Awoodda buuxda ee is dhexgalka API-yada waxaa la muujiyaa marka si wadajir ah loo isticmaalo koodka barnaamijka, marka ay suurtogal noqoto in si firfircoon loo abuuro codsiyada API iyo qalabka lagu falanqeeyo jawaabaha API. Si kastaba ha ahaatee, wali waa mid aan la dareemi karin Qalabka Horumarinta Software-ka Python (Hadda ka dib waxaa loo yaqaan Python SDK) ee Check Point Management API, laakiin micne lahayn. Waxay si weyn u fududaysaa nolosha horumariyeyaasha iyo kuwa xiiseeya otomaatiga. Python waxa ay beryahan dambe heshay caannimo aad u weyn waxaanan go'aansaday in aan buuxiyo farqiga oo aan dib u eego sifooyinka ugu muhiimsan. . Maqaalkani waxa uu u adeegaa sidii ku-darka ugu wanaagsan ee maqaal kale oo ku saabsan HabrΓ© . Waxaan eegi doonaa sida loo qoro qoraallada anagoo adeegsanayna Python SDK waxaanan si dhow u eegi doonnaa shaqeynta Maamulka API ee cusub ee nooca 1.6 (taageeray laga bilaabo R80.40). Si aad u fahamto maqaalka, waxaad u baahan doontaa aqoonta aasaasiga ah ee la shaqaynta API-yada iyo Python.
Check Point waxay si firfircoon u horumarinaysaa API-ga oo wakhtigan xaadirka ah kuwan soo socda ayaa la sii daayay:
- - la shaqee server-ka kantaroolka iyada oo loo sii marayo API (iyo awoodda lagu fulinayo qoraallada albaabbada ay maamusho server-ka kantaroolka)
- - la shaqeeyaan albaabbada amniga
- - la shaqaynta sanduuqa ciid ee daruurta Check Point
- - la shaqaynta daabka wacyigelinta aqoonsiga ee albaabada
- - la shaqeyso marinka maamulka albaabka SMB ()
- - la dhaqanka kontaroolayaasha IoT
- la shaqee (Xalka amniga SD-WAN)
- la shaqee
Python SDK hadda waxa ay taageertaa dhexgalka API Management iyo Gaia API. Waxaan eegi doonaa fasalada, hababka iyo doorsoomayaasha ugu muhiimsan cutubkan.
Ku rakibida moduleka
Module cpapi si deg deg ah oo fudud ugu rakibo iyadoo gacan ka heleysa howlfiican. Tilmaamaha rakibidda oo faahfaahsan ayaa laga heli karaa gudaha . Qaybtan waxa loo habeeyey si uu ula shaqeeyo noocyada Python 2.7 iyo 3.7. Maqaalkan, tusaalooyin ayaa lagu bixin doonaa iyadoo la adeegsanayo Python 3.7. Si kastaba ha ahaatee, Python SDK waxaa si toos ah looga maamuli karaa Hubinta Maareynta Maareynta (Maareynta Farshaxanka), laakiin kaliya waxay taageeraan Python 2.7, sidaas darteed qaybta ugu dambeysa waxay bixin doontaa koodka nooca 2.7. Isla markiiba ka dib marka la rakibo moduleka, waxaan ku talinayaa in la eego tusaalooyinka ku jira hagaha tusaaleyaal_python2 ΠΈ tusaaleyaal_python3.
Bilaabidda
Si aan awood ugu yeelanno inaan la shaqeyno qaybaha moduleka cpapi, waxaan u baahanahay inaan ka soo dejino moduleka cpapi ugu yaraan laba fasal oo loo baahan yahay:
APIClient ΠΈ APIClientArgs
from cpapi import APIClient, APIClientArgs
ΠΠ»Π°ΡΡ APIClientArgs waxay mas'uul ka tahay xaddidaadaha isku xirka server-ka API, iyo fasalka APIClient ayaa mas'uul ka ah isdhexgalka API-ga.
Go'aaminta xuduudaha isku xirka
Si loo qeexo cabbirro kala duwan oo loogu xidho API-ga, waxaad u baahan tahay inaad abuurto tusaale fasalka APIClientArgs. Mabda 'ahaan, xuduudaheeda ayaa horay loo sii qeexay iyo marka ay ku shaqeynayaan qoraalka server-ka kantaroolka, uma baahna in la cayimo.
client_args = APIClientArgs()Laakin markaad ku shaqeyneyso martigeliyaha qolo saddexaad, waxaad u baahan tahay inaad sheegto ugu yaraan cinwaanka IP-ga ama magaca martida loo yahay server-ka API (sidoo kale loo yaqaan server-ka maamulka). Tusaalaha hoose, waxaanu ku qeexnay xadka isku xidhka server-ka waxaanan ku meelaynaynaa ciwaanka IP-ga ee serverka maamulka sidii xadhig.
client_args = APIClientArgs(server='192.168.47.241')Aynu eegno dhammaan halbeegyada iyo qiyamkooda caadiga ah ee la isticmaali karo marka lagu xidho server-ka API:
Doodaha habka __init__ ee fasalka APIClientArgs
class APIClientArgs:
"""
This class provides arguments for APIClient configuration.
