Simba rakazara rekudyidzana nema API rinoratidzwa kana rakashandiswa pamwe chete nekodhi yepurogiramu, kana zvave zvichikwanisika kugadzira zvine simba zvikumbiro zveAPI uye zvishandiso zvekuongorora mhinduro dzeAPI. Zvisinei, inoramba isingaoneki Python Software Development Kit (inozonzi Python SDK) ye Check Point Management API, asi pasina. Iyo inorerutsa zvakanyanya hupenyu hwevagadziri uye otomatiki vanofarira. Python yakawana mukurumbira wakakura nguva pfupi yadarika uye ndakafunga kuzadza gomba uye kuongorora iwo makuru maficha. . Ichi chinyorwa chinoshanda sekuwedzera kwakanaka kune chimwe chinyorwa paHabrΓ© . Tichatarisa manyorero ekunyora tichishandisa iyo Python SDK uye tinyatso tarisisa iyo itsva Management API mashandiro mushanduro 1.6 (inotsigirwa kutanga kubva paR80.40). Kuti unzwisise chinyorwa, iwe uchada ruzivo rwekutanga rwekushanda neAPI uye Python.
Check Point iri kushingaira kugadzira iyo API uye panguva ino zvinotevera zvaburitswa:
- - shanda nesevha yekudzora kuburikidza neAPI (uye kugona kuita zvinyorwa pamagedhi anodzorwa neanodzora server)
- - shanda nemasuwo ekuchengetedza
- - kushanda nebhokisi rejecha muCheck Point gore
- - kushanda neIdentity Awareness blade pamagedhi
- - shanda neSMB gedhi manejimendi portal ()
- -Kudyidzana neIoT controllers
- - kushanda pamwe (SD-WAN kuchengetedza mhinduro)
- - kushanda pamwe
Iyo Python SDK parizvino inotsigira kudyidzana neManagement API uye Gaia API. Isu tichatarisa makirasi akanyanya kukosha, nzira uye akasiyana mune ino module.
Kuisa module
Module cpapi inoisa nekukurumidza uye nyore kubva nerubatsiro Pip. Yakadzama yekuisa mirayiridzo inowanikwa mu . Iyi module yakagadziridzwa kushanda nePython shanduro 2.7 uye 3.7. Muchikamu chino, mienzaniso ichapihwa uchishandisa Python 3.7. Nekudaro, iyo Python SDK inogona kumhanya yakananga kubva kuCheck Point Management Server (Smart Management), asi ivo vanongotsigira Python 2.7, saka chikamu chekupedzisira chinopa kodhi yevhezheni 2.7. Pakarepo mushure mekuisa module, ini ndinokurudzira kutarisa mienzaniso mumadhairekitori mienzaniso_python2 ΠΈ mienzaniso_python3.
kutanga
Kuti isu tikwanise kushanda nezvikamu zveiyo cpapi module, isu tinofanirwa kuunza kubva kune module cpapi angangoita maviri makirasi anodiwa:
APIClient ΠΈ APIClientArgs
from cpapi import APIClient, APIClientArgs
Chikoro APIClientArgs ine basa rekubatanidza paramita kune API server, uye kirasi APIClient ine basa rekudyidzana neiyo API.
Kusarudza kubatanidza parameters
Kutsanangura akasiyana ma paramita ekubatanidza kuAPI, unofanirwa kugadzira muenzaniso wekirasi APIClientArgs. Muchidimbu, maparamita ayo anofanotsanangurwa uye kana achimhanyisa script pane control server, haadi kutaurwa.
client_args = APIClientArgs()Asi kana uchimhanya pane wechitatu-bato rinogamuchira, iwe unofanirwa kutsanangura kanenge IP kero kana zita rekutambira reiyo API server (inozivikanwawo seyo manejimendi server). Mumuenzaniso uri pazasi, tinotsanangura iyo sevha yekubatanidza paramende uye tinoipa iyo IP kero ye server manejimendi setambo.
client_args = APIClientArgs(server='192.168.47.241')Ngatitarisei ese ma parameter uye maitiro avo ekutanga anogona kushandiswa kana achibatanidza kune API server:
Nharo dze __init__ nzira ye APIClientArgs kirasi
class APIClientArgs:
"""
This class provides arguments for APIClient configuration.
All the arguments are configured with their default values.
