Simba rakazara rekudyidzana nemaAPI rinoratidzwa kana richishandiswa pamwe chete nekodhi yepurogiramu, apo mikana inomuka yekugadzira zvine simba zvikumbiro zveAPI uye zvishandiso zvekuongorora mhinduro dzeAPI. Zvisinei, inoramba ichionekwa zvishoma Python Software Development Kit (inozonzi Python SDK) ye Check Point Management API, asi pasina. Inoita kuti hupenyu huve nyore kune vanogadzira uye otomatiki vanofarira. Python yakawana mukurumbira wakakura nguva pfupi yadarika uye ndakafunga kuzadza gomba uye kuongorora iwo makuru maficha . Ichi chinyorwa chinoshanda seyakanakisa mubatsiri kune chimwe chinyorwa paHabr . Tichatarisa manyorero ekunyora tichishandisa Python SDK uye togara mune zvakadzama pamusoro pekushanda kutsva kweManagement API mushanduro 1.6 (inotsigirwa kubva R80.40). Kuti unzwisise chinyorwa, iwe unozoda ruzivo rwekutanga rwekushanda neAPI nePython.
Check Point iri kushingaira kugadzira maAPIs uye parizvino zvinotevera zvakaburitswa:
- - shanda nesevha yekutarisira kuburikidza neAPI (uye kugona kuita zvinyorwa pamagedhi pasi pekutonga kwesevha yekutarisira)
- - kushanda nemasuwo ekuchengetedza
- - kushanda nebhokisi rejecha muCheck Point gore
- - kushanda neIdentity Awareness blade pamagedhi
- - kushanda neSMB gedhi manejimendi portal ()
- -Kudyidzana neIoT controllers
- - kushanda pamwe (SD-WAN kuchengetedza mhinduro)
- - kushanda pamwe
Iyo Python SDK parizvino inotsigira kudyidzana neManagement API uye Gaia APITichavhara makirasi akanyanya kukosha, nzira uye akasiyana mune ino module.
Kuisa module
Module cpapi Inoisa nekukurumidza uye nyore kubva nerubatsiro Pip. Yakadzama yekuisa mirayiridzo inowanikwa mu . Iyi module yakagadziridzwa kushanda nePython shanduro 2.7 uye 3.7. Muchikamu chino, mienzaniso ichapihwa uchishandisa Python 3.7. Nekudaro, Python SDK inogona kumhanya yakananga kubva kuCheck Point management server (Smart Management), asi Python 2.7 chete inotsigirwa pavari, saka iyo kodhi yevhezheni 2.7 ichapihwa muchikamu chekupedzisira. Pakarepo mushure mekuisa module, ini ndinokurudzira kutarisa mienzaniso mumadhairekitori mienzaniso_python2 и mienzaniso_python3.
kutanga
Kuti isu tikwanise kushanda nezvikamu zveiyo cpapi module, isu tinofanirwa kuiunza kubva kune module. cpapi angangoita maviri makirasi anodiwa:
APIClient и APIClientArgs
from cpapi import APIClient, APIClientArgs
Chikoro APIClientArgs ine basa remaparamita ekubatanidza kune API server, uye kirasi APIClient Inoita basa rekudyidzana neiyo API.
Isu tinotsanangura maparameter ekubatanidza
Kuti utsanangure akasiyana ekubatanidza ma paramita kune API, iwe unofanirwa kugadzira muenzaniso wekirasi APIClientArgsMuchidimbu, maparamita ayo anofanotsanangurwa uye kana uchimhanyisa script pane manejimendi server, haidi kutaurwa.
client_args = APIClientArgs()Asi kana uchimhanya pane wechitatu-bato rinogamuchira, iwe unofanirwa kutsanangura kanenge IP kero kana zita rekutambira reiyo API server (aka maneja server). Mumuenzaniso uri pazasi, tinotsanangura iyo sevha yekubatanidza paramende uye tinoipa iyo IP kero ye server manejimendi setambo.
client_args = APIClientArgs(server='192.168.47.241')Ngatitarisei ese ma parameter uye maitiro avo ekutanga anogona kushandiswa kana achibatanidza kune API server:
Nharo dze __init__ nzira ye APIClientArgs kirasi
class APIClientArgs:
"""
This class provides arguments for APIClient configuration.
All the arguments are configured with their default values.