All the arguments are configured with their default values.
"""
# port is set to None by default, but it gets replaced with 443 if not specified
# context possible values - web_api (default) or gaia_api
def __init__(self, port=None, fingerprint=None, sid=None, server="127.0.0.1", http_debug_level=0,
api_calls=None, debug_file="", proxy_host=None, proxy_port=8080,
api_version=None, unsafe=False, unsafe_auto_accept=False, context="web_api"):
self.port = port
# management server fingerprint
self.fingerprint = fingerprint
# session-id.
self.sid = sid
# management server name or IP-address
self.server = server
# debug level
self.http_debug_level = http_debug_level
# an array with all the api calls (for debug purposes)
self.api_calls = api_calls if api_calls else []
# name of debug file. If left empty, debug data will not be saved to disk.
self.debug_file = debug_file
# HTTP proxy server address (without "http://")
self.proxy_host = proxy_host
# HTTP proxy port
self.proxy_port = proxy_port
# Management server's API version
self.api_version = api_version
# Indicates that the client should not check the server's certificate
self.unsafe = unsafe
# Indicates that the client should automatically accept and save the server's certificate
self.unsafe_auto_accept = unsafe_auto_accept
# The context of using the client - defaults to web_api
self.context = contextWaxaan aaminsanahay in dooda loo isticmaali karo tusaale ahaan fasalka APIClientArgs inay yihiin kuwo dareen leh maamulayaasha Hubinta oo aan u baahnayn faallooyin dheeraad ah.
Ku xidhida APIClient iyo maamulaha macnaha guud
ΠΠ»Π°ΡΡ APIClient Habka ugu habboon ee loo isticmaalo waa iyada oo loo marayo maamulaha macnaha guud. Dhammaan waxa loo baahan yahay in loo gudbiyo tusaale ka mid ah fasalka APIClient waa cabbirrada isku xirka ee lagu qeexay tallaabadii hore.
with APIClient(client_args) as client:
Maamulaha macnaha guud si toos ah uma samayn doono wicis soo gal ah server-ka API, laakiin waxa uu samayn doonaa wicitaan calaamad ah marka uu ka baxayo. Haddii sabab qaar ka mid ah aan loo baahnayn calaamadaynta ka dib markaad dhammayso la shaqeynta wicitaannada API, waxaad u baahan tahay inaad bilowdo shaqada adoon isticmaalin maamulaha macnaha guud:
client = APIClient(clieng_args)Imtixaanka isku xirka
Habka ugu fudud ee lagu hubin karo in xiriirku la kulmayo cabbirada la cayimay waa iyadoo la adeegsanayo habka jeeg_farta. Haddii xaqiijinta wadarta xashiishka sha1 ee sawirka faraha ee shahaadada serverka API ay guuldareysato (habka ayaa soo noqday Beenta), ka dib tani inta badan waxaa sababa dhibaatooyinka xiriirka waxaanan joojin karnaa fulinta barnaamijka (ama siino isticmaalaha fursad uu ku saxo xogta xiriirka):
if client.check_fingerprint() is False:
print("Could not get the server's fingerprint - Check connectivity with the server.")
exit(1)
Fadlan ogow in mustaqbalka fasalka APIClient waxay hubin doontaa wicista API kasta (hababka api_wac ΠΈ api_question, wax yar ayaan uga hadli doonaa iyaga) sha1 shahaadada faraha ee serverka API. Laakin haddii, marka la hubinayo faraha sha1 ee shahaadada server-ka API, qalad ayaa la ogaadaa (shahaadada lama garanayo ama waa la bedelay), habka jeeg_farta waxay si toos ah u siin doontaa fursad lagu daro/badalo macluumaadka ku saabsan mishiinka deegaanka. Jeeggaan gabi ahaanba waa la joojin karaa (laakiin tan waxaa lagu talin karaa oo keliya haddii qoraallada lagu socodsiiyo server-ka API laftiisa, marka lagu xirayo 127.0.0.1), iyadoo la adeegsanayo doodda APIClientArgs - aan badbaado lahayn_auto_aqbal (eeg wax badan oo ku saabsan APIClientArgs hore ee "Qeexidda xuduudaha isku xirka").
