Amandla apheleleyo okusebenzisana kunye nee-APIs abonakaliswe xa esetyenziswa kunye nekhowudi yeprogram, xa kunokwenzeka ukuvelisa ngokukhawuleza izicelo ze-API kunye nezixhobo zokuhlalutya iimpendulo ze-API. Nangona kunjalo, ihleli ingabonakali Ikhithi yoPhuhliso lweSoftware yePython (emva koku kubhekiselwa kuyo njengePython SDK) ye Khangela i-API yoLawulo lweNdawo, kodwa ngelize. Yenza lula kakhulu ubomi babaphuhlisi kunye nabathandi be-automation. IPython ifumene ukuthandwa okukhulu mva nje kwaye ndigqibe kwelokuba ndigcwalise isithuba kwaye ndijonge ezona mpawu ziphambili. . Eli nqaku lisebenza njengolongezo olubalaseleyo kwelinye inqaku malunga noHabré . Siza kujonga indlela yokubhala izikripthi usebenzisa i-Python SDK kwaye sijonge ngakumbi kwi-API entsha yokusebenza kwe-API kwinguqulo ye-1.6 (exhaswayo ukusuka kwi-R80.40). Ukuze uqonde inqaku, uya kufuna ulwazi olusisiseko lokusebenza kunye ne-APIs kunye nePython.
Indawo yokujonga iphuhlisa i-API kwaye okwangoku ilandelayo ikhutshiwe:
- -sebenza kunye neseva yolawulo nge-API (kunye nokukwazi ukwenza izikripthi kumasango alawulwa ngumncedisi wolawulo)
- - sebenza ngamasango okhuseleko
- - ukusebenza ngebhokisi yesanti kwilifu lokuHlola
- - ukusebenza nge-Identity Awareness blade kumasango
- -sebenza kunye ne-SMB gateway management portal ()
- -ukunxibelelana nabalawuli be-IoT
- -sebenza kunye (Isisombululo sokhuseleko se-SD-WAN)
- -sebenza kunye
I-Python SDK okwangoku ixhasa kuphela ukusebenzisana noLawulo lwe-API kunye Gaia API. Siza kujonga ezona klasi zibalulekileyo, iindlela kunye nezinto eziguquguqukayo kule modyuli.
Ukuhlohla imodyuli
Imodyuli cpapi ifaka ngokukhawuleza kwaye kulula ukusuka ngoncedo kuba ekugqibeleni. Imiyalelo yokufakela eneenkcukacha iyafumaneka kwi . Le modyuli ilungiselelwe ukusebenza ngeenguqulelo zePython 2.7 kunye ne-3.7. Kweli nqaku, imizekelo iya kunikwa kusetyenziswa iPython 3.7. Nangona kunjalo, i-Python SDK inokuqhutywa ngokuthe ngqo kwi-Check Point Management Server (i-Smart Management), kodwa ixhasa kuphela i-Python 2.7, ngoko ke icandelo lokugqibela liya kunika ikhowudi yenguqulo ye-2.7. Ngokukhawuleza emva kokufaka imodyuli, ndincoma ukujonga imizekelo kwizikhokelo imizekelo_python2 и imizekelo_python3.
Qalisa
Ukuze sikwazi ukusebenza kunye namacandelo emodyuli ye-cpapi, kufuneka singenise kwimodyuli cpapi ubuncinane iiklasi ezimbini ezifunekayo:
APIClient и APIClientArgs
from cpapi import APIClient, APIClientArgs
I klasi APIClientArgs inoxanduva lweeparamitha zoqhagamshelwano kumncedisi we API, kunye neklasi APIClient inoxanduva lokusebenzisana ne-API.
Ukumisela iiparamitha zoqhagamshelwano
Ukuchaza iiparameters ezahlukeneyo zokuqhagamshela kwi-API, kufuneka wenze umzekelo weklasi APIClientArgs. Ngokomgaqo, iiparamitha zayo zichazwe kwangaphambili kwaye xa uqhuba iskripthi kumncedisi wokulawula, akufuneki ukuba zichazwe.
client_args = APIClientArgs()Kodwa xa usebenza kwinginginya yomntu wesithathu, kufuneka ukhankanye ubuncinci idilesi ye-IP okanye igama lomncedisi we-API (eyaziwa ngokuba ngumncedisi wolawulo). Kulo mzekelo ungezantsi, sichaza iparamitha yoxhulumaniso lweseva kwaye siyinike idilesi ye-IP yomncedisi wolawulo njengomtya.
client_args = APIClientArgs(server='192.168.47.241')Makhe sijonge zonke iiparamitha kunye namaxabiso azo angagqibekanga anokuthi asetyenziswe xa uqhagamshela kwiseva ye-API:
Iingxoxo ze-__init__ indlela ye-APIClientArgs iklasi
class APIClientArgs:
"""
This class provides arguments for APIClient configuration.