"""
# port is set to None by default, but it gets replaced with 443 if not specified
# context possible values - web_api (default) or gaia_api
def __init__(self, port=None, fingerprint=None, sid=None, server="127.0.0.1", http_debug_level=0,
api_calls=None, debug_file="", proxy_host=None, proxy_port=8080,
api_version=None, unsafe=False, unsafe_auto_accept=False, context="web_api"):
self.port = port
# management server fingerprint
self.fingerprint = fingerprint
# session-id.
self.sid = sid
# management server name or IP-address
self.server = server
# debug level
self.http_debug_level = http_debug_level
# an array with all the api calls (for debug purposes)
self.api_calls = api_calls if api_calls else []
# name of debug file. If left empty, debug data will not be saved to disk.
self.debug_file = debug_file
# HTTP proxy server address (without "http://")
self.proxy_host = proxy_host
# HTTP proxy port
self.proxy_port = proxy_port
# Management server's API version
self.api_version = api_version
# Indicates that the client should not check the server's certificate
self.unsafe = unsafe
# Indicates that the client should automatically accept and save the server's certificate
self.unsafe_auto_accept = unsafe_auto_accept
# The context of using the client - defaults to web_api
self.context = contextIni ndinotenda kuti nharo dzinogona kushandiswa muzviitiko zve APIClientArgs kirasi ine intuitive kune Check Point maneja uye haidi mamwe maratidziro.
Kubatanidza kuburikidza ne APIClient uye mamiriro maneja
Chikoro APIClient Nzira iri nyore yekuishandisa ndeye kuburikidza nemaneja wemamiriro. Zvose zvinoda kupfuudzwa kune imwe muenzaniso ye APIClient kirasi ndiyo mitsara yekubatanidza iyo yakatsanangurwa munhanho yapfuura.
with APIClient(client_args) as client:
Maneja wemamiriro ekunze haaite otomatiki kufona kune iyo API server, asi ichaita yekufona yekubuda kana yabuda. Kana nekuda kwechimwe chikonzero kubuda kusingadiwe mushure mekupedza kushanda neAPI mafoni, unofanirwa kutanga kushanda usingashandisi maneja wemamiriro ezvinhu:
client = APIClient(clieng_args)Muedzo wekubatanidza
Iyo iri nyore nzira yekutarisa kana iyo yekubatanidza inosangana neyakatarwa ma parameter kushandisa nzira check_fingerprint. Kana iyo yekusimbisa iyo sha1 hash sum yezvigunwe zve server API chitupa ikatadza (nzira yakadzoserwa venhema), saka izvi zvinowanzokonzerwa nezvinetso zvekubatanidza uye tinogona kumisa kuitwa kwechirongwa (kana kupa mushandisi mukana wekugadzirisa data rekubatanidza):
if client.check_fingerprint() is False:
print("Could not get the server's fingerprint - Check connectivity with the server.")
exit(1)
Ndapota cherechedza kuti mune ramangwana kirasi APIClient ichatarisa yega API kufona (maitiro api_call ΠΈ api_query, tichataura nezvavo zvishoma mberi) sha1 chitupa chemunwe pane API server. Asi kana, kana uchitarisa sha1 chigunwe cheiyo API server chitupa, chikanganiso chinoonekwa (chitupa hachizivikanwe kana chakashandurwa), nzira yacho. check_fingerprint ichapa mukana wekuwedzera / kushandura ruzivo pamusoro payo pamushini wemuno otomatiki. Cheki iyi inogona kuvharwa zvachose (asi izvi zvinogona kukurudzirwa chete kana zvinyorwa zvichiitwa paAPI server pachayo, painobatana ne127.0.0.1), uchishandisa APIClientArgs nharo - unsafe_auto_accept (ona zvimwe nezve APIClientArgs pakutanga mu "Kutsanangura maparamita ekubatanidza").
client_args = APIClientArgs(unsafe_auto_accept=True)Pinda kune API server
Π£ APIClient kune dzakawanda se3 nzira dzekupinda mukati meiyo API server, uye imwe neimwe yadzo inonzwisisa zvinoreva sid(session-id), iyo inoshandiswa otomatiki mune yega yega inotevera API kufona mumusoro (zita riri mumusoro weiyi parameter X-chkp-sid), saka hapana chikonzero chekuenderera mberi nekugadzirisa iyi parameter.