client_args = APIClientArgs(unsafe_auto_accept=True)Soo gal server API
Π£ APIClient waxaa jira ilaa 3 hab oo loo galo server-ka API, mid walbana wuu fahmayaa macnaha sid(fadhi-id), kaas oo si toos ah loo isticmaalo wicista API ee xiga ee madaxa (magaca ku jira madaxa halbeegkan X-chkp-sid), markaa looma baahna in la sii habeeyo cabbirkan.
habka login
Ikhtiyaarka la isticmaalayo login iyo erayga sirta ah (tusaale ahaan, adminname username iyo password 1q2w3e waxaa loo gudbiyaa dood mawqif ahaan):
login = client.login('admin', '1q2w3e') Qiyaaso dheeri ah oo ikhtiyaari ah ayaa sidoo kale lagu heli karaa habka gelitaanka; halkan waxaa ah magacyadooda iyo qiimahooda caadiga ah:
continue_last_session=False, domain=None, read_only=False, payload=NoneHabka login_with_api_key
Ikhtiyaarka la isticmaalayo furaha api (taageeray ka bilaabmaya nooca maamulka R80.40/Maaraynta API v1.6, "3TsbPJ8ZKjaJGvFyoFqHFA==" kani waa qiimaha furaha API ee mid ka mid ah isticmaalayaasha serferka maamulka leh habka oggolaanshaha furaha API):
login = client.login_with_api_key('3TsbPJ8ZKjaJGvFyoFqHFA==') Habka ku gal_api_key isla cabbirada ikhtiyaariga ah ayaa la heli karaa sida habka login.
login_as_root habka
Ikhtiyaarka lagu galo mishiinka maxaliga ah ee wata server API:
login = client.login_as_root()Waxa jira laba xuduud oo ikhtiyaari ah oo keliya oo loo heli karo habkan:
domain=None, payload=NoneUgu dambayntiina API-ga ayaa isu yeedhaya
Waxaan haynaa laba ikhtiyaar oo aan ku samayn karno wicitaanno API iyada oo loo marayo habab api_wac ΠΈ api_question. Aynu ogaano waxa ay ku kala duwan yihiin.
api_wac
Habkani waa mid lagu dabaqi karo wicitaan kasta. Waxaan u baahanahay inaan ka gudubno qaybta ugu dambeysa ee wicitaanka api iyo culeyska culeyska ee jirka codsiga haddii loo baahdo. Haddii culayska la saaray uu madhan yahay, markaa lama wareejin karo gabi ahaan:
api_versions = client.api_call('show-api-versions') Natiijada codsigan hoos ku qoran:
In [23]: api_versions
Out[23]:
APIResponse({
"data": {
"current-version": "1.6",
"supported-versions": [
"1",
"1.1",
"1.2",
"1.3",
"1.4",
"1.5",
"1.6"
]
},
"res_obj": {
"data": {
"current-version": "1.6",
"supported-versions": [
"1",
"1.1",
"1.2",
"1.3",
"1.4",
"1.5",
"1.6"
]
},
"status_code": 200
},
"status_code": 200,
"success": true
})
show_host = client.api_call('show-host', {'name' : 'h_8.8.8.8'})Natiijada codsigan hoos ku qoran:
In [25]: show_host
Out[25]:
APIResponse({
"data": {
"color": "black",
"comments": "",
"domain": {
"domain-type": "domain",
"name": "SMC User",
"uid": "41e821a0-3720-11e3-aa6e-0800200c9fde"
},
"groups": [],
"icon": "Objects/host",
"interfaces": [],
"ipv4-address": "8.8.8.8",
"meta-info": {
"creation-time": {
"iso-8601": "2020-05-01T21:49+0300",
"posix": 1588358973517
},
"creator": "admin",
"last-modifier": "admin",
"last-modify-time": {
"iso-8601": "2020-05-01T21:49+0300",
"posix": 1588358973517
},
"lock": "unlocked",
"validation-state": "ok"
},
"name": "h_8.8.8.8",
"nat-settings": {
"auto-rule": false
},
"read-only": false,
"tags": [],
"type": "host",
"uid": "c210af07-1939-49d3-a351-953a9c471d9e"
},
"res_obj": {
"data": {
"color": "black",
"comments": "",
"domain": {
"domain-type": "domain",
"name": "SMC User",
"uid": "41e821a0-3720-11e3-aa6e-0800200c9fde"
},
"groups": [],
"icon": "Objects/host",
"interfaces": [],
"ipv4-address": "8.8.8.8",
"meta-info": {
"creation-time": {
"iso-8601": "2020-05-01T21:49+0300",
"posix": 1588358973517
},
"creator": "admin",
"last-modifier": "admin",
"last-modify-time": {
"iso-8601": "2020-05-01T21:49+0300",