"""
# port is set to None by default, but it gets replaced with 443 if not specified
# context possible values - web_api (default) or gaia_api
def __init__(self, port=None, fingerprint=None, sid=None, server="127.0.0.1", http_debug_level=0,
api_calls=None, debug_file="", proxy_host=None, proxy_port=8080,
api_version=None, unsafe=False, unsafe_auto_accept=False, context="web_api"):
self.port = port
# management server fingerprint
self.fingerprint = fingerprint
# session-id.
self.sid = sid
# management server name or IP-address
self.server = server
# debug level
self.http_debug_level = http_debug_level
# an array with all the api calls (for debug purposes)
self.api_calls = api_calls if api_calls else []
# name of debug file. If left empty, debug data will not be saved to disk.
self.debug_file = debug_file
# HTTP proxy server address (without "http://")
self.proxy_host = proxy_host
# HTTP proxy port
self.proxy_port = proxy_port
# Management server's API version
self.api_version = api_version
# Indicates that the client should not check the server's certificate
self.unsafe = unsafe
# Indicates that the client should automatically accept and save the server's certificate
self.unsafe_auto_accept = unsafe_auto_accept
# The context of using the client - defaults to web_api
self.context = contextIni ndinotenda kuti nharo dzinogona kushandiswa muzviitiko zve APIClientArgs kirasi inonzwisisika kune Check Point maneja uye haidi mamwe maratidziro.
Kubatanidza kuburikidza ne APIClient uye mamiriro maneja
Chikoro APIClient Izvo zvakanyanya nyore kushandisa kuburikidza neiyo mamiriro maneja. Zvese zvinoda kupfuudzwa kune APIClient kirasi muenzaniso ndiyo yekubatanidza paramita yakatsanangurwa munhanho yapfuura.
with APIClient(client_args) as client:
Maneja wemamiriro ekunze haaite otomatiki kufona kune iyo API server, asi ichaita yekufona yekubuda kana ichibuda. Kana nekuda kwechimwe chikonzero kubuda kusingadiwe mushure mekupedza kushanda neAPI mafoni, unofanirwa kutanga kushanda usingashandisi maneja wemamiriro ezvinhu:
client = APIClient(clieng_args)Muedzo wekubatanidza
Nzira iri nyore yekutarisa kana kubatana kuri kuenda zvinoenderana neyakatsanangurwa paramita kushandisa nzira check_fingerprint. Kana iyo sha1 hash cheki yeAPI server setifiketi zvigunwe zvakatadza (nzira yakadzoswa venhema), saka izvi zvinowanzokonzerwa nematambudziko ekubatanidza uye isu tinogona kumisa chirongwa (kana kupa mushandisi mukana wekugadzirisa data rekubatanidza):
if client.check_fingerprint() is False:
print("Could not get the server's fingerprint - Check connectivity with the server.")
exit(1)
Ndapota cherechedza kuti mune ramangwana kirasi APIClient ichatarisa pane yega API kufona (maitiro api_call и api_query, tichataura nezvavo zvishoma mberi) sha1 zvigunwe zvemunwe zvechitupa pane API server. Asi kana chikanganiso chikaonekwa pakutarisa sha1 chigunwe cheiyo API server setifiketi (chitupa hachizivikanwe kana chakashandurwa), iyo nzira. check_fingerprint ichapa kugona kuwedzera / kushandura ruzivo nezvayo pamushini wemuno otomatiki. Cheki iyi inogona kuvharwa zvachose (asi izvi zvinongogona kukurudzirwa munyaya yekushandisa zvinyorwa paAPI server pachayo, kana ichibatanidza ku127.0.0.1), uchishandisa APIClientArgs nharo - unsafe_auto_accept (ona zvimwe nezve APIClientArgs pakutanga mu "Kutsanangura maparamita ekubatanidza").
client_args = APIClientArgs(unsafe_auto_accept=True)Pinda kune API server
У APIClient kune dzakawanda se3 nzira dzekupinda mu API server, uye imwe neimwe yadzo inorangarira kukosha sid(session-id), iyo inoshandiswa otomatiki mune yega yega inotevera API kufona mumusoro (zita riri mumusoro weiyi parameter ndere X-chkp-sid), saka hapana chikonzero chekuenderera mberi nekugadzirisa iyi parameter.