All the arguments are configured with their default values.
"""
# port is set to None by default, but it gets replaced with 443 if not specified
# context possible values - web_api (default) or gaia_api
def __init__(self, port=None, fingerprint=None, sid=None, server="127.0.0.1", http_debug_level=0,
api_calls=None, debug_file="", proxy_host=None, proxy_port=8080,
api_version=None, unsafe=False, unsafe_auto_accept=False, context="web_api"):
self.port = port
# management server fingerprint
self.fingerprint = fingerprint
# session-id.
self.sid = sid
# management server name or IP-address
self.server = server
# debug level
self.http_debug_level = http_debug_level
# an array with all the api calls (for debug purposes)
self.api_calls = api_calls if api_calls else []
# name of debug file. If left empty, debug data will not be saved to disk.
self.debug_file = debug_file
# HTTP proxy server address (without "http://")
self.proxy_host = proxy_host
# HTTP proxy port
self.proxy_port = proxy_port
# Management server's API version
self.api_version = api_version
# Indicates that the client should not check the server's certificate
self.unsafe = unsafe
# Indicates that the client should automatically accept and save the server's certificate
self.unsafe_auto_accept = unsafe_auto_accept
# The context of using the client - defaults to web_api
self.context = contextNdiyakholelwa ukuba iingxoxo ezinokuthi zisetyenziswe kwiimeko zeklasi ye-APIClientArgs zinomdla kubalawuli be-Check Point kwaye azifuni izimvo ezongezelelweyo.
Ukuqhagamshela nge-APIClient kunye nomphathi womxholo
I klasi APIClient Eyona ndlela ifanelekileyo yokuyisebenzisa kungomphathi womxholo. Konke okufuneka kudluliselwe kumzekelo weklasi ye-APIClient yimida yokudibanisa echazwe kwisinyathelo sangaphambili.
with APIClient(client_args) as client:
Umphathi womxholo akayi kwenza umnxeba wokungena ngokuzenzekelayo kwiseva ye-API, kodwa iyakwenza umnxeba wokuphuma xa uyikhupha. Ukuba ngesizathu esithile ukuphuma akufunwa emva kokugqiba ukusebenza ngeefowuni ze-API, kufuneka uqale ukusebenza ngaphandle kokusebenzisa umphathi womxholo:
client = APIClient(clieng_args)Uvavanyo loqhagamshelo
Eyona ndlela ilula yokujonga ukuba udibaniso ludibana neeparamitha ezikhankanyiweyo kusetyenziswa indlela khangela_ushicilelo lweminwe. Ukuba uqinisekiso lwe-sha1 hash sum kushicilelo lweminwe lwesatifikethi se-API yomncedisi siyasilela (indlela ibuyisiwe False), ke oku kuqhele ukubangelwa ziingxaki zonxibelelwano kwaye sinokuyeka ukuphunyezwa kwenkqubo (okanye ukunika umsebenzisi ithuba lokulungisa idatha yoqhagamshelwano):
if client.check_fingerprint() is False:
print("Could not get the server's fingerprint - Check connectivity with the server.")
exit(1)
Nceda uqaphele ukuba kwixesha elizayo iklasi APIClient izakujonga yonke iminxeba yeAPI (iindlela api_call и api_query, siza kuthetha ngabo phambili kancinci) isiqinisekiso somnwe we-sha1 kumncedisi we-API. Kodwa ukuba, xa ujonga umnwe we-sha1 yesatifikethi somncedisi we-API, impazamo ifunyenwe (isatifikethi asaziwa okanye sitshintshiwe), indlela khangela_ushicilelo lweminwe iya kunika ithuba lokongeza/ukutshintsha ulwazi malunga nalo kumatshini wendawo ngokuzenzekelayo. Olu qwalaselo lunokuvalwa ngokupheleleyo (kodwa oku kunokucetyiswa kuphela ukuba izikripthi ziqhutywa kwiseva ye-API ngokwayo, xa iqhagamshela kwi-127.0.0.1), usebenzisa i-APIClientArgs ingxabano - ukwamkela_okuzenzekelayo_okungakhuselekanga (jonga ngakumbi malunga ne-APIClientArgs ngaphambili "Ukuchaza iiparamitha zoqhagamshelwano").
client_args = APIClientArgs(unsafe_auto_accept=True)Ngena kwiseva ye-API
У APIClient zininzi kangangoko iindlela ezi-3 zokungena kwiseva ye-API, kwaye nganye kuzo iyayiqonda intsingiselo sid(iseshini-id), esetyenziswa ngokuzenzekelayo kwifowuni nganye elandelayo ye-API kwiheda (igama elikwisihloko esisentloko yale parameter li X-chkp-sid), ngoko akukho mfuneko yokuqhubela phambili le parameter.