login nzira
Sarudzo uchishandisa login uye password (mumuenzaniso, zita rekushandisa admin uye password 1q2w3e zvinopfuudzwa senharo dzenharo):
login = client.login('admin', '1q2w3e') Mamwe maparamendi esarudzo anowanikwawo munzira yekupinda; heano mazita avo uye maitiro ekutanga:
continue_last_session=False, domain=None, read_only=False, payload=NoneLogin_with_api_key nzira
Sarudzo uchishandisa kiyi yeapi (inotsigirwa kutanga kubva kune manejimendi shanduro R80.40/Management API v1.6, "3TsbPJ8ZKjaJGvFyoFqHFA==" iyi ndiyo API kiyi kukosha kune mumwe wevashandisi pane manejimendi server ine API kiyi yekubvumidza nzira):
login = client.login_with_api_key('3TsbPJ8ZKjaJGvFyoFqHFA==') Munzira login_ne_api_kiyi zvakafanana sarudzo parameters anowanikwa semunzira Login.
login_as_root nzira
Sarudzo yekupinda kumuchina wemuno une API server:
login = client.login_as_root()Pane maviri chete esarudzo ma parameter aripo eiyi nzira:
domain=None, payload=NoneUye pakupedzisira API inozvidaidza
Isu tine sarudzo mbiri dzekuita API mafoni kuburikidza nenzira api_call ΠΈ api_query. Ngationei kuti musiyano uripi pakati pavo.
api_call
Iyi nzira inoshanda kune chero mafoni. Isu tinofanirwa kupfuudza chikamu chekupedzisira cheiyo api kufona uye kubhadhara mumutumbi wekukumbira kana zvichidikanwa. Kana payload isina chinhu, saka haigone kutamiswa zvachose:
api_versions = client.api_call('show-api-versions') Kubuda kwechikumbiro ichi pazasi pekucheka:
In [23]: api_versions
Out[23]:
APIResponse({
"data": {
"current-version": "1.6",
"supported-versions": [
"1",
"1.1",
"1.2",
"1.3",
"1.4",
"1.5",
"1.6"
]
},
"res_obj": {
"data": {
"current-version": "1.6",
"supported-versions": [
"1",
"1.1",
"1.2",
"1.3",
"1.4",
"1.5",
"1.6"
]
},
"status_code": 200
},
"status_code": 200,
"success": true
})
show_host = client.api_call('show-host', {'name' : 'h_8.8.8.8'})Kubuda kwechikumbiro ichi pazasi pekucheka:
In [25]: show_host
Out[25]:
APIResponse({
"data": {
"color": "black",
"comments": "",
"domain": {
"domain-type": "domain",
"name": "SMC User",
"uid": "41e821a0-3720-11e3-aa6e-0800200c9fde"
},
"groups": [],
"icon": "Objects/host",
"interfaces": [],
"ipv4-address": "8.8.8.8",
"meta-info": {
"creation-time": {
"iso-8601": "2020-05-01T21:49+0300",
"posix": 1588358973517
},
"creator": "admin",
"last-modifier": "admin",
"last-modify-time": {
"iso-8601": "2020-05-01T21:49+0300",
"posix": 1588358973517
},
"lock": "unlocked",
"validation-state": "ok"
},
"name": "h_8.8.8.8",
"nat-settings": {
"auto-rule": false
},
"read-only": false,
"tags": [],
"type": "host",
"uid": "c210af07-1939-49d3-a351-953a9c471d9e"
},
"res_obj": {
"data": {
"color": "black",
"comments": "",
"domain": {
"domain-type": "domain",
"name": "SMC User",
"uid": "41e821a0-3720-11e3-aa6e-0800200c9fde"
},
"groups": [],
"icon": "Objects/host",
"interfaces": [],
"ipv4-address": "8.8.8.8",
"meta-info": {
"creation-time": {
"iso-8601": "2020-05-01T21:49+0300",
"posix": 1588358973517
},
"creator": "admin",
"last-modifier": "admin",
"last-modify-time": {
"iso-8601": "2020-05-01T21:49+0300",
"posix": 1588358973517
},
"lock": "unlocked",
"validation-state": "ok"
},
"name": "h_8.8.8.8",
"nat-settings": {
"auto-rule": false
},
