Kakuatan lengkep interaksi sareng API diungkabkeun nalika dianggo sareng kode program, nalika janten kamungkinan pikeun ngahasilkeun paménta API sareng alat pikeun nganalisa réspon API sacara dinamis. Sanajan kitu, eta masih tetep unnoticeable Kit Pangwangunan Software Python (hereinafter disebut Python SDK) pikeun Pariksa Point Manajemén API, tapi sia. Éta sacara signifikan nyederhanakeun kahirupan pamekar sareng peminat automation. Python parantos kéngingkeun popularitas anu ageung akhir-akhir ieu sareng kuring mutuskeun pikeun ngeusian jurang sareng marios fitur utama. . Tulisan ieu janten tambahan anu saé pikeun tulisan sanés ngeunaan Habré . Urang bakal nempo kumaha carana nulis Aksara ngagunakeun Python SDK sarta nyandak katingal ngadeukeutan dina fungsionalitas API Manajemén anyar dina versi 1.6 (dirojong mimitian ti R80.40). Pikeun ngartos tulisan, anjeun peryogi pangaweruh dasar pikeun damel sareng API sareng Python.
Check Point aktip ngembangkeun API sareng ayeuna parantos dileupaskeun:
- - damel sareng server kontrol via API (sareng kamampuan pikeun ngaéksekusi skrip dina gateway anu dikawasa ku server kontrol)
- - gawé bareng gateways kaamanan
- - gawé bareng sandbox dina awan Check Point
- - gawé bareng agul Identity Kasadaran on gateways
- - damel sareng portal manajemén gateway SMB ()
- - interaksi jeung controller IoT
- - gawé bareng (Solusi kaamanan SD-WAN)
- - gawé bareng
Python SDK ayeuna ngan ngarojong interaksi jeung API Manajemén jeung API Gaia. Urang bakal ningali kelas, metode sareng variabel anu paling penting dina modul ieu.
Masang modul
Modul cpapi installs gancang sarta gampang tina kalayan bantuan pip. parentah instalasi lengkep sadia dina . modul ieu diadaptasi pikeun gawé bareng Python vérsi 2.7 jeung 3.7. Dina artikel ieu, conto bakal dibikeun ngagunakeun Python 3.7. Sanajan kitu, Python SDK bisa dijalankeun langsung ti Check Point Manajemén Server (Manajemén Smart), Tapi aranjeunna ukur ngarojong Python 2.7, jadi bagian panungtungan bakal nyadiakeun kode pikeun versi 2.7. Langsung saatos masang modul, kuring nyarankeun ningali conto dina diréktori examples_python2 и examples_python3.
Ngalalanyahan
Supados urang tiasa dianggo sareng komponén modul cpapi, urang kedah ngimpor tina modul cpapi sahenteuna dua kelas anu diperyogikeun:
APIClient и APIClientArgs
from cpapi import APIClient, APIClientArgs
kelas APIClientArgs tanggung jawab parameter sambungan kana server API, jeung kelas APIClient tanggung jawab interaksi jeung API.
Nangtukeun parameter sambungan
Pikeun nangtukeun rupa parameter pikeun nyambungkeun ka API, Anjeun kudu nyieun hiji conto kelas APIClientArgs. Sacara prinsip, parameterna tos siap sareng nalika ngajalankeun skrip dina server kontrol, aranjeunna henteu kedah dieusian.
client_args = APIClientArgs()Tapi lamun ngajalankeun on host pihak katilu, Anjeun kudu nangtukeun sahenteuna alamat IP atawa ngaran host tina server API (ogé katelah server manajemén). Dina conto di handap, urang nangtukeun parameter sambungan server jeung nangtukeun eta alamat IP tina server manajemén salaku string a.
client_args = APIClientArgs(server='192.168.47.241')Hayu urang tingali sadaya parameter sareng nilai standarna anu tiasa dianggo nalika nyambung ka server API:
Argumen metode __init__ tina kelas APIClientArgs
class APIClientArgs:
"""
This class provides arguments for APIClient configuration.
All the arguments are configured with their default values.