"posix": 1588358973517
},
"lock": "unlocked",
"validation-state": "ok"
},
"name": "h_8.8.8.8",
"nat-settings": {
"auto-rule": false
},
"read-only": false,
"tags": [],
"type": "host",
"uid": "c210af07-1939-49d3-a351-953a9c471d9e"
},
"status_code": 200
},
"status_code": 200,
"success": true
})
api_question
Aan isla markaaba boos sii qabsi sameeyo in habkan lagu dabaqi karo kaliya wicitaanada wax soo saarkooda ay ku lug leeyihiin dhimista. Fikradda noocan oo kale ah waxay dhacdaa marka ay ka kooban tahay ama laga yaabo inay ku jirto qadar badan oo macluumaad ah. Tusaale ahaan, tani waxay noqon kartaa codsi liiska dhammaan walxaha martida loo abuuray ee serverka maamulka. Codsiyada noocaan ah, API wuxuu soo celinayaa liiska 50 walxood si caadi ah (waxaad kordhin kartaa xadka ilaa 500 walx jawaabta). Iyo si aan loo jiidin macluumaadka dhowr jeer, beddelidda cabbirka ka-kabashada ee codsiga API, waxaa jira hab api_query oo si toos ah u shaqeeya. Tusaalooyinka wicitaanada halka habkan looga baahan yahay: bandhig-fadhiyo, show-martigeliyayaal, show-shabakado, show-kaarka duurjoogta ah, show-kooxaha, show-ciwaanka-kala duwan, tusi-irid-fudud, tusi-fudud-clusters, show-helitaanka-doorarka, show-aamin-macmiil, baakado bandhig. Dhab ahaantii, waxaan ku aragnaa ereyo jamac ah oo ku jira magaca wicitaanada API, markaa wicitaanadani waxay noqon doonaan kuwo sahlan in la maareeyo api_question
show_hosts = client.api_query('show-hosts') Natiijada codsigan hoos ku qoran:
In [21]: show_hosts
Out[21]:
APIResponse({
"data": [
{
"domain": {
"domain-type": "domain",
"name": "SMC User",
"uid": "41e821a0-3720-11e3-aa6e-0800200c9fde"
},
"ipv4-address": "192.168.47.1",
"name": "h_192.168.47.1",
"type": "host",
"uid": "5d7d7086-d70b-4995-971a-0583b15a2bfc"
},
{
"domain": {
"domain-type": "domain",
"name": "SMC User",
"uid": "41e821a0-3720-11e3-aa6e-0800200c9fde"
},
"ipv4-address": "8.8.8.8",
"name": "h_8.8.8.8",
"type": "host",
"uid": "c210af07-1939-49d3-a351-953a9c471d9e"
}
],
"res_obj": {
"data": {
"from": 1,
"objects": [
{
"domain": {
"domain-type": "domain",
"name": "SMC User",
"uid": "41e821a0-3720-11e3-aa6e-0800200c9fde"
},
"ipv4-address": "192.168.47.1",
"name": "h_192.168.47.1",
"type": "host",
"uid": "5d7d7086-d70b-4995-971a-0583b15a2bfc"
},
{
"domain": {
"domain-type": "domain",
"name": "SMC User",
"uid": "41e821a0-3720-11e3-aa6e-0800200c9fde"
},
"ipv4-address": "8.8.8.8",
"name": "h_8.8.8.8",
"type": "host",
"uid": "c210af07-1939-49d3-a351-953a9c471d9e"
}
],
"to": 2,
"total": 2
},
"status_code": 200
},
"status_code": 200,
"success": true
})
Hagaajinta natiijooyinka wicitaanada API
Taas ka dib waxaad isticmaali kartaa doorsoomayaasha iyo hababka fasalka APIResponse(labadaba gudaha maamulaha macnaha guud iyo labadaba). fasalka APIResponse 4 hab iyo 5 doorsoomayaal ayaa horay loo sii qeexay, waxaan dul istaagi doonaa kuwa ugu muhiimsan si faahfaahsan.
guul
Si loo bilaabo, waxay ahaan lahayd fikrad wanaagsan in la hubiyo in wacitaanka API uu ahaa mid guulaystay oo soo celiyay natiijo. Waxaa jira hab loogu talagalay tan guul:
In [49]: api_versions.success
Out[49]: True
Soo noqda Run haddii wacitaanka API uu guulaystay (koodhka jawaabta -200) iyo Been haddii aanu guulaysan (code jawaab celin kasta). Way ku habboon tahay in la isticmaalo isla markiiba ka dib wicitaanka API si loo muujiyo macluumaad kala duwan taas oo ku xidhan lambarka jawaabta.
if api_ver.success:
print(api_versions.data)
else:
print(api_versions.err_message) code code
Wuxuu soo celiyaa summada jawaabta ka dib markii API la soo wacay.
