set-access-rule", {"name" : "Cleanup rule", "layer" : "Network", "action": "Accept", "track": {"type": "Detailed Log", "accounting": "true"}})
if change_rule.success:
print("The cleanup rule has been changed successfully")
else:
print("Failed to change the cleanup rule- {}".format(change_rule.error_message))
# publish the result
publish_res = client.api_call("publish", {})
if publish_res.success:
print("The changes were published successfully.")
else:
print("Failed to publish the changes - {}".format(install_tp_policy.error_message))
install_access_policy = client.api_call("install-policy", {"policy-package" : "Standard", "access" : 'true', "threat-prevention" : 'false', "targets" : gw_uid})
if install_access_policy.success:
print("The access policy has been installed")
else:
print("Failed to install access policy - {}".format(install_tp_policy.error_message))
install_tp_policy = client.api_call("install-policy", {"policy-package" : "Standard", "access" : 'false', "threat-prevention" : 'true', "targets" : gw_uid})
if install_tp_policy.success:
print("The threat prevention policy has been installed")
else:
print("Failed to install threat prevention policy - {}".format(install_tp_policy.error_message))
# add passwords and passphrases to dictionary
with open('additional_pass.conf') as f:
line_num = 0
for line in f:
line_num += 1
add_password_dictionary = client.api_call("run-script", {"script-name" : "Add passwords and passphrases", "script" : "printf "{}" >> $FWDIR/conf/additional_pass.conf".format(line), "targets" : gw_name})
if add_password_dictionary.success:
print("The password dictionary line {} was added successfully".format(line_num))
else:
print("Failed to add the dictionary - {}".format(add_password_dictionary.error_message))
main() Fayilo yachitsanzo yokhala ndi mtanthauzira mawu achinsinsi owonjezera_pass.conf
{
"passwords" : ["malware","malicious","infected","Infected"],
"phrases" : ["password","Password","Pass","pass","codigo","key","pwd","ΠΏΠ°ΡΠΎΠ»Ρ","ΠΠ°ΡΠΎΠ»Ρ","ΠΠ»ΡΡ","ΠΊΠ»ΡΡ","ΡΠΈΡΡ","Π¨ΠΈΡΡ"]
}
Pomaliza
Nkhaniyi ikufotokoza za mwayi wofunikira wa ntchito Python SDK ndi module cpapi(monga momwe mungaganizire, awa ndi ofanana), ndipo powerenga ma code omwe ali mugawoli mupeza mipata yambiri yogwirira nawo ntchito. Ndizotheka kuti mudzafuna kuwonjezera ndi makalasi anu, ntchito, njira ndi zosintha. Mutha kugawana ntchito yanu nthawi zonse ndikuwona zolemba zina za Check Point mugawoli mmudzi , zomwe zimabweretsa pamodzi opanga mankhwala ndi ogwiritsa ntchito.
Zosangalatsa zolembera komanso zikomo powerenga mpaka kumapeto!
Source: www.habr.com