"""
# port is set to None by default, but it gets replaced with 443 if not specified
# context possible values - web_api (default) or gaia_api
def __init__(self, port=None, fingerprint=None, sid=None, server="127.0.0.1", http_debug_level=0,
api_calls=None, debug_file="", proxy_host=None, proxy_port=8080,
api_version=None, unsafe=False, unsafe_auto_accept=False, context="web_api"):
self.port = port
# management server fingerprint
self.fingerprint = fingerprint
# session-id.
self.sid = sid
# management server name or IP-address
self.server = server
# debug level
self.http_debug_level = http_debug_level
# an array with all the api calls (for debug purposes)
self.api_calls = api_calls if api_calls else []
# name of debug file. If left empty, debug data will not be saved to disk.
self.debug_file = debug_file
# HTTP proxy server address (without "http://")
self.proxy_host = proxy_host
# HTTP proxy port
self.proxy_port = proxy_port
# Management server's API version
self.api_version = api_version
# Indicates that the client should not check the server's certificate
self.unsafe = unsafe
# Indicates that the client should automatically accept and save the server's certificate
self.unsafe_auto_accept = unsafe_auto_accept
# The context of using the client - defaults to web_api
self.context = contextKuring yakin yén argumen nu bisa dipaké dina instansi tina kelas APIClientArgs anu intuitif pikeun pangurus Check Point na teu merlukeun komentar tambahan.
Nyambungkeun via APIClient sareng manajer konteks
kelas APIClient Cara anu paling merenah pikeun ngagunakeun éta nyaéta ngaliwatan manajer kontéks. Sadaya anu kedah dilebetkeun kana conto kelas APIClient nyaéta parameter sambungan anu didefinisikeun dina léngkah sateuacana.
with APIClient(client_args) as client:
Pangatur kontéks moal otomatis nelepon asup ka server API, tapi bakal nelepon kaluar nalika kaluar. Upami kusabab sababaraha alesan logout henteu diperyogikeun saatos réngsé damel sareng telepon API, anjeun kedah ngamimitian damel tanpa nganggo manajer kontéks:
client = APIClient(clieng_args)Tés sambungan
Cara panggampangna pikeun mariksa naha sambungan nyumponan parameter anu ditangtukeun nyaéta nganggo metodeu cek_sidik. Upami verifikasi jumlah hash sha1 pikeun sidik sertipikat API server gagal (metoda anu dipulangkeun palsu), teras ieu biasana disababkeun ku masalah sambungan sareng urang tiasa ngeureunkeun palaksanaan program (atanapi masihan pangguna kasempetan pikeun ngabenerkeun data sambungan):
if client.check_fingerprint() is False:
print("Could not get the server's fingerprint - Check connectivity with the server.")
exit(1)
Perhatikeun yén dina mangsa nu bakal datang kelas APIClient bakal pariksa unggal panggero API (metode api_call и api_query, urang bakal ngobrol ngeunaan aranjeunna saeutik salajengna) sha1 sertipikat sidik dina server API. Tapi upami, nalika mariksa sidik sha1 tina sertipikat server API, kasalahan dideteksi (sertipikatna henteu dipikanyaho atanapi parantos dirobih), metodena. cek_sidik bakal nyadiakeun kasempetan pikeun nambahkeun / ngarobah informasi ngeunaan eta dina mesin lokal otomatis. Cék ieu tiasa ditumpurkeun lengkep (tapi ieu ngan tiasa disarankeun upami skrip dijalankeun dina server API sorangan, nalika nyambung ka 127.0.0.1), nganggo argumen APIClientArgs - unsafe_auto_accept (tingali langkung seueur ngeunaan APIClientArgs saméméhna dina "Nangtukeun parameter sambungan").
client_args = APIClientArgs(unsafe_auto_accept=True)Login ka server API
У APIClient aya saloba 3 métode pikeun logging kana server API, sarta unggal sahijina understands hartina Sid(session-id), nu dipaké sacara otomatis dina unggal panggero API saterusna dina lulugu (nami dina lulugu parameter ieu X-chkp-sid), janten teu kedah ngolah parameter ieu.