"read-only": false,
"tags": [],
"type": "host",
"uid": "c210af07-1939-49d3-a351-953a9c471d9e"
},
"status_code": 200
},
"status_code": 200,
"success": true
})
api_query
Rega ndiite chengetedzo ipapo ipapo kuti nzira iyi inoshanda chete kune mafoni anobuda anosanganisira offset. Kufungidzira kwakadaro kunoitika kana iine kana inogona kunge iine ruzivo rwakakura. Semuyenzaniso, ichi chinogona kunge chiri chikumbiro cherunyorwa rwezvese zvakasikwa zvinhu zvekugamuchira pane manejimendi server. Nezvikumbiro zvakadaro, API inodzosa runyoro rwezvinhu makumi mashanu nekusarudzika (unogona kuwedzera muganho kune 50 zvinhu mumhinduro). Uye kuti urege kudhonza ruzivo kakawanda nekushandura iyo yekubvisa parameter muchikumbiro cheAPI, pane api_query nzira inoita basa iri otomatiki. Mienzaniso yekufona panodiwa nzira iyi: show-sessions, show-hosts, show-networks, show-wildcards, show-groups, show-address-ranges, show-nyore-masuwo, show-nyore-clusters, show-access-roles, show-trusted-clients, show-packages. Muchokwadi, isu tinoona akawanda mazwi muzita reaya maAPI mafoni, saka aya mafoni anozove nyore kubata kuburikidza api_query
show_hosts = client.api_query('show-hosts') Kubuda kwechikumbiro ichi pazasi pekucheka:
In [21]: show_hosts
Out[21]:
APIResponse({
"data": [
{
"domain": {
"domain-type": "domain",
"name": "SMC User",
"uid": "41e821a0-3720-11e3-aa6e-0800200c9fde"
},
"ipv4-address": "192.168.47.1",
"name": "h_192.168.47.1",
"type": "host",
"uid": "5d7d7086-d70b-4995-971a-0583b15a2bfc"
},
{
"domain": {
"domain-type": "domain",
"name": "SMC User",
"uid": "41e821a0-3720-11e3-aa6e-0800200c9fde"
},
"ipv4-address": "8.8.8.8",
"name": "h_8.8.8.8",
"type": "host",
"uid": "c210af07-1939-49d3-a351-953a9c471d9e"
}
],
"res_obj": {
"data": {
"from": 1,
"objects": [
{
"domain": {
"domain-type": "domain",
"name": "SMC User",
"uid": "41e821a0-3720-11e3-aa6e-0800200c9fde"
},
"ipv4-address": "192.168.47.1",
"name": "h_192.168.47.1",
"type": "host",
"uid": "5d7d7086-d70b-4995-971a-0583b15a2bfc"
},
{
"domain": {
"domain-type": "domain",
"name": "SMC User",
"uid": "41e821a0-3720-11e3-aa6e-0800200c9fde"
},
"ipv4-address": "8.8.8.8",
"name": "h_8.8.8.8",
"type": "host",
"uid": "c210af07-1939-49d3-a351-953a9c471d9e"
}
],
"to": 2,
"total": 2
},
"status_code": 200
},
"status_code": 200,
"success": true
})
Kugadzirisa mhinduro dzemaAPI mafoni
Mushure meizvi unogona kushandisa zvinoshanduka uye nzira dzekirasi APIResponse(zvese mukati memaneja wemamiriro uye kunze). Kukirasi APIResponse 4 nzira uye 5 akasiyana zvakafanotsanangurwa; isu tichagara pane akanyanya kukosha mune zvakadzama.
budiriro
Kutanga, chingave chinhu chakanaka kuve nechokwadi chekuti API kufona kwakabudirira uye kudzosera mhedzisiro. Pane nzira yeizvi budiriro:
In [49]: api_versions.success
Out[49]: True
Inodzorera Chokwadi kana API call yabudirira (code remhinduro - 200) uye Nhema kana isina kubudirira (chero imwe kodhi yekupindura). Zviri nyore kushandisa nekukurumidza mushure mekufona kweAPI kuratidza ruzivo rwakasiyana zvichienderana nekodhi yekupindura.
if api_ver.success:
print(api_versions.data)
else:
print(api_versions.err_message) statuscode
Inodzosa kodhi yekupindura mushure mekufona kweAPI.