In [62]: api_versions.status_code
Out[62]: 400
Koodhadhka jawaabta suurtagalka ah: 200,400,401,403,404,409,500,501.
dhigay_guul_xaalad
Xaaladdan oo kale, waxaa laga yaabaa inay lagama maarmaan noqoto in la beddelo qiimaha heerka guusha. Farsamo ahaan, waxaad ku dhejin kartaa wax kasta, xitaa xadhig caadi ah. Laakin tusaale dhab ah ayaa noqon kara dib u dajinta halbeeggan Been iyada oo la raacayo shuruudaha la socda qaarkood. Hoosta, u fiirso tusaalaha marka ay jiraan hawlo ku socda server-ka maamulka, laakiin waxaan u tixgelin doonaa codsigan mid aan guulaysan (waxaan dejin doonaa doorsoomiyaha guusha Beenta, inkastoo xaqiiqda ah in wicitaanka API uu ahaa mid guul leh oo soo celiyay koodka 200).
for task in task_result.data["tasks"]:
if task["status"] == "failed" or task["status"] == "partially succeeded":
task_result.set_success_status(False)
breakjawaab ()
Habka jawaabta wuxuu kuu ogolaanayaa inaad ku aragto qaamuuska lambarka jawaabta (status_code) iyo jidhka jawaabta (jirka).
In [94]: api_versions.response()
Out[94]:
{'status_code': 200,
'data': {'current-version': '1.6',
'supported-versions': ['1', '1.1', '1.2', '1.3', '1.4', '1.5', '1.6']}}
data
Kuu ogolaanayaa inaad aragto kaliya jidhka jawaabta (jirka) iyada oo aan loo baahnayn macluumaad aan loo baahnayn.
In [93]: api_versions.data
Out[93]:
{'current-version': '1.6',
'supported-versions': ['1', '1.1', '1.2', '1.3', '1.4', '1.5', '1.6']}
khalad_fariin
Macluumaadkan waxa la heli karaa oo keliya marka uu khalad dhaco inta lagu gudo jiro socodsiinta codsiga API ( summada jawaabta ma 200). Tusaale wax soo saarka
In [107]: api_versions.error_message
Out[107]: 'code: generic_err_invalid_parameter_namenmessage: Unrecognized parameter [1]n'
Tusaalayaal waxtar leh
Kuwa soo socdaa waa tusaalayaal adeegsada wicitaanada API ee lagu daray Maamulka API 1.6.
Marka hore, aan eegno sida wicitaanada u shaqeeyaan ku-dar-geliye ΠΈ ku dar-cinwaanka-kala duwan. Aynu nidhaahno waxaan u baahanahay inaan abuurno dhammaan ciwaannada IP-ga ee subnet-ka 192.168.0.0/24, octet-ka ugu dambeeya kaas oo ah 5, oo ah walxaha nooca martida loo yahay, oo aan u qorno dhammaan ciwaannada IP-yada kale sida walxaha nooca ciwaanka. Xaaladdan, ka saar ciwaanka subnetka iyo ciwaanka baahinta.
Haddaba, hoos waxaa ah qoraal xallinaya dhibaatadan oo abuuraya 50 walxood oo ah nooca martida loo yahay iyo 51 walxood oo ah nooca tirada ciwaanka. Si loo xalliyo dhibaatada, 101 wicitaan oo API ah ayaa loo baahan yahay (aan la tirinaynin wicitaanka daabacaadda u dambeeya). Sidoo kale, anagoo adeegsanayna moduleka waqtiga, waxaan xisaabineynaa waqtiga ay qaadaneyso fulinta qoraalka ilaa inta isbedelada la daabacayo.
Qoraal isticmaalaya add-host iyo add-cinwaanka-kala duwan
import timeit
from cpapi import APIClient, APIClientArgs
start = timeit.default_timer()
first_ip = 1
last_ip = 4
client_args = APIClientArgs(server="192.168.47.240")
with APIClient(client_args) as client:
login = client.login_with_api_key('3TsbPJ8ZKjaJGvFyoFqHFA==')
for ip in range(5,255,5):
add_host = client.api_call("add-host", {"name" : f"h_192.168.0.{ip}", "ip-address": f'192.168.0.{ip}'})
while last_ip < 255:
add_range = client.api_call("add-address-range", {"name": f"r_192.168.0.{first_ip}-{last_ip}", "ip-address-first": f"192.168.0.{first_ip}", "ip-address-last": f"192.168.0.{last_ip}"})
first_ip+=5
last_ip+=5
stop = timeit.default_timer()
publish = client.api_call("publish")
print(f'Time to execute batch request: {stop - start} seconds')
Deegaanka shaybaadhkayga, qoraalkani wuxuu qaadanayaa inta u dhaxaysa 30 iyo 50 ilbiriqsi si loo fuliyo, iyadoo ku xidhan culayska serverka maamulka.