indlela yokungena
Ukhetho usebenzisa igama lokungena kunye negama lokugqitha (kumzekelo, igama lomsebenzisi umlawuli kunye negama lokugqitha 1q2w3e zipasiswe njengeengxoxo zendawo):
login = client.login('admin', '1q2w3e') Iparameters ezongezelelweyo ezikhethiweyo zikwakhona kwindlela yokungena; nanga amagama abo kunye namaxabiso angagqibekanga:
continue_last_session=False, domain=None, read_only=False, payload=NoneNgena_nge_api_indlela yesitshixo
Ukhetho usebenzisa isitshixo se-api (exhaswayo ukuqala kwinguqulelo yolawulo R80.40/Ulawulo API v1.6, "3TsbPJ8ZKjaJGvFyoFqHFA==" eli lixabiso elingundoqo le-API lomnye wabasebenzisi kumncedisi wolawulo onendlela yogunyaziso yesitshixo se-API):
login = client.login_with_api_key('3TsbPJ8ZKjaJGvFyoFqHFA==') Ngendlela ngena_nge_api_isitshixo iparameters ezifanayo ezikhethiweyo ziyafumaneka njengoko kwindlela Ngema.
login_njengengcambu indlela
Inketho yokungena kumatshini wasekuhlaleni ngeseva ye-API:
login = client.login_as_root()Zimbini kuphela iiparamitha ozikhethelayo ezikhoyo kule ndlela:
domain=None, payload=NoneKwaye ekugqibeleni i-API izibiza ngokwabo
Sineendlela ezimbini zokukhetha ukwenza iifowuni ze-API ngeendlela api_call и api_query. Masifumanise ukuba yintoni umahluko phakathi kwabo.
api_call
Le ndlela iyasebenza kuzo zonke iifowuni. Kufuneka siphumelele inxalenye yokugqibela ye-api ifowuni kunye nomthwalo wokuhlawula kumzimba wesicelo ukuba kuyimfuneko. Ukuba umvuzo awunanto, awunako ukuhanjiswa konke konke:
api_versions = client.api_call('show-api-versions') Isiphumo sesi sicelo ngezantsi kwesisikiwe:
In [23]: api_versions
Out[23]:
APIResponse({
"data": {
"current-version": "1.6",
"supported-versions": [
"1",
"1.1",
"1.2",
"1.3",
"1.4",
"1.5",
"1.6"
]
},
"res_obj": {
"data": {
"current-version": "1.6",
"supported-versions": [
"1",
"1.1",
"1.2",
"1.3",
"1.4",
"1.5",
"1.6"
]
},
"status_code": 200
},
"status_code": 200,
"success": true
})
show_host = client.api_call('show-host', {'name' : 'h_8.8.8.8'})Isiphumo sesi sicelo ngezantsi kwesisikiwe:
In [25]: show_host
Out[25]:
APIResponse({
"data": {
"color": "black",
"comments": "",
"domain": {
"domain-type": "domain",
"name": "SMC User",
"uid": "41e821a0-3720-11e3-aa6e-0800200c9fde"
},
"groups": [],
"icon": "Objects/host",
"interfaces": [],
"ipv4-address": "8.8.8.8",
"meta-info": {
"creation-time": {
"iso-8601": "2020-05-01T21:49+0300",
"posix": 1588358973517
},
"creator": "admin",
"last-modifier": "admin",
"last-modify-time": {
"iso-8601": "2020-05-01T21:49+0300",
"posix": 1588358973517
},
"lock": "unlocked",
"validation-state": "ok"
},
"name": "h_8.8.8.8",
"nat-settings": {
"auto-rule": false
},
"read-only": false,
"tags": [],
"type": "host",
"uid": "c210af07-1939-49d3-a351-953a9c471d9e"
},
"res_obj": {
"data": {
"color": "black",
"comments": "",
"domain": {
"domain-type": "domain",
"name": "SMC User",
"uid": "41e821a0-3720-11e3-aa6e-0800200c9fde"
},
"groups": [],
"icon": "Objects/host",
"interfaces": [],
"ipv4-address": "8.8.8.8",
"meta-info": {
"creation-time": {
"iso-8601": "2020-05-01T21:49+0300",
"posix": 1588358973517
},
"creator": "admin",
"last-modifier": "admin",
"last-modify-time": {
"iso-8601": "2020-05-01T21:49+0300",
"posix": 1588358973517
},
"lock": "unlocked",
"validation-state": "ok"
},
"name": "h_8.8.8.8",
"nat-settings": {
"auto-rule": false