métode login
Pilihan nganggo login sareng kecap akses (dina conto, nami pangguna admin sareng kecap akses 1q2w3e disalurkeun salaku argumen posisional):
login = client.login('admin', '1q2w3e') Parameter pilihan tambahan ogé sayogi dina metode login; ieu nami sareng nilai standarna:
continue_last_session=False, domain=None, read_only=False, payload=NoneMétode login_with_api_key
Pilihan nganggo konci api (dirojong mimitian ti versi manajemén R80.40/Manajemén API v1.6, "3TsbPJ8ZKjaJGvFyoFqHFA=" Ieu mangrupikeun nilai konci API pikeun salah sahiji pangguna dina server manajemén kalayan metode otorisasi konci API):
login = client.login_with_api_key('3TsbPJ8ZKjaJGvFyoFqHFA==') Dina métode login_with_api_key parameter pilihan sarua sadia sakumaha dina metoda lebet.
login_as_root metoda
Pilihan pikeun login ka mesin lokal sareng server API:
login = client.login_as_root()Aya ngan dua parameter pilihan sadia pikeun metoda ieu:
domain=None, payload=NoneSarta pamustunganana API nelepon sorangan
Simkuring gaduh dua pilihan pikeun nelepon API ngaliwatan métode api_call и api_query. Hayu urang terang naon bédana antara aranjeunna.
api_call
Metoda ieu lumaku pikeun sauran naon waé. Urang kudu lulus bagian panungtungan pikeun panggero api na payload dina awak pamundut lamun perlu. Upami payload kosong, maka éta henteu tiasa ditransfer pisan:
api_versions = client.api_call('show-api-versions') Kaluaran pikeun pamundut ieu di handap cut:
In [23]: api_versions
Out[23]:
APIResponse({
"data": {
"current-version": "1.6",
"supported-versions": [
"1",
"1.1",
"1.2",
"1.3",
"1.4",
"1.5",
"1.6"
]
},
"res_obj": {
"data": {
"current-version": "1.6",
"supported-versions": [
"1",
"1.1",
"1.2",
"1.3",
"1.4",
"1.5",
"1.6"
]
},
"status_code": 200
},
"status_code": 200,
"success": true
})
show_host = client.api_call('show-host', {'name' : 'h_8.8.8.8'})Kaluaran pikeun pamundut ieu di handap cut:
In [25]: show_host
Out[25]:
APIResponse({
"data": {
"color": "black",
"comments": "",
"domain": {
"domain-type": "domain",
"name": "SMC User",
"uid": "41e821a0-3720-11e3-aa6e-0800200c9fde"
},
"groups": [],
"icon": "Objects/host",
"interfaces": [],
"ipv4-address": "8.8.8.8",
"meta-info": {
"creation-time": {
"iso-8601": "2020-05-01T21:49+0300",
"posix": 1588358973517
},
"creator": "admin",
"last-modifier": "admin",
"last-modify-time": {
"iso-8601": "2020-05-01T21:49+0300",
"posix": 1588358973517
},
"lock": "unlocked",
"validation-state": "ok"
},
"name": "h_8.8.8.8",
"nat-settings": {
"auto-rule": false
},
"read-only": false,
"tags": [],
"type": "host",
"uid": "c210af07-1939-49d3-a351-953a9c471d9e"
},
"res_obj": {
"data": {
"color": "black",
"comments": "",
"domain": {
"domain-type": "domain",
"name": "SMC User",
"uid": "41e821a0-3720-11e3-aa6e-0800200c9fde"
},
"groups": [],
"icon": "Objects/host",
"interfaces": [],
"ipv4-address": "8.8.8.8",
"meta-info": {
"creation-time": {
"iso-8601": "2020-05-01T21:49+0300",
"posix": 1588358973517
},
"creator": "admin",
"last-modifier": "admin",
"last-modify-time": {
"iso-8601": "2020-05-01T21:49+0300",
"posix": 1588358973517
},
"lock": "unlocked",
"validation-state": "ok"
},
"name": "h_8.8.8.8",
"nat-settings": {
"auto-rule": false