Hadda aan aragno sida loo xalliyo isla dhibaatada adoo isticmaalaya wicitaanka API dar-walxaha-dufcaddii, taageerada taas oo lagu daray nooca API 1.6. Wicitaanku wuxuu kuu ogolaanayaa inaad abuurto walxo badan hal mar API codsi. Intaa waxaa dheer, kuwani waxay noqon karaan walxo noocyo kala duwan leh (tusaale ahaan, martigeliyaha, shabakadaha hoose iyo tirada ciwaanka). Markaa, hawshayada waxa lagu xalin karaa qaab-dhismeedka hal wicitaan oo API ah.
Qoraal isticmaalaya add-objects-batch
import timeit
from cpapi import APIClient, APIClientArgs
start = timeit.default_timer()
client_args = APIClientArgs(server="192.168.47.240")
objects_list_ip = []
objects_list_range = []
for ip in range(5,255,5):
data = {"name": f'h_192.168.0.{ip}', "ip-address": f'192.168.0.{ip}'}
objects_list_ip.append(data)
first_ip = 1
last_ip = 4
while last_ip < 255:
data = {"name": f"r_192.168.0.{first_ip}-{last_ip}", "ip-address-first": f"192.168.0.{first_ip}", "ip-address-last": f"192.168.0.{last_ip}"}
objects_list_range.append(data)
first_ip+=5
last_ip+=5
data_for_batch = {
"objects" : [ {
"type" : "host",
"list" : objects_list_ip
}, {
"type" : "address-range",
"list" : objects_list_range
}]
}
with APIClient(client_args) as client:
login = client.login_with_api_key('3TsbPJ8ZKjaJGvFyoFqHFA==')
add_objects_batch = client.api_call("add-objects-batch", data_for_batch)
stop = timeit.default_timer()
publish = client.api_call("publish")
print(f'Time to execute batch request: {stop - start} seconds')
Oo ku socodsiinta qoraalkan jawiga shaybaadhkaygu wuxuu qaadanayaa 3 ilaa 7 ilbiriqsi, iyadoo ku xidhan culeyska serverka maamulka. Taasi waa, celcelis ahaan, 101 shay oo API ah, nooca dufcaddu waxay ku socotaa 10 jeer dhaqso. Marka tiro badan oo walxood ah, farqigu wuxuu noqon doonaa mid aad u cajiib badan.
Hadda aan aragno sida loola shaqeeyo set-walxaha-dufcaddii. Isticmaalka wicitaanka API, waxaan baddel karnaa cabbir kasta. Aynu dhigno qaybta hore ee ciwaannada tusaalihii hore (ilaa .124 martigeliyaha, iyo sidoo kale kala duwanaanshiyaha) ilaa midabka sienna, oo aan ku meeleyno midabka khaki qaybta labaad ee ciwaannada.
Beddelidda midabka walxaha lagu abuuray tusaalihii hore
from cpapi import APIClient, APIClientArgs
client_args = APIClientArgs(server="192.168.47.240")
objects_list_ip_first = []
objects_list_range_first = []
objects_list_ip_second = []
objects_list_range_second = []
for ip in range(5,125,5):
data = {"name": f'h_192.168.0.{ip}', "color": "sienna"}
objects_list_ip_first.append(data)
for ip in range(125,255,5):
data = {"name": f'h_192.168.0.{ip}', "color": "khaki"}
objects_list_ip_second.append(data)
first_ip = 1
last_ip = 4
while last_ip < 125:
data = {"name": f"r_192.168.0.{first_ip}-{last_ip}", "color": "sienna"}
objects_list_range_first.append(data)
first_ip+=5
last_ip+=5
while last_ip < 255:
data = {"name": f"r_192.168.0.{first_ip}-{last_ip}", "color": "khaki"}
objects_list_range_second.append(data)
first_ip+=5
last_ip+=5
data_for_batch_first = {
"objects" : [ {
"type" : "host",
"list" : objects_list_ip_first
}, {
"type" : "address-range",
"list" : objects_list_range_first
}]
}
data_for_batch_second = {
"objects" : [ {
"type" : "host",
"list" : objects_list_ip_second
}, {
"type" : "address-range",
"list" : objects_list_range_second
}]
}
with APIClient(client_args) as client:
login = client.login_with_api_key('3TsbPJ8ZKjaJGvFyoFqHFA==')
set_objects_batch_first = client.api_call("set-objects-batch", data_for_batch_first)
set_objects_batch_second = client.api_call("set-objects-batch", data_for_batch_second)
publish = client.api_call("publish")
Waxaad ku tirtiri kartaa walxo badan hal wicitaan API adiga oo isticmaalaya Tirtir-walxaha- Dufcaddii. Hadda aan eegno tusaale code ah oo tirtiraya dhammaan martigeliyaha hore loo abuuray dar-walxaha-dufcaddii.