},
"read-only": false,
"tags": [],
"type": "host",
"uid": "c210af07-1939-49d3-a351-953a9c471d9e"
},
"status_code": 200
},
"status_code": 200,
"success": true
})
api_query
Makhe ndenze ugcino ngoko nangoko ukuba le ndlela isetyenziswa kuphela kwiifowuni ezinemveliso ebandakanya i-offset. Olo luvo lwenzeka xa luqulathe okanye lunokuqulatha isixa esikhulu solwazi. Umzekelo, oku kunokuba sisicelo soluhlu lwazo zonke izinto ezenziweyo zenginginya kumncedisi wolawulo. Kwizicelo ezinjalo, i-API ibuyisela uluhlu lwezinto ezingama-50 ngokungagqibekanga (unokwandisa umda kwizinto ezingama-500 kwimpendulo). Kwaye ukuze ungatsali ulwazi ngamaxesha amaninzi, utshintshe i-parameter ye-offset kwisicelo se-API, kukho indlela ye-api_query eyenza lo msebenzi ngokuzenzekelayo. Imizekelo yeefowuni apho le ndlela ifuneka khona: iiseshini zokubonisa, iinginginya zemiboniso, iinethiwekhi zomboniso, amakhadi emiboniso, amaqela omboniso, uluhlu lweedilesi, bonisa-amasango alula, bonisa-amaqela-elula, iindima zofikelelo-mboniso, abathengi-abathenjiweyo, iipakethi zokubonisa. Enyanisweni, sibona amagama amaninzi egameni lezi fowuni ze-API, ngoko ke ezi fowuni ziya kuba lula ukuzibamba api_query
show_hosts = client.api_query('show-hosts') Isiphumo sesi sicelo ngezantsi kwesisikiwe:
In [21]: show_hosts
Out[21]:
APIResponse({
"data": [
{
"domain": {
"domain-type": "domain",
"name": "SMC User",
"uid": "41e821a0-3720-11e3-aa6e-0800200c9fde"
},
"ipv4-address": "192.168.47.1",
"name": "h_192.168.47.1",
"type": "host",
"uid": "5d7d7086-d70b-4995-971a-0583b15a2bfc"
},
{
"domain": {
"domain-type": "domain",
"name": "SMC User",
"uid": "41e821a0-3720-11e3-aa6e-0800200c9fde"
},
"ipv4-address": "8.8.8.8",
"name": "h_8.8.8.8",
"type": "host",
"uid": "c210af07-1939-49d3-a351-953a9c471d9e"
}
],
"res_obj": {
"data": {
"from": 1,
"objects": [
{
"domain": {
"domain-type": "domain",
"name": "SMC User",
"uid": "41e821a0-3720-11e3-aa6e-0800200c9fde"
},
"ipv4-address": "192.168.47.1",
"name": "h_192.168.47.1",
"type": "host",
"uid": "5d7d7086-d70b-4995-971a-0583b15a2bfc"
},
{
"domain": {
"domain-type": "domain",
"name": "SMC User",
"uid": "41e821a0-3720-11e3-aa6e-0800200c9fde"
},
"ipv4-address": "8.8.8.8",
"name": "h_8.8.8.8",
"type": "host",
"uid": "c210af07-1939-49d3-a351-953a9c471d9e"
}
],
"to": 2,
"total": 2
},
"status_code": 200
},
"status_code": 200,
"success": true
})
Ukucubungula iziphumo zeefowuni ze-API
Emva koko ungasebenzisa iinguqu kunye neendlela zeklasi APIResponse(zombini ngaphakathi kumphathi womxholo nangaphandle). Eklasini APIResponse Iindlela ezi-4 kunye neenguqu ezi-5 zichazwe kwangaphambili siya kuhlala kwezona zibalulekileyo kwiinkcukacha.
impumelelo
Ukuqala, iya kuba licebo elilungileyo ukuqiniseka ukuba umnxeba we-API uphumelele kwaye ubuyisele isiphumo. Kukho indlela yoku impumelelo:
In [49]: api_versions.success
Out[49]: True
Ibuyisela Inyaniso ukuba umnxeba we-API uphumelele (ikhowudi yempendulo - 200) kunye Nobuxoki ukuba ayiphumelelanga (nayiphi na enye ikhowudi yokuphendula). Kukulungele ukusebenzisa ngokukhawuleza emva komnxeba we-API ukubonisa ulwazi olwahlukileyo ngokuxhomekeke kwikhowudi yokuphendula.
if api_ver.success:
print(api_versions.data)
else:
print(api_versions.err_message) ikhowudi yesimo
Ibuyisela ikhowudi yokuphendula emva kokuba ifowuni ye-API yenziwe.
