Amandla aphelele okusebenzelana nama-API ayambulwa lapho esetshenziswa kanye nekhodi yohlelo, lapho kuba nokwenzeka ukukhiqiza ngokuguquguqukayo izicelo ze-API namathuluzi okuhlaziya izimpendulo ze-API. Nokho, kusalokhu kungabonakali Ikhithi Yokuthuthukisa Isoftware yePython (ngemuva kwalokhu okubizwa nge-Python SDK) ye I-Check Point Management API, kodwa ngeze. Kwenza kube lula kakhulu impilo yonjiniyela kanye nabathandi be-automation. I-Python ithole ukuthandwa okukhulu muva nje futhi nginqume ukugcwalisa igebe futhi ngibuyekeze izici eziyinhloko. . Lesi sihloko sisebenza njengesengezo esihle kakhulu kwenye indatshana ekhuluma ngoHabré . Sizobheka ukuthi zibhalwa kanjani izikripthi zisebenzisa i-Python SDK futhi sibhekisise ukusebenza okusha kwe-Management API kunguqulo 1.6 (isekelwa kusukela ku-R80.40). Ukuze uqonde isihloko, uzodinga ulwazi oluyisisekelo lokusebenza nama-API nePython.
I-Check Point ithuthukisa i-API futhi okwamanje okulandelayo kukhululiwe:
- - sebenza neseva yokulawula nge-API (kanye nekhono lokukhipha imibhalo emasangweni alawulwa yiseva yokulawula)
- - sebenza ngamasango ezokuphepha
- - ukusebenza ngebhokisi lesihlabathi efwini le-Check Point
- - ukusebenza nge-Identity Awareness blade emasangweni
- - sebenza ne-SMB gateway management portal ()
- - Ukuxhumana nabalawuli be-IoT
- - sebenza ne (Isixazululo sezokuphepha se-SD-WAN)
- - sebenza ne
I-Python SDK okwamanje isekela kuphela ukusebenzisana ne-Management API kanye I-Gaia API. Sizobheka amakilasi abaluleke kakhulu, izindlela kanye nokuguquguqukayo kule mojuli.
Ifaka imojuli
Imodyuli cpa ifaka ngokushesha futhi kalula kusuka ngosizo lwe PIP. Imiyalelo yokufaka enemininingwane iyatholakala ku . Le mojula iguqulelwe ukusebenza nezinguqulo zePython 2.7 kanye ne-3.7. Kulesi sihloko, izibonelo zizonikezwa kusetshenziswa iPython 3.7. Kodwa-ke, i-Python SDK ingaqhutshwa ngokuqondile ku-Check Point Management Server (Smart Management), kodwa isekela kuphela i-Python 2.7, ngakho isigaba sokugcina sizohlinzeka ngekhodi yenguqulo 2.7. Ngokushesha ngemva kokufaka imojula, ngincoma ukuthi ngibheke izibonelo kuzinkomba izibonelo_python2 и izibonelo_python3.
Ukuqalisa
Ukuze sikwazi ukusebenza nezingxenye zemojula ye-cpapi, sidinga ukungenisa kusuka kumojula cpa okungenani amakilasi amabili adingekayo:
I-APIClient и APIClientArgs
from cpapi import APIClient, APIClientArgs
Класс APIClientArgs unesibopho samapharamitha wokuxhuma kuseva ye-API, kanye nekilasi I-APIClient unesibopho sokusebenzelana ne-API.
Inquma amapharamitha wokuxhuma
Ukuze uchaze amapharamitha ahlukahlukene wokuxhuma ku-API, udinga ukudala isibonelo sekilasi APIClientArgs. Empeleni, imingcele yayo ichazwe ngaphambilini futhi lapho isebenzisa iskripthi kuseva yokulawula, ayidingi ukucaciswa.
client_args = APIClientArgs()Kodwa uma usebenza kumsingathi wenkampani yangaphandle, udinga ukucacisa okungenani ikheli le-IP noma igama lomsingathi leseva ye-API (eyaziwa nangokuthi iseva yokuphatha). Esibonelweni esingezansi, sichaza ipharamitha yokuxhuma iseva futhi siyinikeze ikheli le-IP leseva yokuphatha njengeyunithi yezinhlamvu.
client_args = APIClientArgs(server='192.168.47.241')Ake sibheke wonke amapharamitha namanani awo azenzakalelayo angasetshenziswa lapho uxhumeka kuseva ye-API:
Izimpikiswano zendlela __init__ yekilasi le-APIClientArgs
class APIClientArgs:
"""
This class provides arguments for APIClient configuration.