Login nzira
Sarudzo uchishandisa login uye password (mumuenzaniso, zita rekushandisa admin uye password 1q2w3e zvinopfuudzwa senzvimbo dzenharo):
login = client.login('admin', '1q2w3e') Iyo nzira yekupinda ine zvakare yekuwedzera sarudzo ma parameter aripo, heano mazita avo uye default values:
continue_last_session=False, domain=None, read_only=False, payload=NoneMethod login_with_api_key
Sarudzo uchishandisa kiyi yeAPI (inotsigirwa kutanga kubva kune manejimendi shanduro R80.40/Management API v1.6, "3TsbPJ8ZKjaJGvFyoFqHFA==" iyi ndiyo API kiyi kukosha kune mumwe wevashandisi pane manejimendi server ine API kiyi yekubvumidza nzira):
login = client.login_with_api_key('3TsbPJ8ZKjaJGvFyoFqHFA==') Munzira login_ne_api_kiyi zvakafanana sarudzo parameters anowanikwa semunzira Login.
login_as_root nzira
Sarudzo yekupinda kumuchina wemuno une API server:
login = client.login_as_root()Pane maviri chete esarudzo ma parameter aripo eiyi nzira:
domain=None, payload=NoneUye pakupedzisira iyo API inozvidaidza ivo pachavo
Isu tine sarudzo mbiri dzekuita API mafoni kuburikidza nenzira api_call и api_query. Ngationei kuti musiyano uripi pakati pavo.
api_call
Iyi nzira inoshanda kune chero mafoni. Isu tinofanirwa kupfuudza chikamu chekupedzisira cheiyo api kufona uye kubhadhara mumutumbi wekukumbira kana zvichidikanwa. Kana iyo payload isina chinhu, saka inogona kusiiwa zvachose:
api_versions = client.api_call('show-api-versions') Zvakabuda zvechikumbiro ichi zviri pazasi pekuchekwa:
In [23]: api_versions
Out[23]:
APIResponse({
"data": {
"current-version": "1.6",
"supported-versions": [
"1",
"1.1",
"1.2",
"1.3",
"1.4",
"1.5",
"1.6"
]
},
"res_obj": {
"data": {
"current-version": "1.6",
"supported-versions": [
"1",
"1.1",
"1.2",
"1.3",
"1.4",
"1.5",
"1.6"
]
},
"status_code": 200
},
"status_code": 200,
"success": true
})
show_host = client.api_call('show-host', {'name' : 'h_8.8.8.8'})Zvakabuda zvechikumbiro ichi zviri pazasi pekuchekwa:
In [25]: show_host
Out[25]:
APIResponse({
"data": {
"color": "black",
"comments": "",
"domain": {
"domain-type": "domain",
"name": "SMC User",
"uid": "41e821a0-3720-11e3-aa6e-0800200c9fde"
},
"groups": [],
"icon": "Objects/host",
"interfaces": [],
"ipv4-address": "8.8.8.8",
"meta-info": {
"creation-time": {
"iso-8601": "2020-05-01T21:49+0300",
"posix": 1588358973517
},
"creator": "admin",
"last-modifier": "admin",
"last-modify-time": {
"iso-8601": "2020-05-01T21:49+0300",
"posix": 1588358973517
},
"lock": "unlocked",
"validation-state": "ok"
},
"name": "h_8.8.8.8",
"nat-settings": {
"auto-rule": false
},
"read-only": false,
"tags": [],
"type": "host",
"uid": "c210af07-1939-49d3-a351-953a9c471d9e"
},
"res_obj": {
"data": {
"color": "black",
"comments": "",
"domain": {
"domain-type": "domain",
"name": "SMC User",
"uid": "41e821a0-3720-11e3-aa6e-0800200c9fde"
},
"groups": [],
"icon": "Objects/host",
"interfaces": [],
"ipv4-address": "8.8.8.8",
"meta-info": {
"creation-time": {
"iso-8601": "2020-05-01T21:49+0300",
"posix": 1588358973517
},
"creator": "admin",
"last-modifier": "admin",
"last-modify-time": {
"iso-8601": "2020-05-01T21:49+0300",
"posix": 1588358973517
},
"lock": "unlocked",
"validation-state": "ok"
},
"name": "h_8.8.8.8",
"nat-settings": {