In [62]: api_versions.status_code
Out[62]: 400
Iikhowudi zokuphendula ezinokwenzeka: 200,400,401,403,404,409,500,501.
misela_imeko_yempumelelo
Kule meko, kunokuba kuyimfuneko ukutshintsha ixabiso lesimo sokuphumelela. Ngokobuchwephesha, unokubeka nantoni na apho, nokuba ngumtya oqhelekileyo. Kodwa umzekelo wokwenyani inokuba kukusetha kwakhona le parameter ku-False phantsi kweemeko ezithile ezikhaphayo. Ngezantsi, nikela ingqalelo kumzekelo xa kukho imisebenzi esebenzayo kumncedisi wolawulo, kodwa siya kusithathela ingqalelo esi sicelo singaphumelelanga (siya kuseka impumelelo eguquguqukayo ukuya False, nangona umnxeba we-API uphumelele kwaye wabuyisela ikhowudi ye-200).
for task in task_result.data["tasks"]:
if task["status"] == "failed" or task["status"] == "partially succeeded":
task_result.set_success_status(False)
breakimpendulo ()
Indlela yokuphendula ikuvumela ukuba ujonge isichazi-magama kunye nekhowudi yokuphendula (status_code) kunye nomzimba wokuphendula (umzimba).
In [94]: api_versions.response()
Out[94]:
{'status_code': 200,
'data': {'current-version': '1.6',
'supported-versions': ['1', '1.1', '1.2', '1.3', '1.4', '1.5', '1.6']}}
idata
Ikuvumela ukuba ubone kuphela umzimba wempendulo (umzimba) ngaphandle kolwazi olungeyomfuneko.
In [93]: api_versions.data
Out[93]:
{'current-version': '1.6',
'supported-versions': ['1', '1.1', '1.2', '1.3', '1.4', '1.5', '1.6']}
imposiso_umyalezo
Olu lwazi lufumaneka kuphela xa kwenzeke impazamo ngelixa kusetyenzwa isicelo se-API (ikhowudi yokuphendula hayi 200). Imveliso yomzekelo
In [107]: api_versions.error_message
Out[107]: 'code: generic_err_invalid_parameter_namenmessage: Unrecognized parameter [1]n'
Imizekelo eluncedo
Oku kulandelayo yimizekelo esebenzisa iifowuni ze-API ezongeziweyo kuLawulo lwe-API 1.6.
Okokuqala, makhe sijonge indlela iifowuni ezisebenza ngayo yongeza-umamkeli и yongeza-idilesi-uluhlu. Masithi kufuneka senze zonke iidilesi ze-IP ze-subnet 192.168.0.0/24, i-octet yokugqibela eyi-5, njengezinto zohlobo lwenginginya, kwaye ubhale zonke ezinye iidilesi ze-IP njengezinto zoluhlu lwedilesi. Kule meko, ungayibandakanyi idilesi ye-subnet kunye nedilesi yosasazo.
Ngoko, ngezantsi iskripthi esisombulula le ngxaki kwaye senze izinto ezingama-50 zohlobo lomkhosi kunye nezinto ezingama-51 zohlobo lwedilesi. Ukusombulula ingxaki, iifowuni ze-API eziyi-101 ziyafuneka (kungabalwa umnxeba wokugqibela wokupapasha). Kwakhona, usebenzisa imodyuli yexesha, sibala ixesha elithathayo ukuphumeza iscript de utshintsho lupapashwe.
Ushicilelo usebenzisa i-add-host kunye ne-address-address-range
import timeit
from cpapi import APIClient, APIClientArgs
start = timeit.default_timer()
first_ip = 1
last_ip = 4
client_args = APIClientArgs(server="192.168.47.240")
with APIClient(client_args) as client:
login = client.login_with_api_key('3TsbPJ8ZKjaJGvFyoFqHFA==')
for ip in range(5,255,5):
add_host = client.api_call("add-host", {"name" : f"h_192.168.0.{ip}", "ip-address": f'192.168.0.{ip}'})
while last_ip < 255:
add_range = client.api_call("add-address-range", {"name": f"r_192.168.0.{first_ip}-{last_ip}", "ip-address-first": f"192.168.0.{first_ip}", "ip-address-last": f"192.168.0.{last_ip}"})
first_ip+=5
last_ip+=5
stop = timeit.default_timer()
publish = client.api_call("publish")
print(f'Time to execute batch request: {stop - start} seconds')
Kwimeko yendawo yelebhu, esi script sithatha phakathi kwe-30 kunye ne-50 imizuzwana ukuphumeza, kuxhomekeke kumthwalo kumncedisi wolawulo.