All the arguments are configured with their default values.
"""
# port is set to None by default, but it gets replaced with 443 if not specified
# context possible values - web_api (default) or gaia_api
def __init__(self, port=None, fingerprint=None, sid=None, server="127.0.0.1", http_debug_level=0,
api_calls=None, debug_file="", proxy_host=None, proxy_port=8080,
api_version=None, unsafe=False, unsafe_auto_accept=False, context="web_api"):
self.port = port
# management server fingerprint
self.fingerprint = fingerprint
# session-id.
self.sid = sid
# management server name or IP-address
self.server = server
# debug level
self.http_debug_level = http_debug_level
# an array with all the api calls (for debug purposes)
self.api_calls = api_calls if api_calls else []
# name of debug file. If left empty, debug data will not be saved to disk.
self.debug_file = debug_file
# HTTP proxy server address (without "http://")
self.proxy_host = proxy_host
# HTTP proxy port
self.proxy_port = proxy_port
# Management server's API version
self.api_version = api_version
# Indicates that the client should not check the server's certificate
self.unsafe = unsafe
# Indicates that the client should automatically accept and save the server's certificate
self.unsafe_auto_accept = unsafe_auto_accept
# The context of using the client - defaults to web_api
self.context = contextNgikholwa ukuthi ama-agumenti angasetshenziswa ezimweni zekilasi le-APIClientArgs ahlakaniphile kubaphathi be-Check Point futhi awadingi ukuphawula okwengeziwe.
Ixhuma nge-APIClient kanye nomphathi wokuqukethwe
Класс I-APIClient Indlela elula kakhulu yokuyisebenzisa ngokusebenzisa isiphathi somongo. Konke okudingeka kudluliselwe esibonelweni sekilasi le-APIClient yimingcele yokuxhuma echazwe esinyathelweni sangaphambilini.
with APIClient(client_args) as client:
Umphathi wokuqukethwe ngeke enze ikholi yokungena ngokuzenzakalelayo kuseva ye-API, kodwa uzokwenza ikholi yokuphuma lapho ephuma. Uma ngesizathu esithile ukuphuma kungadingeki ngemva kokuqeda ukusebenza ngamakholi we-API, udinga ukuqala ukusebenza ngaphandle kokusebenzisa isiphathi somongo:
client = APIClient(clieng_args)Ukuhlolwa kokuxhumana
Indlela elula yokuhlola ukuthi uxhumano luyahlangabezana yini nemingcele eshiwo ukusebenzisa indlela check_fingerprint. Uma ukuqinisekiswa kwesamba se-hashi esingu-sha1 sesigxivizo somunwe sesitifiketi se-API yesiphakeli kwehluleka (indlela ibuyisiwe Amanga), khona-ke lokhu kuvame ukubangelwa izinkinga zokuxhuma futhi singamisa ukwenziwa kohlelo (noma sinikeze umsebenzisi ithuba lokulungisa idatha yokuxhuma):
if client.check_fingerprint() is False:
print("Could not get the server's fingerprint - Check connectivity with the server.")
exit(1)
Sicela uqaphele ukuthi esikhathini esizayo ikilasi I-APIClient izohlola yonke ikholi ye-API (izindlela api_call и i-api_query, sizokhuluma ngazo ngokuqhubekayo) isitifiketi sezigxivizo zeminwe ze-sha1 kuseva ye-API. Kepha uma, lapho kuhlolwa izigxivizo zeminwe ze-sha1 zesitifiketi seseva ye-API, kutholwa iphutha (isitifiketi asaziwa noma sishintshiwe), indlela check_fingerprint izonikeza ithuba lokwengeza/ukushintsha ulwazi mayelana nalo emshinini wendawo ngokuzenzakalelayo. Lokhu kuhlola kungakhutshazwa ngokuphelele (kodwa lokhu kunganconywa kuphela uma imibhalo isetshenziswa kuseva ye-API ngokwayo, lapho ixhumeka ku-127.0.0.1), kusetshenziswa i-APIClientArgs -agumenti - ukwamukela_okuzenzakalelayo_okungaphephile (bona okwengeziwe mayelana ne-APIClientArgs ekuqaleni kokuthi “Ichaza imingcele yokuxhumana”).