In [62]: api_versions.status_code
Out[62]: 400
Makodhi emhinduro anogona 200,400,401,403,404,409,500,501.
set_success_status
Muchiitiko ichi, zvingave zvakakosha kuchinja kukosha kwechimiro chekubudirira. Nehunyanzvi, iwe unogona kuisa chero chinhu ipapo, kunyangwe tambo yenguva dzose. Asi muenzaniso chaiwo unenge uri kuseta iyi parameter kuNhema pasi pemamwe mamiriro anoperekedza. Pazasi, teerera kune muenzaniso kana paine mabasa ari kushanda pane manejimendi server, asi isu tichafunga kuti chikumbiro ichi hachina kubudirira (tichaisa shanduko yebudiriro venhema, zvisinei nekuti iyo API kufona yakabudirira uye yakadzosa kodhi 200).
for task in task_result.data["tasks"]:
if task["status"] == "failed" or task["status"] == "partially succeeded":
task_result.set_success_status(False)
breakmhinduro()
Nzira yemhinduro inokutendera kuti utarise duramazwi nekodhi yekupindura (status_code) nemuviri wekupindura (muviri).
In [94]: api_versions.response()
Out[94]:
{'status_code': 200,
'data': {'current-version': '1.6',
'supported-versions': ['1', '1.1', '1.2', '1.3', '1.4', '1.5', '1.6']}}
dhata
Inokubvumira kuti uone chete muviri wemhinduro (muviri) pasina ruzivo rusina basa.
In [93]: api_versions.data
Out[93]:
{'current-version': '1.6',
'supported-versions': ['1', '1.1', '1.2', '1.3', '1.4', '1.5', '1.6']}
error_message
Ruzivo urwu runowanikwa chete kana chikanganiso chakaitika uchigadzira chikumbiro cheAPI (kodhi yekupindura kwete 200). Muenzaniso kubuda
In [107]: api_versions.error_message
Out[107]: 'code: generic_err_invalid_parameter_namenmessage: Unrecognized parameter [1]n'
Mienzaniso inobatsira
Iyi inotevera mienzaniso inoshandisa maAPI mafoni akawedzerwa mu Management API 1.6.
Kutanga, ngatitarisei kuti mafoni anoshanda sei add-host ΠΈ add-address-range. Ngatitii tinoda kugadzira kero dzese dzeIP dze subnet 192.168.0.0/24, yekupedzisira octet iri 5, sezvinhu zverudzi rweanotambira, uye nyora ese mamwe maIP kero sezvinhu zverudzi rwekero. Muchiitiko ichi, usasanganisa subnet kero uye kero yekutepfenyura.
Saka, pazasi pane script inogadzirisa dambudziko iri uye inogadzira 50 zvinhu zvemhando yemhando uye 51 zvinhu zvemhando yekero. Kugadzirisa dambudziko, 101 API mafoni anodiwa (kwete kuverenga yekupedzisira kushambadza kufona). Zvakare, tichishandisa iyo timeit module, tinoverenga nguva yainotora kuita script kusvika shanduko dzaburitswa.
Nyora uchishandisa add-host uye add-address-range
import timeit
from cpapi import APIClient, APIClientArgs
start = timeit.default_timer()
first_ip = 1
last_ip = 4
client_args = APIClientArgs(server="192.168.47.240")
with APIClient(client_args) as client:
login = client.login_with_api_key('3TsbPJ8ZKjaJGvFyoFqHFA==')
for ip in range(5,255,5):
add_host = client.api_call("add-host", {"name" : f"h_192.168.0.{ip}", "ip-address": f'192.168.0.{ip}'})
while last_ip < 255:
add_range = client.api_call("add-address-range", {"name": f"r_192.168.0.{first_ip}-{last_ip}", "ip-address-first": f"192.168.0.{first_ip}", "ip-address-last": f"192.168.0.{last_ip}"})
first_ip+=5
last_ip+=5
stop = timeit.default_timer()
publish = client.api_call("publish")
print(f'Time to execute batch request: {stop - start} seconds')
Munzvimbo yangu yerabhu, iyi script inotora pakati pe30 ne50 masekondi kuita, zvichienderana nemutoro uri pane manejimendi server.
Zvino ngationei kuti tingagadzirisa sei dambudziko rimwe chete uchishandisa API kufona wedzera-zvinhu-batch, rutsigiro rwakawedzerwa muAPI vhezheni 1.6. Kufona uku kunobvumidza iwe kuti ugadzire zvinhu zvakawanda kamwechete mune imwe API chikumbiro. Uyezve, izvi zvinogona kuva zvinhu zvemhando dzakasiyana (semuenzaniso, mauto, subnets uye kero renji). Nekudaro, basa redu rinogona kugadziriswa mukati meiyo imwe API kufona.