Ngoku makhe sibone indlela yokusombulula ingxaki efanayo usebenzisa umnxeba we-API yongeza-izinto-ibhetshi, inkxaso leyo yongezwa kwi-API version 1.6. Le mnxeba ikuvumela ukuba wenze izinto ezininzi ngexesha elinye kwisicelo se-API. Ngaphezu koko, ezi zinokuba zizinto zeentlobo ezahlukeneyo (umzekelo, iinginginya, ii-subnets kunye noluhlu lweedilesi). Ke, umsebenzi wethu unokusonjululwa ngaphakathi kwesakhelo sefowuni enye ye-API.
Ushicilelo usebenzisa i-add-objects-batch
import timeit
from cpapi import APIClient, APIClientArgs
start = timeit.default_timer()
client_args = APIClientArgs(server="192.168.47.240")
objects_list_ip = []
objects_list_range = []
for ip in range(5,255,5):
data = {"name": f'h_192.168.0.{ip}', "ip-address": f'192.168.0.{ip}'}
objects_list_ip.append(data)
first_ip = 1
last_ip = 4
while last_ip < 255:
data = {"name": f"r_192.168.0.{first_ip}-{last_ip}", "ip-address-first": f"192.168.0.{first_ip}", "ip-address-last": f"192.168.0.{last_ip}"}
objects_list_range.append(data)
first_ip+=5
last_ip+=5
data_for_batch = {
"objects" : [ {
"type" : "host",
"list" : objects_list_ip
}, {
"type" : "address-range",
"list" : objects_list_range
}]
}
with APIClient(client_args) as client:
login = client.login_with_api_key('3TsbPJ8ZKjaJGvFyoFqHFA==')
add_objects_batch = client.api_call("add-objects-batch", data_for_batch)
stop = timeit.default_timer()
publish = client.api_call("publish")
print(f'Time to execute batch request: {stop - start} seconds')
Kwaye ukuqhuba esi script kwindawo yam yelebhu kuthatha ukusuka kwi-3 ukuya kwimizuzwana eyi-7, kuxhomekeke kumthwalo kumncedisi wolawulo. Oko kukuthi, kwi-avareji, kwizinto ze-API ze-101, umnxeba wohlobo lwe-batch uqhuba amaxesha angama-10 ngokukhawuleza. Kwinani elikhulu lezinto umahluko uya kuba unomtsalane ngakumbi.
Ngoku makhe sibone indlela yokusebenza nayo misela-izinto-ibhetshi. Ukusebenzisa le fowuni ye-API, sinokutshintsha isambuku nayiphi na ipharamitha. Masibeke isiqingatha sokuqala seedilesi ukusuka kumzekelo wangaphambili (ukuya kuthi ga kwi-.124 inginginya, kunye noluhlu kwakhona) kumbala we-sienna, kwaye sinike umbala wekhaki kwisiqingatha sesibini seedilesi.
Ukutshintsha umbala wezinto ezenziwe kumzekelo wangaphambili
from cpapi import APIClient, APIClientArgs
client_args = APIClientArgs(server="192.168.47.240")
objects_list_ip_first = []
objects_list_range_first = []
objects_list_ip_second = []
objects_list_range_second = []
for ip in range(5,125,5):
data = {"name": f'h_192.168.0.{ip}', "color": "sienna"}
objects_list_ip_first.append(data)
for ip in range(125,255,5):
data = {"name": f'h_192.168.0.{ip}', "color": "khaki"}
objects_list_ip_second.append(data)
first_ip = 1
last_ip = 4
while last_ip < 125:
data = {"name": f"r_192.168.0.{first_ip}-{last_ip}", "color": "sienna"}
objects_list_range_first.append(data)
first_ip+=5
last_ip+=5
while last_ip < 255:
data = {"name": f"r_192.168.0.{first_ip}-{last_ip}", "color": "khaki"}
objects_list_range_second.append(data)
first_ip+=5
last_ip+=5
data_for_batch_first = {
"objects" : [ {
"type" : "host",
"list" : objects_list_ip_first
}, {
"type" : "address-range",
"list" : objects_list_range_first
}]
}
data_for_batch_second = {
"objects" : [ {
"type" : "host",
"list" : objects_list_ip_second
}, {
"type" : "address-range",
"list" : objects_list_range_second
}]
}
with APIClient(client_args) as client:
login = client.login_with_api_key('3TsbPJ8ZKjaJGvFyoFqHFA==')
set_objects_batch_first = client.api_call("set-objects-batch", data_for_batch_first)
set_objects_batch_second = client.api_call("set-objects-batch", data_for_batch_second)
publish = client.api_call("publish")
Unokucima izinto ezininzi kwifowuni enye ye-API usebenzisa cima-izinto-ibhetshi. Ngoku makhe sijonge umzekelo wekhowudi ecima zonke iinginginya ezenziwe ngaphambili nge yongeza-izinto-ibhetshi.