"auto-rule": false
},
"read-only": false,
"tags": [],
"type": "host",
"uid": "c210af07-1939-49d3-a351-953a9c471d9e"
},
"status_code": 200
},
"status_code": 200,
"success": true
})
api_query
Rega ndiite chengetedzo ipapo ipapo kuti nzira iyi inoshanda chete kune mafoni, kubuda kwayo kunotora kukanganisa. Kubuda kwakadaro kunoitika kana iine kana ichigona kuve neruzivo rwakakura. Semuyenzaniso, ichi chinogona kunge chiri chikumbiro cherondedzero yezvinhu zvese zvakagadzirwa zvemhando yemhando pane manejimendi server. Nezvikumbiro zvakadaro, API inodzosa runyoro rwezvinhu makumi mashanu nekusarudzika (unogona kuwedzera muganho kune 50 zvinhu mumhinduro). Uye kuti urege kudhonza ruzivo kakawanda, kushandura iyo yekubvisa parameter muchikumbiro cheAPI, pane nzira api_query, inoita basa iri otomatiki. Mienzaniso yekufona panodiwa nzira iyi: show-sessions, show-hosts, show-networks, show-wildcards, show-groups, show-address-ranges, show-nyore-masuwo, show-nyore-clusters, show-access-roles, show-trusted-clients, show-packages. Muchokwadi, muzita reaya maAPI mafoni tinoona mazwi muuzhinji, saka aya mafoni anozove nyore kubata kuburikidza api_query
show_hosts = client.api_query('show-hosts') Zvakabuda zvechikumbiro ichi zviri pazasi pekuchekwa:
In [21]: show_hosts
Out[21]:
APIResponse({
"data": [
{
"domain": {
"domain-type": "domain",
"name": "SMC User",
"uid": "41e821a0-3720-11e3-aa6e-0800200c9fde"
},
"ipv4-address": "192.168.47.1",
"name": "h_192.168.47.1",
"type": "host",
"uid": "5d7d7086-d70b-4995-971a-0583b15a2bfc"
},
{
"domain": {
"domain-type": "domain",
"name": "SMC User",
"uid": "41e821a0-3720-11e3-aa6e-0800200c9fde"
},
"ipv4-address": "8.8.8.8",
"name": "h_8.8.8.8",
"type": "host",
"uid": "c210af07-1939-49d3-a351-953a9c471d9e"
}
],
"res_obj": {
"data": {
"from": 1,
"objects": [
{
"domain": {
"domain-type": "domain",
"name": "SMC User",
"uid": "41e821a0-3720-11e3-aa6e-0800200c9fde"
},
"ipv4-address": "192.168.47.1",
"name": "h_192.168.47.1",
"type": "host",
"uid": "5d7d7086-d70b-4995-971a-0583b15a2bfc"
},
{
"domain": {
"domain-type": "domain",
"name": "SMC User",
"uid": "41e821a0-3720-11e3-aa6e-0800200c9fde"
},
"ipv4-address": "8.8.8.8",
"name": "h_8.8.8.8",
"type": "host",
"uid": "c210af07-1939-49d3-a351-953a9c471d9e"
}
],
"to": 2,
"total": 2
},
"status_code": 200
},
"status_code": 200,
"success": true
})
Kugadzira API yekufona mhinduro
Mushure meizvi, unogona kushandisa zvinoshanduka uye nzira dzekirasi. APIResponse(zvese mukati nekunze kwemaneja wemukati). Kirasi APIResponse Kune nzira ina dzakafanotsanangurwa uye 4 akasiyana, isu tichagara pane akanyanya kukosha mune zvakadzama.
budiriro
Chekutanga, zvingave zvakanaka kuve nechokwadi chekuti API kufona kwakabudirira uye kudzosera mhedzisiro. Pane nzira yeizvi budiriro:
In [49]: api_versions.success
Out[49]: True
Inodzorera Chokwadi kana API call yabudirira (Response code - 200) uye Nhema kana isina kubudirira (chero imwe kodhi yekupindura). Yakanakira kushandisa nekukurumidza mushure mekufona kweAPI kuratidza ruzivo rwakasiyana zvichienderana nekodhi yekupindura.
if api_ver.success:
print(api_versions.data)
else:
print(api_versions.err_message) status code
Inodzosa kodhi yekupindura mushure mekufona paAPI.