},
"read-only": false,
"tags": [],
"type": "host",
"uid": "c210af07-1939-49d3-a351-953a9c471d9e"
},
"status_code": 200
},
"status_code": 200,
"success": true
})
api_query
Hayu atuh nyieun reservasi langsung yén métode ieu lumaku ngan pikeun panggero anu kaluaran ngawengku offset. Inferensi sapertos kitu lumangsung nalika ngandung atanapi tiasa ngandung seueur inpormasi. Salaku conto, ieu tiasa janten pamenta pikeun daptar sadaya objék host anu diciptakeun dina server manajemén. Pikeun requests sapertos, API balik daptar 50 objék sacara standar (anjeun tiasa ningkatkeun wates ka 500 objék dina respon). Sareng supados henteu narik inpormasi sababaraha kali, ngarobih parameter offset dina pamundut API, aya metode api_query anu ngalakukeun ieu sacara otomatis. Conto telepon dimana metoda ieu diperlukeun: acara-sesi, acara-host, acara-jaringan, acara-wildcards, acara-grup, acara-alamat-rentang, acara-saderhana-gateways, némbongkeun-basajan-cluster, acara-aksés-peran, acara-dipercaya-klien, acara-pakét. Nyatana, urang ningali kecap jamak dina nami panggero API ieu, janten sauran ieu bakal langkung gampang diurus api_query
show_hosts = client.api_query('show-hosts') Kaluaran pikeun pamundut ieu di handap cut:
In [21]: show_hosts
Out[21]:
APIResponse({
"data": [
{
"domain": {
"domain-type": "domain",
"name": "SMC User",
"uid": "41e821a0-3720-11e3-aa6e-0800200c9fde"
},
"ipv4-address": "192.168.47.1",
"name": "h_192.168.47.1",
"type": "host",
"uid": "5d7d7086-d70b-4995-971a-0583b15a2bfc"
},
{
"domain": {
"domain-type": "domain",
"name": "SMC User",
"uid": "41e821a0-3720-11e3-aa6e-0800200c9fde"
},
"ipv4-address": "8.8.8.8",
"name": "h_8.8.8.8",
"type": "host",
"uid": "c210af07-1939-49d3-a351-953a9c471d9e"
}
],
"res_obj": {
"data": {
"from": 1,
"objects": [
{
"domain": {
"domain-type": "domain",
"name": "SMC User",
"uid": "41e821a0-3720-11e3-aa6e-0800200c9fde"
},
"ipv4-address": "192.168.47.1",
"name": "h_192.168.47.1",
"type": "host",
"uid": "5d7d7086-d70b-4995-971a-0583b15a2bfc"
},
{
"domain": {
"domain-type": "domain",
"name": "SMC User",
"uid": "41e821a0-3720-11e3-aa6e-0800200c9fde"
},
"ipv4-address": "8.8.8.8",
"name": "h_8.8.8.8",
"type": "host",
"uid": "c210af07-1939-49d3-a351-953a9c471d9e"
}
],
"to": 2,
"total": 2
},
"status_code": 200
},
"status_code": 200,
"success": true
})
Ngolah hasil panggero API
Saatos ieu anjeun tiasa nganggo variabel sareng metode kelas APIResponse(boh di jero manajer konteks sareng di luar). Di kelas APIResponse 4 metode sareng 5 variabel tos ditetepkeun; urang bakal ngabahas anu paling penting sacara langkung rinci.
sukses
Pikeun mimitian ku, éta bakal mangrupakeun ide nu sae pikeun mastikeun yén panggero API éta suksés tur balik hasilna. Aya metodeu pikeun ieu sukses:
In [49]: api_versions.success
Out[49]: True
Mulih Leres lamun panggero API éta suksés (kode respon - 200) jeung Palsu lamun teu suksés (sagala kode respon séjén). Éta merenah ngagunakeun langsung saatos hiji panggero API pikeun nembongkeun informasi béda gumantung kana kode respon.
if api_ver.success:
print(api_versions.data)
else:
print(api_versions.err_message) statuscode
Mulih kode respon sanggeus hiji panggero API geus dijieun.