Ukucima izinto usebenzisa i-delete-objects-batch
from cpapi import APIClient, APIClientArgs
client_args = APIClientArgs(server="192.168.47.240")
objects_list_ip = []
objects_list_range = []
for ip in range(5,255,5):
data = {"name": f'h_192.168.0.{ip}'}
objects_list_ip.append(data)
first_ip = 1
last_ip = 4
while last_ip < 255:
data = {"name": f"r_192.168.0.{first_ip}-{last_ip}"}
objects_list_range.append(data)
first_ip+=5
last_ip+=5
data_for_batch = {
"objects" : [ {
"type" : "host",
"list" : objects_list_ip
}, {
"type" : "address-range",
"list" : objects_list_range
}]
}
with APIClient(client_args) as client:
login = client.login_with_api_key('3TsbPJ8ZKjaJGvFyoFqHFA==')
delete_objects_batch = client.api_call("delete-objects-batch", data_for_batch)
publish = client.api_call("publish")
print(delete_objects_batch.data)
Yonke imisebenzi evela kukhupho olutsha lwesoftware yeCheck Point kwangoko ifumana iifowuni ze-API. Ngaloo ndlela, kwi-R80.40 "iimpawu" ezifana nokuBuyela kuhlaziyo kunye ne-Smart Task ibonakala, kwaye iifowuni ze-API ezihambelanayo zalungiselelwa ngokukhawuleza. Ngaphezu koko, konke ukusebenza xa usuka kwii-consoles zeLifa ukuya kwimowudi yoMgaqo-nkqubo oManyeneyo ikwafumana inkxaso ye-API. Ngokomzekelo, uhlaziyo olulindelwe ixesha elide kwi-software version ye-R80.40 yayikukususwa komgaqo-nkqubo woHlolo we-HTTPS ukusuka kwimodi yeLifa ukuya kwimo yoMgaqo-nkqubo oManyeneyo, kwaye lo msebenzi wafumana ngokukhawuleza iifowuni ze-API. Nanku umzekelo wekhowudi eyongeza umgaqo kwindawo ephezulu yomgaqo-nkqubo woHlolo we-HTTPS ongabandakanyi iindidi ze-3 ekuhlolweni (iMpilo, iMali, iiNkonzo zikaRhulumente), ezinqatshelwe ukuhlolwa ngokuhambelana nomthetho kumazwe amaninzi.
Yongeza umthetho kumgaqo-nkqubo woHlolo we-HTTPS
from cpapi import APIClient, APIClientArgs
client_args = APIClientArgs(server="192.168.47.240")
data = {
"layer" : "Default Layer",
"position" : "top",
"name" : "Legal Requirements",
"action": "bypass",
"site-category": ["Health", "Government / Military", "Financial Services"]
}
with APIClient(client_args) as client:
login = client.login_with_api_key('3TsbPJ8ZKjaJGvFyoFqHFA==')
add_https_rule = client.api_call("add-https-rule", data)
publish = client.api_call("publish")
Ukuqhuba izikripthi zePython kwi-Check Point yolawulo lweseva
Yonke into iyafana iqulethe ulwazi malunga nendlela yokuqhuba izikripthi zePython ngokuthe ngqo kumncedisi wolawulo. Oku kunokuba lula xa ungakwazi ukuqhagamshela kwiseva ye-API ukusuka komnye umatshini. Ndirekhode ividiyo yemizuzu emithandathu apho ndijonge ukufaka imodyuli cpapi kunye neempawu zokusebenzisa izikripthi zePython kumncedisi wolawulo. Njengomzekelo, iscript siyaqhutywa esenza uqwalaselo olutsha lwesango lomsebenzi onjengophicotho lwenethiwekhi. Uqwalaselo loKhuseleko. Phakathi kwezinto ebendijongene nazo: umsebenzi awukaveli kwiPython 2.7 negalelo, ukuze kuqhutywe ulwazi olufakwa ngumsebenzisi, umsebenzi uyasetyenziswa ingeniso_ekrwada. Ngaphandle koko, ikhowudi iyafana nokuqaliswa kwezinye iimatshini, kuphela kulula ngakumbi ukusebenzisa umsebenzi ngena_njengengcambu, ukuze ungakhankanyi igama lakho lomsebenzisi, igama lokugqitha kunye nedilesi ye IP yomncedisi wolawulo kwakhona.