In [62]: api_versions.status_code
Out[62]: 400
Makodhi emhinduro anogona 200,400,401,403,404,409,500,501.
set_success_status
Muchiitiko ichi, zvingave zvakakosha kuchinja kukosha kwechimiro chekubudirira. Nehunyanzvi, iwe unogona kuisa chero chinhu ipapo, kunyangwe tambo yenguva dzose. Asi muenzaniso chaiwo unenge uri kuseta iyi parameter kuNhema pasi pemamwe mamiriro anoperekedza. Pazasi, teerera kumuenzaniso kana paine mabasa ari kushanda pane manejimendi server, asi isu tichafunga kuti chikumbiro ichi hachina kubudirira (tichaisa budiriro inosiyana venhema, zvisinei nekuti iyo API kufona yakabudirira uye yakadzosa kodhi 200).
for task in task_result.data["tasks"]:
if task["status"] == "failed" or task["status"] == "partially succeeded":
task_result.set_success_status(False)
breakmhinduro()
Nzira yemhinduro inokutendera kuti utarise duramazwi rine kodhi yekupindura (status_code) nemuviri wekupindura (muviri).
In [94]: api_versions.response()
Out[94]:
{'status_code': 200,
'data': {'current-version': '1.6',
'supported-versions': ['1', '1.1', '1.2', '1.3', '1.4', '1.5', '1.6']}}
dhata
Inokutendera kuti uone chete mutumbi wekupindura pasina ruzivo rusina basa.
In [93]: api_versions.data
Out[93]:
{'current-version': '1.6',
'supported-versions': ['1', '1.1', '1.2', '1.3', '1.4', '1.5', '1.6']}
error_message
Ruzivo urwu runowanikwa chete kana chikanganiso chakaitika uchigadzira chikumbiro cheAPI (kodhi yekupindura kwete 200). Output muenzaniso
In [107]: api_versions.error_message
Out[107]: 'code: generic_err_invalid_parameter_namenmessage: Unrecognized parameter [1]n'
Mienzaniso inobatsira
Mienzaniso inotevera inoshandisa maAPI mafoni akawedzerwa muManagement API vhezheni 1.6.
Ngatitangei nekutarisa kuti mafoni anoshanda sei. add-host и add-address-range. Ngatitii tinoda kugadzira kero dzese dzeIP dze192.168.0.0/24 subnet, yekupedzisira octet iri 5, semhando yemhando yezvinhu, uye nyora mamwe ese eIP kero senge kero mhando yemhando zvinhu. Muchiitiko ichi, usasanganisa subnet kero uye kero yekutepfenyura.
Saka, pazasi pane script inogadzirisa dambudziko iri uye inogadzira makumi mashanu emhando yemhando zvinhu uye 50 kero mhando yemhando zvinhu. Kugadzirisa dambudziko kunoda 51 API mafoni (kwete kuverenga yekupedzisira kushambadza kufona). Zvakare, tichishandisa iyo timeit module, tinoverenga nguva yainotora kuita script kusvika shanduko dzaburitswa.
Nyora uchishandisa add-host uye add-address-range
import timeit
from cpapi import APIClient, APIClientArgs
start = timeit.default_timer()
first_ip = 1
last_ip = 4
client_args = APIClientArgs(server="192.168.47.240")
with APIClient(client_args) as client:
login = client.login_with_api_key('3TsbPJ8ZKjaJGvFyoFqHFA==')
for ip in range(5,255,5):
add_host = client.api_call("add-host", {"name" : f"h_192.168.0.{ip}", "ip-address": f'192.168.0.{ip}'})
while last_ip < 255:
add_range = client.api_call("add-address-range", {"name": f"r_192.168.0.{first_ip}-{last_ip}", "ip-address-first": f"192.168.0.{first_ip}", "ip-address-last": f"192.168.0.{last_ip}"})
first_ip+=5
last_ip+=5
stop = timeit.default_timer()
publish = client.api_call("publish")
print(f'Time to execute batch request: {stop - start} seconds')
Munzvimbo yangu yerabhu, iyi script inotora pakati pe30 uye 50 masekondi kuita, zvichienderana nemutoro uri pane manejimendi server.