Nyora uchishandisa add-objects-batch
import timeit
from cpapi import APIClient, APIClientArgs
start = timeit.default_timer()
client_args = APIClientArgs(server="192.168.47.240")
objects_list_ip = []
objects_list_range = []
for ip in range(5,255,5):
data = {"name": f'h_192.168.0.{ip}', "ip-address": f'192.168.0.{ip}'}
objects_list_ip.append(data)
first_ip = 1
last_ip = 4
while last_ip < 255:
data = {"name": f"r_192.168.0.{first_ip}-{last_ip}", "ip-address-first": f"192.168.0.{first_ip}", "ip-address-last": f"192.168.0.{last_ip}"}
objects_list_range.append(data)
first_ip+=5
last_ip+=5
data_for_batch = {
"objects" : [ {
"type" : "host",
"list" : objects_list_ip
}, {
"type" : "address-range",
"list" : objects_list_range
}]
}
with APIClient(client_args) as client:
login = client.login_with_api_key('3TsbPJ8ZKjaJGvFyoFqHFA==')
add_objects_batch = client.api_call("add-objects-batch", data_for_batch)
stop = timeit.default_timer()
publish = client.api_call("publish")
print(f'Time to execute batch request: {stop - start} seconds')
Uye kumhanyisa script munzvimbo yangu yelabhu kunotora kubva ku3 kusvika ku7 masekondi, zvichienderana nemutoro uri pane manejimendi server. Kureva, paavhareji, pazvinhu 101 API, batch mhando yekufona inomhanya kagumi nekukurumidza. Panhamba huru yezvinhu musiyano unozonyanya kushamisa.
Zvino ngationei kuti tingashanda sei set-zvinhu-batch. Tichishandisa iyi API kufona, tinogona kushandura akawanda chero parameter. Ngatiise hafu yekutanga yemakero kubva kumuenzaniso wapfuura (kusvika .124 mauto, uye mitsara zvakare) kune ruvara sienna, uye tigovane ruvara khaki kuhafu yechipiri yekero.
Kushandura ruvara rwezvinhu zvakagadzirwa mumuenzaniso wekare
from cpapi import APIClient, APIClientArgs
client_args = APIClientArgs(server="192.168.47.240")
objects_list_ip_first = []
objects_list_range_first = []
objects_list_ip_second = []
objects_list_range_second = []
for ip in range(5,125,5):
data = {"name": f'h_192.168.0.{ip}', "color": "sienna"}
objects_list_ip_first.append(data)
for ip in range(125,255,5):
data = {"name": f'h_192.168.0.{ip}', "color": "khaki"}
objects_list_ip_second.append(data)
first_ip = 1
last_ip = 4
while last_ip < 125:
data = {"name": f"r_192.168.0.{first_ip}-{last_ip}", "color": "sienna"}
objects_list_range_first.append(data)
first_ip+=5
last_ip+=5
while last_ip < 255:
data = {"name": f"r_192.168.0.{first_ip}-{last_ip}", "color": "khaki"}
objects_list_range_second.append(data)
first_ip+=5
last_ip+=5
data_for_batch_first = {
"objects" : [ {
"type" : "host",
"list" : objects_list_ip_first
}, {
"type" : "address-range",
"list" : objects_list_range_first
}]
}
data_for_batch_second = {
"objects" : [ {
"type" : "host",
"list" : objects_list_ip_second
}, {
"type" : "address-range",
"list" : objects_list_range_second
}]
}
with APIClient(client_args) as client:
login = client.login_with_api_key('3TsbPJ8ZKjaJGvFyoFqHFA==')
set_objects_batch_first = client.api_call("set-objects-batch", data_for_batch_first)
set_objects_batch_second = client.api_call("set-objects-batch", data_for_batch_second)
publish = client.api_call("publish")
Unogona kudzima zvinhu zvakawanda mune imwe API kufona uchishandisa bvisa-zvinhu-batch. Zvino ngatitarisei muenzaniso wekodhi inobvisa ese makabati akagadzirwa kare kuburikidza wedzera-zvinhu-batch.