In [62]: api_versions.status_code
Out[62]: 400
Kodeu réspon anu mungkin: 200,400,401,403,404,409,500,501.
set_success_status
Dina hal ieu, meureun perlu ngarobah nilai status kasuksésan. Téhnisna, anjeun tiasa nempatkeun nanaon di dinya, sanajan string biasa. Tapi conto nyata bakal ngareset parameter ieu Palsu dina kaayaan nu tangtu. Di handap, perhatikeun conto nalika aya tugas anu dijalankeun dina server manajemén, tapi kami bakal nganggap pamundut ieu henteu hasil (urang bakal nyetél variabel kasuksésan ka palsu, sanajan kanyataan yén panggero API éta suksés tur balik kode 200).
for task in task_result.data["tasks"]:
if task["status"] == "failed" or task["status"] == "partially succeeded":
task_result.set_success_status(False)
breakjawaban ()
Metoda respon ngidinan Anjeun pikeun nempo kamus kalawan kode respon (status_code) jeung awak respon (body).
In [94]: api_versions.response()
Out[94]:
{'status_code': 200,
'data': {'current-version': '1.6',
'supported-versions': ['1', '1.1', '1.2', '1.3', '1.4', '1.5', '1.6']}}
data
Ngidinan anjeun ngan ukur ningali awak réspon (awak) tanpa inpormasi anu teu perlu.
In [93]: api_versions.data
Out[93]:
{'current-version': '1.6',
'supported-versions': ['1', '1.1', '1.2', '1.3', '1.4', '1.5', '1.6']}
error_message
Inpormasi ieu ngan sayogi nalika aya kasalahan nalika ngolah pamundut API (kode respon teu 200). Conto kaluaran
In [107]: api_versions.error_message
Out[107]: 'code: generic_err_invalid_parameter_namenmessage: Unrecognized parameter [1]n'
conto mangpaat
Di handap ieu conto anu ngagunakeun panggero API nu ditambahkeun dina Manajemén API 1.6.
Kahiji, hayu urang nempo kumaha nelepon jalan nambahkeun-host и nambahkeun-alamat-rentang. Hayu urang nyebutkeun urang kudu nyieun sakabéh alamat IP tina subnet 192.168.0.0/24, nu oktet panungtungan nyaéta 5, salaku objék tina tipe host, jeung nulis sagala alamat IP séjén salaku objék tina tipe rentang alamat. Dina hal ieu, teu kaasup alamat subnet jeung alamat siaran.
Janten, di handap ieu mangrupikeun naskah anu ngarengsekeun masalah ieu sareng nyiptakeun 50 objék tina jinis host sareng 51 objék tina jinis rentang alamat. Pikeun ngajawab masalah, 101 panggero API diperlukeun (teu kaétang panggero penerbitan final). Ogé, ngagunakeun modul timeit, urang ngitung waktu nu diperlukeun pikeun ngaéksekusi naskah nepi ka parobahanana diterbitkeun.
Skrip nganggo add-host sareng add-address-range
import timeit
from cpapi import APIClient, APIClientArgs
start = timeit.default_timer()
first_ip = 1
last_ip = 4
client_args = APIClientArgs(server="192.168.47.240")
with APIClient(client_args) as client:
login = client.login_with_api_key('3TsbPJ8ZKjaJGvFyoFqHFA==')
for ip in range(5,255,5):
add_host = client.api_call("add-host", {"name" : f"h_192.168.0.{ip}", "ip-address": f'192.168.0.{ip}'})
while last_ip < 255:
add_range = client.api_call("add-address-range", {"name": f"r_192.168.0.{first_ip}-{last_ip}", "ip-address-first": f"192.168.0.{first_ip}", "ip-address-last": f"192.168.0.{last_ip}"})
first_ip+=5
last_ip+=5
stop = timeit.default_timer()
publish = client.api_call("publish")
print(f'Time to execute batch request: {stop - start} seconds')
Di lingkungan lab kuring, naskah ieu butuh antara 30 jeung 50 detik pikeun ngajalankeun, gumantung kana beban dina server manajemén.
Ayeuna hayu urang tingali kumaha ngabéréskeun masalah anu sami nganggo sauran API nambahkeun-obyek-angkatan, rojongan pikeun nu ditambahkeun dina versi API 1.6. Telepon ieu ngamungkinkeun anjeun nyiptakeun seueur objék sakaligus dina hiji pamundut API. Leuwih ti éta, ieu bisa jadi objék tina tipena béda (contona, host, subnets jeung rentang alamat). Ku kituna, tugas urang bisa direngsekeun dina kerangka hiji panggero API.