Zvino ngationei kuti tingagadzirisa sei dambudziko rimwe chete uchishandisa API kufona wedzera-zvinhu-batch, rutsigiro rwakawedzerwa muAPI vhezheni 1.6. Kufona uku kunokutendera kuti ugadzire zvinhu zvakawanda kamwechete muchikumbiro chimwe cheAPI. Uyezve, izvi zvinogona kuva zvinhu zvemhando dzakasiyana (semuenzaniso, mauto, subnets uye kero renji). Nekudaro, basa redu rinogona kugadziriswa mukati meiyo imwe API kufona.
Nyora uchishandisa add-objects-batch
import timeit
from cpapi import APIClient, APIClientArgs
start = timeit.default_timer()
client_args = APIClientArgs(server="192.168.47.240")
objects_list_ip = []
objects_list_range = []
for ip in range(5,255,5):
data = {"name": f'h_192.168.0.{ip}', "ip-address": f'192.168.0.{ip}'}
objects_list_ip.append(data)
first_ip = 1
last_ip = 4
while last_ip < 255:
data = {"name": f"r_192.168.0.{first_ip}-{last_ip}", "ip-address-first": f"192.168.0.{first_ip}", "ip-address-last": f"192.168.0.{last_ip}"}
objects_list_range.append(data)
first_ip+=5
last_ip+=5
data_for_batch = {
"objects" : [ {
"type" : "host",
"list" : objects_list_ip
}, {
"type" : "address-range",
"list" : objects_list_range
}]
}
with APIClient(client_args) as client:
login = client.login_with_api_key('3TsbPJ8ZKjaJGvFyoFqHFA==')
add_objects_batch = client.api_call("add-objects-batch", data_for_batch)
stop = timeit.default_timer()
publish = client.api_call("publish")
print(f'Time to execute batch request: {stop - start} seconds')
Uye kuitwa kwechinyorwa ichi munzvimbo yangu yelabhu kunotora kubva ku3 kusvika kumasekondi manomwe zvichienderana nekuremerwa pane manejimendi server. Kureva, paavhareji, pazvinhu 7, iyo API yekufona yemhando yebatch inoshanda kagumi nekukurumidza. Panhamba huru yezvinhu, mutsauko uchanyanya kushamisa.
Zvino ngationei kuti tingashanda sei set-zvinhu-batch. Neiyi API kufona tinogona kushandura chero parameter muhuwandu. Ngatiisei hafu yekutanga yemakero kubva kumuenzaniso wapfuura (kusvika .124 mauto, uye mitsara zvakare) kune ruvara sienna, uye tipe chikamu chechipiri chekero kune ruvara khaki.
Kushandura ruvara rwezvinhu zvakagadzirwa mumuenzaniso wapfuura
from cpapi import APIClient, APIClientArgs
client_args = APIClientArgs(server="192.168.47.240")
objects_list_ip_first = []
objects_list_range_first = []
objects_list_ip_second = []
objects_list_range_second = []
for ip in range(5,125,5):
data = {"name": f'h_192.168.0.{ip}', "color": "sienna"}
objects_list_ip_first.append(data)
for ip in range(125,255,5):
data = {"name": f'h_192.168.0.{ip}', "color": "khaki"}
objects_list_ip_second.append(data)
first_ip = 1
last_ip = 4
while last_ip < 125:
data = {"name": f"r_192.168.0.{first_ip}-{last_ip}", "color": "sienna"}
objects_list_range_first.append(data)
first_ip+=5
last_ip+=5
while last_ip < 255:
data = {"name": f"r_192.168.0.{first_ip}-{last_ip}", "color": "khaki"}
objects_list_range_second.append(data)
first_ip+=5
last_ip+=5
data_for_batch_first = {
"objects" : [ {
"type" : "host",
"list" : objects_list_ip_first
}, {
"type" : "address-range",
"list" : objects_list_range_first
}]
}
data_for_batch_second = {
"objects" : [ {
"type" : "host",
"list" : objects_list_ip_second
}, {
"type" : "address-range",
"list" : objects_list_range_second
}]
}
with APIClient(client_args) as client:
login = client.login_with_api_key('3TsbPJ8ZKjaJGvFyoFqHFA==')
set_objects_batch_first = client.api_call("set-objects-batch", data_for_batch_first)
set_objects_batch_second = client.api_call("set-objects-batch", data_for_batch_second)
publish = client.api_call("publish")
Unogona kudzima zvinhu zvakawanda mune imwe API kufona uchishandisa bvisa-zvinhu-batch. Iye zvino ngatitarisei muenzaniso wekodhi inodzima ese makabati akagadzirwa kare kuburikidza wedzera-zvinhu-batch.