Ushicilelo lokuseta olukhawulezileyo loHlolo loKhuseleko
from __future__ import print_function
import getpass
import sys, os
sys.path.append(os.path.abspath(os.path.join(os.path.dirname(__file__), '..')))
from cpapi import APIClient, APIClientArgs
def main():
with APIClient() as client:
# if client.check_fingerprint() is False:
# print("Could not get the server's fingerprint - Check connectivity with the server.")
# exit(1)
login_res = client.login_as_root()
if login_res.success is False:
print("Login failed:n{}".format(login_res.error_message))
exit(1)
gw_name = raw_input("Enter the gateway name:")
gw_ip = raw_input("Enter the gateway IP address:")
if sys.stdin.isatty():
sic = getpass.getpass("Enter one-time password for the gateway(SIC): ")
else:
print("Attention! Your password will be shown on the screen!")
sic = raw_input("Enter one-time password for the gateway(SIC): ")
version = raw_input("Enter the gateway version(like RXX.YY):")
add_gw = client.api_call("add-simple-gateway", {'name' : gw_name, 'ipv4-address' : gw_ip, 'one-time-password' : sic, 'version': version.capitalize(), 'application-control' : 'true', 'url-filtering' : 'true', 'ips' : 'true', 'anti-bot' : 'true', 'anti-virus' : 'true', 'threat-emulation' : 'true'})
if add_gw.success and add_gw.data['sic-state'] != "communicating":
print("Secure connection with the gateway hasn't established!")
exit(1)
elif add_gw.success:
print("The gateway was added successfully.")
gw_uid = add_gw.data['uid']
gw_name = add_gw.data['name']
else:
print("Failed to add the gateway - {}".format(add_gw.error_message))
exit(1)
change_policy = client.api_call("set-access-layer", {"name" : "Network", "applications-and-url-filtering": "true", "content-awareness": "true"})
if change_policy.success:
print("The policy has been changed successfully")
else:
print("Failed to change the policy- {}".format(change_policy.error_message))
change_rule = client.api_call("set-access-rule", {"name" : "Cleanup rule", "layer" : "Network", "action": "Accept", "track": {"type": "Detailed Log", "accounting": "true"}})
if change_rule.success:
print("The cleanup rule has been changed successfully")
else:
print("Failed to change the cleanup rule- {}".format(change_rule.error_message))
# publish the result
publish_res = client.api_call("publish", {})
if publish_res.success:
print("The changes were published successfully.")
else:
print("Failed to publish the changes - {}".format(install_tp_policy.error_message))
install_access_policy = client.api_call("install-policy", {"policy-package" : "Standard", "access" : 'true', "threat-prevention" : 'false', "targets" : gw_uid})
if install_access_policy.success:
print("The access policy has been installed")
else:
print("Failed to install access policy - {}".format(install_tp_policy.error_message))
install_tp_policy = client.api_call("install-policy", {"policy-package" : "Standard", "access" : 'false', "threat-prevention" : 'true', "targets" : gw_uid})
if install_tp_policy.success:
print("The threat prevention policy has been installed")
else:
print("Failed to install threat prevention policy - {}".format(install_tp_policy.error_message))
# add passwords and passphrases to dictionary
with open('additional_pass.conf') as f:
line_num = 0
for line in f:
line_num += 1
add_password_dictionary = client.api_call("run-script", {"script-name" : "Add passwords and passphrases", "script" : "printf "{}" >> $FWDIR/conf/additional_pass.conf".format(line), "targets" : gw_name})
if add_password_dictionary.success:
print("The password dictionary line {} was added successfully".format(line_num))
else:
print("Failed to add the dictionary - {}".format(add_password_dictionary.error_message))
main() Umzekelo wefayile enegama lokugqitha isichazi-magama extra_pass.conf
{
"passwords" : ["malware","malicious","infected","Infected"],
"phrases" : ["password","Password","Pass","pass","codigo","key","pwd","пароль","Пароль","Ключ","ключ","шифр","Шифр"]
}
isiphelo
Eli nqaku livavanya kuphela amathuba asisiseko omsebenzi IPython SDK kunye nemodyuli cpapi(njengoko ubunokuqikelela, ezi zizithethantonye), kwaye ngokufunda ikhowudi kule modyuli uyakufumana amathuba angakumbi okusebenza ngayo. Kungenzeka ukuba uya kufuna ukongeza kwiiklasi zakho, imisebenzi, iindlela kunye nezinto eziguquguqukayo. Ungasoloko ubelana ngomsebenzi wakho kwaye ujonge ezinye izikripthi zokuKhangela kwindawo kwicandelo ekuhlaleni , ezisa ndawonye bobabini abaphuhlisi bemveliso kunye nabasebenzisi.
Ikhowudi yolonwabo kwaye ndiyabulela ngokufunda kude kube sekupheleni!
umthombo: www.habr.com