Skrip ngagunakeun tambihan-obyek-angkatan
import timeit
from cpapi import APIClient, APIClientArgs
start = timeit.default_timer()
client_args = APIClientArgs(server="192.168.47.240")
objects_list_ip = []
objects_list_range = []
for ip in range(5,255,5):
data = {"name": f'h_192.168.0.{ip}', "ip-address": f'192.168.0.{ip}'}
objects_list_ip.append(data)
first_ip = 1
last_ip = 4
while last_ip < 255:
data = {"name": f"r_192.168.0.{first_ip}-{last_ip}", "ip-address-first": f"192.168.0.{first_ip}", "ip-address-last": f"192.168.0.{last_ip}"}
objects_list_range.append(data)
first_ip+=5
last_ip+=5
data_for_batch = {
"objects" : [ {
"type" : "host",
"list" : objects_list_ip
}, {
"type" : "address-range",
"list" : objects_list_range
}]
}
with APIClient(client_args) as client:
login = client.login_with_api_key('3TsbPJ8ZKjaJGvFyoFqHFA==')
add_objects_batch = client.api_call("add-objects-batch", data_for_batch)
stop = timeit.default_timer()
publish = client.api_call("publish")
print(f'Time to execute batch request: {stop - start} seconds')
Jeung ngajalankeun Aksara ieu di lingkungan lab kuring nyokot tina 3 ka 7 detik, gumantung kana beban dina server manajemén. Hartina, rata-rata, dina 101 objék API, panggero tipe bets ngajalankeun 10 kali leuwih gancang. Dina sajumlah ageung objék bédana bakal langkung narik.
Ayeuna hayu urang tingali kumaha dianggo set-objék-angkatan. Ngagunakeun panggero API ieu, urang bisa bulk ngarobah parameter nanaon. Hayu urang nyetel satengah mimiti alamat tina conto saméméhna (nepi ka .124 host, sarta rentang teuing) kana warna sienna, sarta napelkeun warna khaki ka satengah kadua alamat.
Ngarobah warna objék dijieun dina conto saméméhna
from cpapi import APIClient, APIClientArgs
client_args = APIClientArgs(server="192.168.47.240")
objects_list_ip_first = []
objects_list_range_first = []
objects_list_ip_second = []
objects_list_range_second = []
for ip in range(5,125,5):
data = {"name": f'h_192.168.0.{ip}', "color": "sienna"}
objects_list_ip_first.append(data)
for ip in range(125,255,5):
data = {"name": f'h_192.168.0.{ip}', "color": "khaki"}
objects_list_ip_second.append(data)
first_ip = 1
last_ip = 4
while last_ip < 125:
data = {"name": f"r_192.168.0.{first_ip}-{last_ip}", "color": "sienna"}
objects_list_range_first.append(data)
first_ip+=5
last_ip+=5
while last_ip < 255:
data = {"name": f"r_192.168.0.{first_ip}-{last_ip}", "color": "khaki"}
objects_list_range_second.append(data)
first_ip+=5
last_ip+=5
data_for_batch_first = {
"objects" : [ {
"type" : "host",
"list" : objects_list_ip_first
}, {
"type" : "address-range",
"list" : objects_list_range_first
}]
}
data_for_batch_second = {
"objects" : [ {
"type" : "host",
"list" : objects_list_ip_second
}, {
"type" : "address-range",
"list" : objects_list_range_second
}]
}
with APIClient(client_args) as client:
login = client.login_with_api_key('3TsbPJ8ZKjaJGvFyoFqHFA==')
set_objects_batch_first = client.api_call("set-objects-batch", data_for_batch_first)
set_objects_batch_second = client.api_call("set-objects-batch", data_for_batch_second)
publish = client.api_call("publish")
Anjeun tiasa mupus sababaraha objék dina hiji panggero API ngagunakeun ngahapus-obyek-angkatan. Ayeuna hayu urang tingali conto kode anu ngahapus sadaya host anu didamel sateuacana via nambahkeun-obyek-angkatan.