Kudzima zvinhu neDelete-Objects-batch
from cpapi import APIClient, APIClientArgs
client_args = APIClientArgs(server="192.168.47.240")
objects_list_ip = []
objects_list_range = []
for ip in range(5,255,5):
data = {"name": f'h_192.168.0.{ip}'}
objects_list_ip.append(data)
first_ip = 1
last_ip = 4
while last_ip < 255:
data = {"name": f"r_192.168.0.{first_ip}-{last_ip}"}
objects_list_range.append(data)
first_ip+=5
last_ip+=5
data_for_batch = {
"objects" : [ {
"type" : "host",
"list" : objects_list_ip
}, {
"type" : "address-range",
"list" : objects_list_range
}]
}
with APIClient(client_args) as client:
login = client.login_with_api_key('3TsbPJ8ZKjaJGvFyoFqHFA==')
delete_objects_batch = client.api_call("delete-objects-batch", data_for_batch)
publish = client.api_call("publish")
print(delete_objects_batch.data)
Ese mabasa anoonekwa mune nyowani Check Point software inoburitswa pakarepo inowana API mafoni. Saka, muR80.40 "maficha" akadaro seKudzokera kudzokororo uye Smart Task yakaonekwa, uye inoenderana API mafoni akagadzirirwa ipapo ipapo. Zvakare, mashandiro ese kana achichinja kubva kuLegacy consoles kuenda kuUnified Policy modhi zvakare anowana API rutsigiro. Semuenzaniso, yakamirirwa kwenguva refu mushanduro yesoftware yeR80.40 kwaive kutama kweHTTPS Inspection policy kubva kuLegacy modhi kuenda kuUnified Policy modhi, uye kushanda uku kwakakurumidza kugamuchira API mafoni. Heino muenzaniso wekodhi inowedzera mutemo kune chinzvimbo chepamusoro cheHTTPS Inspection policy isingabatanidzi zvikamu zvitatu kubva pakuongorora (Health, Finance, Government Services), izvo zvinorambidzwa kuongororwa maererano nemutemo munyika dzakawanda.
Wedzera mutemo kune HTTPS Inspection policy
from cpapi import APIClient, APIClientArgs
client_args = APIClientArgs(server="192.168.47.240")
data = {
"layer" : "Default Layer",
"position" : "top",
"name" : "Legal Requirements",
"action": "bypass",
"site-category": ["Health", "Government / Military", "Financial Services"]
}
with APIClient(client_args) as client:
login = client.login_with_api_key('3TsbPJ8ZKjaJGvFyoFqHFA==')
add_https_rule = client.api_call("add-https-rule", data)
publish = client.api_call("publish")
Kumhanyisa Python Scripts paCheck Point Management Server
Zvose zvakafanana ine ruzivo rwekuti ungamhanyisa sei zvinyorwa zvePython zvakananga kubva kune control server. Izvi zvinogona kubatsira kana iwe usingakwanise kubatana neiyo API server kubva kune mumwe muchina. Ndakarekodha vhidhiyo yemaminetsi matanhatu mandiri kutarisa kuisa module cpapi uye maficha ekumhanyisa Python zvinyorwa pane manejimendi server. Semuenzaniso, script inomhanya iyo inogadzirisa kugadziridzwa kwegedhi idzva rebasa rakadai se network auditing. Security CheckUp. Chimwe chezvinhu zvandaifanira kubata nazvo: muPython 2.7, basa racho harisati raonekwa chiyamuro, saka basa rinoshandiswa kugadzirisa ruzivo rwakapinda nemushandisi mbishi_input. Zvikasadaro, iyo kodhi yakafanana neyekutanga kubva kune mamwe machina, zviri nyore kushandisa basa racho login_as_root, kuitira kuti usataure zita rako rekushandisa, password uye IP kero ye control server zvakare.