Kudzima zvinhu uchishandisa Delete-objects-batch
from cpapi import APIClient, APIClientArgs
client_args = APIClientArgs(server="192.168.47.240")
objects_list_ip = []
objects_list_range = []
for ip in range(5,255,5):
data = {"name": f'h_192.168.0.{ip}'}
objects_list_ip.append(data)
first_ip = 1
last_ip = 4
while last_ip < 255:
data = {"name": f"r_192.168.0.{first_ip}-{last_ip}"}
objects_list_range.append(data)
first_ip+=5
last_ip+=5
data_for_batch = {
"objects" : [ {
"type" : "host",
"list" : objects_list_ip
}, {
"type" : "address-range",
"list" : objects_list_range
}]
}
with APIClient(client_args) as client:
login = client.login_with_api_key('3TsbPJ8ZKjaJGvFyoFqHFA==')
delete_objects_batch = client.api_call("delete-objects-batch", data_for_batch)
publish = client.api_call("publish")
print(delete_objects_batch.data)
Ese mabasa anoonekwa mukuburitswa kutsva kweCheck Point software pakarepo tora maAPI mafoni. Saka, muR80.40 "maficha" akadaro Revert to revision uye Smart Task yakaonekwa, uye inoenderana API mafoni akagadzirirwa ipapo ipapo. Zvakare, mashandiro ese kana achifamba kubva kuLegacy consoles kuenda kuUnified Policy modhi zvakare anowana API rutsigiro. Semuenzaniso, iyo yakamirirwa kwenguva refu mushanduro yesoftware R80.40 kwaive kufambisa kweHTTPS Inspection policy kubva kuLegacy modhi kuenda kuUnified Policy mode, uye kushanda uku kwakakurumidza kugamuchira API mafoni. Heino muenzaniso wekodhi inowedzera mutemo panzvimbo yepamusoro yeHTTPS Inspection policy isingabatanidzi zvikamu zvitatu kubva pakuongorora (Health, Finance, Government Services), izvo zvinorambidzwa kuongororwa maererano nemutemo munyika dzakawanda.
Wedzera mutemo kune HTTPS Inspection policy
from cpapi import APIClient, APIClientArgs
client_args = APIClientArgs(server="192.168.47.240")
data = {
"layer" : "Default Layer",
"position" : "top",
"name" : "Legal Requirements",
"action": "bypass",
"site-category": ["Health", "Government / Military", "Financial Services"]
}
with APIClient(client_args) as client:
login = client.login_with_api_key('3TsbPJ8ZKjaJGvFyoFqHFA==')
add_https_rule = client.api_call("add-https-rule", data)
publish = client.api_call("publish")
Kumhanyisa Python zvinyorwa paCheck Point management server
Zvose zvakafanana ine ruzivo rwekuti ungamhanyisa sei zvinyorwa zvePython zvakananga kubva kune control server. Izvi zvinogona kuve nyore kana iwe usingakwanise kubatana neiyo API server kubva kune mumwe muchina. Ndakarekodha vhidhiyo yemaminetsi matanhatu mandiri kutarisa kuisa module cpapi uye maficha ekumhanyisa Python scripts pane control server. Semuenzaniso, script inomhanya iyo inogadzirisa kugadziridzwa kwegedhi idzva rebasa rakadai se network auditing. Security CheckUp. Pakati pezvinhu zvandaifanira kubata nazvo: basa racho harisati raonekwa muPython 2.7 chiyamuro, saka kugadzirisa ruzivo rwunopinda nemushandisi, basa rinoshandiswa mbishi_input. Zvikasadaro, iyo kodhi yakafanana neyekutanga kubva kune mamwe machina, chete zviri nyore kushandisa basa racho login_as_root, kuitira kuti usataure zita rako rekushandisa, password uye IP kero ye server manejimendi zvakare.