Tirtirka walxaha iyadoo la adeegsanayo tir-tirka walxaha-qaybta
from cpapi import APIClient, APIClientArgs
client_args = APIClientArgs(server="192.168.47.240")
objects_list_ip = []
objects_list_range = []
for ip in range(5,255,5):
data = {"name": f'h_192.168.0.{ip}'}
objects_list_ip.append(data)
first_ip = 1
last_ip = 4
while last_ip < 255:
data = {"name": f"r_192.168.0.{first_ip}-{last_ip}"}
objects_list_range.append(data)
first_ip+=5
last_ip+=5
data_for_batch = {
"objects" : [ {
"type" : "host",
"list" : objects_list_ip
}, {
"type" : "address-range",
"list" : objects_list_range
}]
}
with APIClient(client_args) as client:
login = client.login_with_api_key('3TsbPJ8ZKjaJGvFyoFqHFA==')
delete_objects_batch = client.api_call("delete-objects-batch", data_for_batch)
publish = client.api_call("publish")
print(delete_objects_batch.data)
Dhammaan hawlaha ka muuqda siidaynta cusub ee software Check Point waxay isla markiiba helayaan wicitaannada API. Sidaa darteed, R80.40 sida "sifooyinka" sida Dib-u-eegis iyo Hawl Wacan ayaa soo muuqday, waxaana isla markiiba loo diyaariyey wicitaannada API ee u dhigma. Waxaa intaa dheer, dhammaan shaqeynta marka laga soo guurayo Consoles Legacy una guuro habka Siyaasadda Mideysan sidoo kale waxay helayaan taageerada API. Tusaale ahaan, cusboonaysiinta muddada dheer la sugayay ee nooca software R80.40 waxay ahayd ka guurista siyaasadda Kormeerka HTTPS ee qaabka Legacy una guurtay Habka Midaysan, shaqadani waxay isla markiiba heshay wicitaannada API. Halkan waxaa ah tusaale kood ah oo ku daraya qaanuunka booska ugu sarreeya ee siyaasadda Kormeerka HTTPS ee ka saaraya qaybaha 3 ee kormeerka (Caafimaadka, Maaliyadda, Adeegyada Dawladda), kuwaas oo ka mamnuuc ah kormeerka si waafaqsan sharciga dhowr waddan.
Xeer ku dar siyaasadda Kormeerka HTTPS
from cpapi import APIClient, APIClientArgs
client_args = APIClientArgs(server="192.168.47.240")
data = {
"layer" : "Default Layer",
"position" : "top",
"name" : "Legal Requirements",
"action": "bypass",
"site-category": ["Health", "Government / Military", "Financial Services"]
}
with APIClient(client_args) as client:
login = client.login_with_api_key('3TsbPJ8ZKjaJGvFyoFqHFA==')
add_https_rule = client.api_call("add-https-rule", data)
publish = client.api_call("publish")
Ku socodsiinta qoraallada Python ee serverka maamulka Check Point
Wax walba waa isku mid ka kooban yahay macluumaadka ku saabsan sida si toos ah looga maamulo scripts Python server ka. Tani waxay noqon kartaa mid ku habboon marka aadan awoodin inaad ku xidho server-ka API mashiin kale. Waxaan duubay fiidiyoow lix daqiiqo ah kaas oo aan eegayo rakibidda moduleka cpapi iyo astaamaha socodsiinta qoraallada Python ee server-ka kantaroolka. Tusaale ahaan, qoraal ayaa la maamulaa oo toosiya habaynta albaab cusub oo hawl ah sida xisaabinta shabakada Hubinta Ammaanka. Waxaa ka mid ah astaamaha aan la macaamilay: shaqadu wali kama soo muuqan Python 2.7 aqbasho, si loo habeeyo macluumaadka uu isticmaaluhu galo, hawl ayaa la isticmaalaa galinta cayriin. Haddii kale, koodhka ayaa la mid ah sidii laga soo saari lahaa mashiinnada kale, kaliya way ku habboon tahay in la isticmaalo shaqada gal_sida_xidid, si aadan mar kale u sheegin magacaaga isticmaale, eraygaaga sirta ah iyo cinwaanka IP-ga ee server-ka maamulka.