Script yekukurumidza kuseta yeSecurity CheckUp
from __future__ import print_function
import getpass
import sys, os
sys.path.append(os.path.abspath(os.path.join(os.path.dirname(__file__), '..')))
from cpapi import APIClient, APIClientArgs
def main():
with APIClient() as client:
# if client.check_fingerprint() is False:
# print("Could not get the server's fingerprint - Check connectivity with the server.")
# exit(1)
login_res = client.login_as_root()
if login_res.success is False:
print("Login failed:n{}".format(login_res.error_message))
exit(1)
gw_name = raw_input("Enter the gateway name:")
gw_ip = raw_input("Enter the gateway IP address:")
if sys.stdin.isatty():
sic = getpass.getpass("Enter one-time password for the gateway(SIC): ")
else:
print("Attention! Your password will be shown on the screen!")
sic = raw_input("Enter one-time password for the gateway(SIC): ")
version = raw_input("Enter the gateway version(like RXX.YY):")
add_gw = client.api_call("add-simple-gateway", {'name' : gw_name, 'ipv4-address' : gw_ip, 'one-time-password' : sic, 'version': version.capitalize(), 'application-control' : 'true', 'url-filtering' : 'true', 'ips' : 'true', 'anti-bot' : 'true', 'anti-virus' : 'true', 'threat-emulation' : 'true'})
if add_gw.success and add_gw.data['sic-state'] != "communicating":
print("Secure connection with the gateway hasn't established!")
exit(1)
elif add_gw.success:
print("The gateway was added successfully.")
gw_uid = add_gw.data['uid']
gw_name = add_gw.data['name']
else:
print("Failed to add the gateway - {}".format(add_gw.error_message))
exit(1)
change_policy = client.api_call("set-access-layer", {"name" : "Network", "applications-and-url-filtering": "true", "content-awareness": "true"})
if change_policy.success:
print("The policy has been changed successfully")
else:
print("Failed to change the policy- {}".format(change_policy.error_message))
change_rule = client.api_call("set-access-rule", {"name" : "Cleanup rule", "layer" : "Network", "action": "Accept", "track": {"type": "Detailed Log", "accounting": "true"}})
if change_rule.success:
print("The cleanup rule has been changed successfully")
else:
print("Failed to change the cleanup rule- {}".format(change_rule.error_message))
# publish the result
publish_res = client.api_call("publish", {})
if publish_res.success:
print("The changes were published successfully.")
else:
print("Failed to publish the changes - {}".format(install_tp_policy.error_message))
install_access_policy = client.api_call("install-policy", {"policy-package" : "Standard", "access" : 'true', "threat-prevention" : 'false', "targets" : gw_uid})
if install_access_policy.success:
print("The access policy has been installed")
else:
print("Failed to install access policy - {}".format(install_tp_policy.error_message))
install_tp_policy = client.api_call("install-policy", {"policy-package" : "Standard", "access" : 'false', "threat-prevention" : 'true', "targets" : gw_uid})
if install_tp_policy.success:
print("The threat prevention policy has been installed")
else:
print("Failed to install threat prevention policy - {}".format(install_tp_policy.error_message))
# add passwords and passphrases to dictionary
with open('additional_pass.conf') as f:
line_num = 0
for line in f:
line_num += 1
add_password_dictionary = client.api_call("run-script", {"script-name" : "Add passwords and passphrases", "script" : "printf "{}" >> $FWDIR/conf/additional_pass.conf".format(line), "targets" : gw_name})
if add_password_dictionary.success:
print("The password dictionary line {} was added successfully".format(line_num))
else:
print("Failed to add the dictionary - {}".format(add_password_dictionary.error_message))
main() Muenzaniso wefaira rine password duramazwi rekuwedzera_pass.conf
{
"passwords" : ["malware","malicious","infected","Infected"],
"phrases" : ["password","Password","Pass","pass","codigo","key","pwd","пароль","Пароль","Ключ","ключ","шифр","Шифр"]
}
mhedziso
Ichi chinyorwa chinongobata chete zvakakosha mikana yebasa Python SDK uye module cpapi(sezvaungave wakafungidzira, aya ndiwo anonyanya kufanana), uye wadzidza kodhi mune ino module, iwe unowana zvakatowanda mikana mukushanda nayo. Zvinogoneka kuti iwe uchave nechishuwo chekuwedzera icho nemakirasi ako, mabasa, nzira uye akasiyana. Iwe unogona nguva dzose kugovera zviitiko zvako uye kuona mamwe magwaro eCheck Point muchikamu munharaunda , iyo inounza pamwechete vese vanogadzira zvigadzirwa nevashandisi.
Kufara kukodha uye kutenda nekuverenga kusvika kumagumo!
Source: www.habr.com