client_args = APIClientArgs(unsafe_auto_accept=True)Ngena ngemvume kuseva ye-API
У I-APIClient kunezindlela ezi-3 zokungena kuseva ye-API, futhi ngayinye yazo iyaqonda incazelo sid(i-id yeseshini), esetshenziswa ngokuzenzakalelayo kukholi ngayinye elandelayo ye-API kunhlokweni (igama elisenhlokweni yale parameter lithi I-X-chkp-sid), ngakho-ke asikho isidingo sokuqhubeka nokucubungula le parameter.
indlela yokungena
Inketho usebenzisa ukungena ngemvume nephasiwedi (esibonelweni, igama lomsebenzisi umlawuli kanye nephasiwedi 1q2w3e adluliswa njengezimpikiswano zendawo):
login = client.login('admin', '1q2w3e') Amapharamitha angeziwe ongawakhetha nawo ayatholakala endleleni yokungena; nawa amagama awo namanani azenzakalelayo:
continue_last_session=False, domain=None, read_only=False, payload=NoneIndlela yokungena_ngokhiye_we-api
Inketho usebenzisa ukhiye we-api (usekelwa kusukela kunguqulo yokuphatha R80.40/Management API v1.6, "3TsbPJ8ZKjaJGvFyoFqHFA==" leli inani lokhiye we-API lomunye wabasebenzisi kuseva yokuphatha ngendlela yokugunyaza ukhiye we-API):
login = client.login_with_api_key('3TsbPJ8ZKjaJGvFyoFqHFA==') Ngendlela ngena_ngokhiye_we-api amapharamitha afanayo ozikhethela ayatholakala njengakundlela Ngena ngemvume.
login_as_root indlela
Inketho yokungena emshinini wendawo ngeseva ye-API:
login = client.login_as_root()Kunamapharamitha amabili kuphela atholakalayo ale ndlela:
domain=None, payload=NoneFuthi ekugcineni i-API izibiza yona
Sinezinketho ezimbili zokwenza amakholi we-API ngezindlela api_call и i-api_query. Ake sithole ukuthi uyini umehluko phakathi kwabo.
api_call
Le ndlela iyasebenza kunoma yiziphi izingcingo. Sidinga ukudlulisa ingxenye yokugcina yocingo lwe-api kanye nokulayishwa kweholo kubhodi yesicelo uma kunesidingo. Uma iholo lingenalutho, ngeke likwazi ukudluliselwa nhlobo:
api_versions = client.api_call('show-api-versions') Umphumela walesi sicelo ungaphansi kokusikwa:
In [23]: api_versions
Out[23]:
APIResponse({
"data": {
"current-version": "1.6",
"supported-versions": [
"1",
"1.1",
"1.2",
"1.3",
"1.4",
"1.5",
"1.6"
]
},
"res_obj": {
"data": {
"current-version": "1.6",
"supported-versions": [
"1",
"1.1",
"1.2",
"1.3",
"1.4",
"1.5",
"1.6"
]
},
"status_code": 200
},
"status_code": 200,
"success": true
})
show_host = client.api_call('show-host', {'name' : 'h_8.8.8.8'})Umphumela walesi sicelo ungaphansi kokusikwa:
In [25]: show_host
Out[25]:
APIResponse({
"data": {
"color": "black",
"comments": "",
"domain": {
"domain-type": "domain",
"name": "SMC User",
"uid": "41e821a0-3720-11e3-aa6e-0800200c9fde"
},
"groups": [],
"icon": "Objects/host",
"interfaces": [],
"ipv4-address": "8.8.8.8",
"meta-info": {
"creation-time": {
"iso-8601": "2020-05-01T21:49+0300",
"posix": 1588358973517
},
"creator": "admin",
"last-modifier": "admin",
"last-modify-time": {
"iso-8601": "2020-05-01T21:49+0300",
"posix": 1588358973517
},
"lock": "unlocked",
"validation-state": "ok"
},