Ngahapus objék nganggo delete-objects-batch
from cpapi import APIClient, APIClientArgs
client_args = APIClientArgs(server="192.168.47.240")
objects_list_ip = []
objects_list_range = []
for ip in range(5,255,5):
data = {"name": f'h_192.168.0.{ip}'}
objects_list_ip.append(data)
first_ip = 1
last_ip = 4
while last_ip < 255:
data = {"name": f"r_192.168.0.{first_ip}-{last_ip}"}
objects_list_range.append(data)
first_ip+=5
last_ip+=5
data_for_batch = {
"objects" : [ {
"type" : "host",
"list" : objects_list_ip
}, {
"type" : "address-range",
"list" : objects_list_range
}]
}
with APIClient(client_args) as client:
login = client.login_with_api_key('3TsbPJ8ZKjaJGvFyoFqHFA==')
delete_objects_batch = client.api_call("delete-objects-batch", data_for_batch)
publish = client.api_call("publish")
print(delete_objects_batch.data)
Sadaya fungsi anu muncul dina sékrési énggal parangkat lunak Check Point langsung nampi telepon API. Ku kituna, dina R80.40 sapertos "fitur" salaku Balik deui ka révisi jeung Smart Tugas mucunghul, sarta saluyu API nelepon langsung disiapkeun keur maranehna. Sumawona, sadaya fungsionalitas nalika ngalih tina konsol Warisan ka modeu Kabijakan Ngahijikeun ogé nampi dukungan API. Contona, update lila-tunggu dina versi software R80.40 éta mindahkeun kawijakan HTTPS Inspection tina mode Warisan kana modeu Sarat jeung Kaayaan Ngahijikeun Tatar, sarta fungsionalitas ieu langsung narima panggero API. Ieu conto kode anu nambihan aturan kana posisi luhur kawijakan Inspeksi HTTPS anu ngaluarkeun 3 kategori tina pamariksaan (Kaséhatan, Keuangan, Layanan Pamaréntah), anu dilarang pamariksaan saluyu sareng hukum di sababaraha nagara.
Tambahkeun aturan kana kawijakan HTTPS Inspection
from cpapi import APIClient, APIClientArgs
client_args = APIClientArgs(server="192.168.47.240")
data = {
"layer" : "Default Layer",
"position" : "top",
"name" : "Legal Requirements",
"action": "bypass",
"site-category": ["Health", "Government / Military", "Financial Services"]
}
with APIClient(client_args) as client:
login = client.login_with_api_key('3TsbPJ8ZKjaJGvFyoFqHFA==')
add_https_rule = client.api_call("add-https-rule", data)
publish = client.api_call("publish")
Ngajalankeun skrip Python dina server manajemén Check Point
Sagalana sarua ngandung émbaran ngeunaan cara ngajalankeun Aksara Python langsung ti server kontrol. Ieu bisa jadi merenah mun anjeun teu bisa nyambung ka server API tina mesin sejen. Kuring ngarékam pidéo genep menit dimana kuring ningali masang modul cpapi sarta fitur ngajalankeun Aksara Python dina server kontrol. Salaku conto, naskah dijalankeun anu ngajadikeun otomatis konfigurasi gateway anyar pikeun tugas sapertos auditing jaringan Pamariksaan Kaamanan. Diantara fitur anu kuring kedah diurus: fungsina henteu acan muncul dina Python 2.7 ngasupkeun, ku kituna pikeun ngolah informasi nu diasupkeun pamaké, hiji fungsi dipaké raw_input. Upami teu kitu, kodeu sami sareng pikeun ngaluncurkeun tina mesin sanés, ngan éta langkung merenah ngagunakeun fungsina login_as_root, ku kituna teu nangtukeun ngaran pamaké anjeun sorangan, sandi jeung alamat IP tina server manajemén deui.