Qoraal si deg deg ah loogu dejiyo Hubinta Ammaanka
from __future__ import print_function
import getpass
import sys, os
sys.path.append(os.path.abspath(os.path.join(os.path.dirname(__file__), '..')))
from cpapi import APIClient, APIClientArgs
def main():
with APIClient() as client:
# if client.check_fingerprint() is False:
# print("Could not get the server's fingerprint - Check connectivity with the server.")
# exit(1)
login_res = client.login_as_root()
if login_res.success is False:
print("Login failed:n{}".format(login_res.error_message))
exit(1)
gw_name = raw_input("Enter the gateway name:")
gw_ip = raw_input("Enter the gateway IP address:")
if sys.stdin.isatty():
sic = getpass.getpass("Enter one-time password for the gateway(SIC): ")
else:
print("Attention! Your password will be shown on the screen!")
sic = raw_input("Enter one-time password for the gateway(SIC): ")
version = raw_input("Enter the gateway version(like RXX.YY):")
add_gw = client.api_call("add-simple-gateway", {'name' : gw_name, 'ipv4-address' : gw_ip, 'one-time-password' : sic, 'version': version.capitalize(), 'application-control' : 'true', 'url-filtering' : 'true', 'ips' : 'true', 'anti-bot' : 'true', 'anti-virus' : 'true', 'threat-emulation' : 'true'})
if add_gw.success and add_gw.data['sic-state'] != "communicating":
print("Secure connection with the gateway hasn't established!")
exit(1)
elif add_gw.success:
print("The gateway was added successfully.")
gw_uid = add_gw.data['uid']
gw_name = add_gw.data['name']
else:
print("Failed to add the gateway - {}".format(add_gw.error_message))
exit(1)
change_policy = client.api_call("set-access-layer", {"name" : "Network", "applications-and-url-filtering": "true", "content-awareness": "true"})
if change_policy.success:
print("The policy has been changed successfully")
else:
print("Failed to change the policy- {}".format(change_policy.error_message))
change_rule = client.api_call("set-access-rule", {"name" : "Cleanup rule", "layer" : "Network", "action": "Accept", "track": {"type": "Detailed Log", "accounting": "true"}})
if change_rule.success:
print("The cleanup rule has been changed successfully")
else:
print("Failed to change the cleanup rule- {}".format(change_rule.error_message))
# publish the result
publish_res = client.api_call("publish", {})
if publish_res.success:
print("The changes were published successfully.")
else:
print("Failed to publish the changes - {}".format(install_tp_policy.error_message))
install_access_policy = client.api_call("install-policy", {"policy-package" : "Standard", "access" : 'true', "threat-prevention" : 'false', "targets" : gw_uid})
if install_access_policy.success:
print("The access policy has been installed")
else:
print("Failed to install access policy - {}".format(install_tp_policy.error_message))
install_tp_policy = client.api_call("install-policy", {"policy-package" : "Standard", "access" : 'false', "threat-prevention" : 'true', "targets" : gw_uid})
if install_tp_policy.success:
print("The threat prevention policy has been installed")
else:
print("Failed to install threat prevention policy - {}".format(install_tp_policy.error_message))
# add passwords and passphrases to dictionary
with open('additional_pass.conf') as f:
line_num = 0
for line in f:
line_num += 1
add_password_dictionary = client.api_call("run-script", {"script-name" : "Add passwords and passphrases", "script" : "printf "{}" >> $FWDIR/conf/additional_pass.conf".format(line), "targets" : gw_name})
if add_password_dictionary.success:
print("The password dictionary line {} was added successfully".format(line_num))
else:
print("Failed to add the dictionary - {}".format(add_password_dictionary.error_message))
main() Fayl tusaale ah oo leh qaamuuska erayga sirta ah supplement_pass.conf
{
"passwords" : ["malware","malicious","infected","Infected"],
"phrases" : ["password","Password","Pass","pass","codigo","key","pwd","ΠΏΠ°ΡΠΎΠ»Ρ","ΠΠ°ΡΠΎΠ»Ρ","ΠΠ»ΡΡ","ΠΊΠ»ΡΡ","ΡΠΈΡΡ","Π¨ΠΈΡΡ"]
}
gunaanad
Maqaalkani waxa uu eegayaa oo kaliya fursadaha aasaasiga ah ee shaqada Python SDK iyo module cpapi(sida aad qiyaasi lahayd, kuwani waa ereyo isku mid ah), oo markaad barato koodka cutubkan waxaad ogaan doontaa xataa fursado badan oo aad kula shaqayn karto. Waxaa suurtogal ah in aad rabto in aad ku kabto fasalladaada, hawlahaaga, hababka iyo doorsoomayaashaada. Had iyo jeer waad wadaagi kartaa shaqadaada oo waxaad arki kartaa qoraallada kale ee Check Point ee qaybta bulshada dhexdeeda , kaas oo isu keena soo saarayaasha alaabta iyo isticmaalayaasha labadaba.
Codayn farxad leh waadna ku mahadsantahay akhrinta ilaa dhamaadka!
Source: www.habr.com