Script yekukurumidza kuseta yeSecurity CheckUp
from __future__ import print_function
import getpass
import sys, os
sys.path.append(os.path.abspath(os.path.join(os.path.dirname(__file__), '..')))
from cpapi import APIClient, APIClientArgs
def main():
with APIClient() as client:
# if client.check_fingerprint() is False:
# print("Could not get the server's fingerprint - Check connectivity with the server.")
# exit(1)
login_res = client.login_as_root()
if login_res.success is False:
print("Login failed:n{}".format(login_res.error_message))
exit(1)
gw_name = raw_input("Enter the gateway name:")
gw_ip = raw_input("Enter the gateway IP address:")
if sys.stdin.isatty():
sic = getpass.getpass("Enter one-time password for the gateway(SIC): ")
else:
print("Attention! Your password will be shown on the screen!")
sic = raw_input("Enter one-time password for the gateway(SIC): ")
version = raw_input("Enter the gateway version(like RXX.YY):")
add_gw = client.api_call("add-simple-gateway", {'name' : gw_name, 'ipv4-address' : gw_ip, 'one-time-password' : sic, 'version': version.capitalize(), 'application-control' : 'true', 'url-filtering' : 'true', 'ips' : 'true', 'anti-bot' : 'true', 'anti-virus' : 'true', 'threat-emulation' : 'true'})
if add_gw.success and add_gw.data['sic-state'] != "communicating":
print("Secure connection with the gateway hasn't established!")
exit(1)
elif add_gw.success:
print("The gateway was added successfully.")
gw_uid = add_gw.data['uid']
gw_name = add_gw.data['name']
else:
print("Failed to add the gateway - {}".format(add_gw.error_message))
exit(1)
change_policy = client.api_call("set-access-layer", {"name" : "Network", "applications-and-url-filtering": "true", "content-awareness": "true"})
if change_policy.success:
print("The policy has been changed successfully")
else:
print("Failed to change the policy- {}".format(change_policy.error_message))
change_rule = client.api_call("set-access-rule", {"name" : "Cleanup rule", "layer" : "Network", "action": "Accept", "track": {"type": "Detailed Log", "accounting": "true"}})
if change_rule.success:
print("The cleanup rule has been changed successfully")
else:
print("Failed to change the cleanup rule- {}".format(change_rule.error_message))
# publish the result
publish_res = client.api_call("publish", {})
if publish_res.success:
print("The changes were published successfully.")
else:
print("Failed to publish the changes - {}".format(install_tp_policy.error_message))
install_access_policy = client.api_call("install-policy", {"policy-package" : "Standard", "access" : 'true', "threat-prevention" : 'false', "targets" : gw_uid})
if install_access_policy.success:
print("The access policy has been installed")
else:
print("Failed to install access policy - {}".format(install_tp_policy.error_message))
install_tp_policy = client.api_call("install-policy", {"policy-package" : "Standard", "access" : 'false', "threat-prevention" : 'true', "targets" : gw_uid})
if install_tp_policy.success:
print("The threat prevention policy has been installed")
else:
print("Failed to install threat prevention policy - {}".format(install_tp_policy.error_message))
# add passwords and passphrases to dictionary
with open('additional_pass.conf') as f:
line_num = 0
for line in f:
line_num += 1
add_password_dictionary = client.api_call("run-script", {"script-name" : "Add passwords and passphrases", "script" : "printf "{}" >> $FWDIR/conf/additional_pass.conf".format(line), "targets" : gw_name})
if add_password_dictionary.success:
print("The password dictionary line {} was added successfully".format(line_num))
else:
print("Failed to add the dictionary - {}".format(add_password_dictionary.error_message))
main() Imwe faira ine password duramazwi rekuwedzera_pass.conf
{
"passwords" : ["malware","malicious","infected","Infected"],
"phrases" : ["password","Password","Pass","pass","codigo","key","pwd","ΠΏΠ°ΡΠΎΠ»Ρ","ΠΠ°ΡΠΎΠ»Ρ","ΠΠ»ΡΡ","ΠΊΠ»ΡΡ","ΡΠΈΡΡ","Π¨ΠΈΡΡ"]
}
mhedziso
Ichi chinyorwa chinoongorora chete mikana yekutanga yebasa Python SDK uye module cpapi(sezvaungave wakafungidzira, aya ndiwo anonyanya kufanana), uye nekudzidza kodhi mune ino module iwe unowana mimwe mikana yekushanda nayo. Zvinogoneka kuti iwe uchada kuiwedzera neako makirasi, mabasa, maitiro uye akasiyana. Iwe unogona kugara uchigovera basa rako uye kuona mamwe magwaro eCheck Point muchikamu munharaunda , iyo inounza pamwechete vese vanogadzira zvigadzirwa nevashandisi.
Kufara kukodha uye kutenda nekuverenga kusvika kumagumo!
Source: www.habr.com