Skrip pikeun setelan gancang Security CheckUp
from __future__ import print_function
import getpass
import sys, os
sys.path.append(os.path.abspath(os.path.join(os.path.dirname(__file__), '..')))
from cpapi import APIClient, APIClientArgs
def main():
with APIClient() as client:
# if client.check_fingerprint() is False:
# print("Could not get the server's fingerprint - Check connectivity with the server.")
# exit(1)
login_res = client.login_as_root()
if login_res.success is False:
print("Login failed:n{}".format(login_res.error_message))
exit(1)
gw_name = raw_input("Enter the gateway name:")
gw_ip = raw_input("Enter the gateway IP address:")
if sys.stdin.isatty():
sic = getpass.getpass("Enter one-time password for the gateway(SIC): ")
else:
print("Attention! Your password will be shown on the screen!")
sic = raw_input("Enter one-time password for the gateway(SIC): ")
version = raw_input("Enter the gateway version(like RXX.YY):")
add_gw = client.api_call("add-simple-gateway", {'name' : gw_name, 'ipv4-address' : gw_ip, 'one-time-password' : sic, 'version': version.capitalize(), 'application-control' : 'true', 'url-filtering' : 'true', 'ips' : 'true', 'anti-bot' : 'true', 'anti-virus' : 'true', 'threat-emulation' : 'true'})
if add_gw.success and add_gw.data['sic-state'] != "communicating":
print("Secure connection with the gateway hasn't established!")
exit(1)
elif add_gw.success:
print("The gateway was added successfully.")
gw_uid = add_gw.data['uid']
gw_name = add_gw.data['name']
else:
print("Failed to add the gateway - {}".format(add_gw.error_message))
exit(1)
change_policy = client.api_call("set-access-layer", {"name" : "Network", "applications-and-url-filtering": "true", "content-awareness": "true"})
if change_policy.success:
print("The policy has been changed successfully")
else:
print("Failed to change the policy- {}".format(change_policy.error_message))
change_rule = client.api_call("set-access-rule", {"name" : "Cleanup rule", "layer" : "Network", "action": "Accept", "track": {"type": "Detailed Log", "accounting": "true"}})
if change_rule.success:
print("The cleanup rule has been changed successfully")
else:
print("Failed to change the cleanup rule- {}".format(change_rule.error_message))
# publish the result
publish_res = client.api_call("publish", {})
if publish_res.success:
print("The changes were published successfully.")
else:
print("Failed to publish the changes - {}".format(install_tp_policy.error_message))
install_access_policy = client.api_call("install-policy", {"policy-package" : "Standard", "access" : 'true', "threat-prevention" : 'false', "targets" : gw_uid})
if install_access_policy.success:
print("The access policy has been installed")
else:
print("Failed to install access policy - {}".format(install_tp_policy.error_message))
install_tp_policy = client.api_call("install-policy", {"policy-package" : "Standard", "access" : 'false', "threat-prevention" : 'true', "targets" : gw_uid})
if install_tp_policy.success:
print("The threat prevention policy has been installed")
else:
print("Failed to install threat prevention policy - {}".format(install_tp_policy.error_message))
# add passwords and passphrases to dictionary
with open('additional_pass.conf') as f:
line_num = 0
for line in f:
line_num += 1
add_password_dictionary = client.api_call("run-script", {"script-name" : "Add passwords and passphrases", "script" : "printf "{}" >> $FWDIR/conf/additional_pass.conf".format(line), "targets" : gw_name})
if add_password_dictionary.success:
print("The password dictionary line {} was added successfully".format(line_num))
else:
print("Failed to add the dictionary - {}".format(add_password_dictionary.error_message))
main() Conto file sareng kamus sandi additional_pass.conf
{
"passwords" : ["malware","malicious","infected","Infected"],
"phrases" : ["password","Password","Pass","pass","codigo","key","pwd","пароль","Пароль","Ключ","ключ","шифр","Шифр"]
}
kacindekan
Artikel ieu examines ukur kemungkinan dasar gawé Python SDK jeung modul cpapi(sakumaha anjeun bisa geus ditebak, ieu sabenerna sinonim), sarta ku diajar kode dina modul ieu anjeun bakal manggihan malah leuwih kamungkinan dina gawé bareng eta. Ieu mungkin nu bakal hoyong suplement eta kalawan kelas sorangan, fungsi, métode jeung variabel. Anjeun salawasna bisa babagi karya anjeun sarta nempo Aksara séjén pikeun Check Point dina bagian di masarakat , nu ngahimpun duanana pamekar produk jeung pamaké.
Senang coding sareng hatur nuhun pikeun maca dugi ka akhir!
sumber: www.habr.com