"name": "h_8.8.8.8",
"nat-settings": {
"auto-rule": false
},
"read-only": false,
"tags": [],
"type": "host",
"uid": "c210af07-1939-49d3-a351-953a9c471d9e"
},
"res_obj": {
"data": {
"color": "black",
"comments": "",
"domain": {
"domain-type": "domain",
"name": "SMC User",
"uid": "41e821a0-3720-11e3-aa6e-0800200c9fde"
},
"groups": [],
"icon": "Objects/host",
"interfaces": [],
"ipv4-address": "8.8.8.8",
"meta-info": {
"creation-time": {
"iso-8601": "2020-05-01T21:49+0300",
"posix": 1588358973517
},
"creator": "admin",
"last-modifier": "admin",
"last-modify-time": {
"iso-8601": "2020-05-01T21:49+0300",
"posix": 1588358973517
},
"lock": "unlocked",
"validation-state": "ok"
},
"name": "h_8.8.8.8",
"nat-settings": {
"auto-rule": false
},
"read-only": false,
"tags": [],
"type": "host",
"uid": "c210af07-1939-49d3-a351-953a9c471d9e"
},
"status_code": 200
},
"status_code": 200,
"success": true
})
i-api_query
Ake ngenze ukubhuka ngokushesha ukuthi le ndlela isebenza kuphela kumakholi okukhipha kwawo kuhilela i-offset. Ukucabanga okunjalo kwenzeka lapho kuqukethe noma kungase kube nenani elikhulu lolwazi. Isibonelo, lokhu kungaba isicelo sohlu lwazo zonke izinto ezidaliwe zokusingathwa kuseva yokuphatha. Ezicelweni ezinjalo, i-API ibuyisela uhlu lwezinto ezingu-50 ngokuzenzakalelayo (ungangeza umkhawulo ezintweni ezingu-500 empendulweni). Futhi ukuze ungadonsi ulwazi izikhathi ezimbalwa, ushintsha ipharamitha ye-offset esicelweni se-API, kunendlela ye-api_query eyenza lo msebenzi ngokuzenzakalelayo. Izibonelo zezingcingo lapho le ndlela idingeka khona: amaseshini ombukiso, abasingathi bombukiso, amanethiwekhi ombukiso, amakhadi-mbukiso, amaqembu ombukiso, ububanzi bamakheli, umbukiso-amasango-alula, amaqoqo-amaqoqo, izindima zokubonisa-ukufinyelela, bonisa-amaklayenti-athenjwayo, imibukiso-amaphakheji. Eqinisweni, sibona amagama amaningi egameni lalawa makholi e-API, ngakho-ke lawa makholi azoba lula ukuwaphatha i-api_query
show_hosts = client.api_query('show-hosts') Umphumela walesi sicelo ungaphansi kokusikwa:
In [21]: show_hosts
Out[21]:
APIResponse({
"data": [
{
"domain": {
"domain-type": "domain",
"name": "SMC User",
"uid": "41e821a0-3720-11e3-aa6e-0800200c9fde"
},
"ipv4-address": "192.168.47.1",
"name": "h_192.168.47.1",
"type": "host",
"uid": "5d7d7086-d70b-4995-971a-0583b15a2bfc"
},
{
"domain": {
"domain-type": "domain",
"name": "SMC User",
"uid": "41e821a0-3720-11e3-aa6e-0800200c9fde"
},
"ipv4-address": "8.8.8.8",
"name": "h_8.8.8.8",
"type": "host",
"uid": "c210af07-1939-49d3-a351-953a9c471d9e"
}
],
"res_obj": {
"data": {
"from": 1,
"objects": [
{
"domain": {
"domain-type": "domain",
"name": "SMC User",
"uid": "41e821a0-3720-11e3-aa6e-0800200c9fde"
},
"ipv4-address": "192.168.47.1",
"name": "h_192.168.47.1",
"type": "host",
"uid": "5d7d7086-d70b-4995-971a-0583b15a2bfc"
},
{
"domain": {
"domain-type": "domain",
"name": "SMC User",
"uid": "41e821a0-3720-11e3-aa6e-0800200c9fde"
},
"ipv4-address": "8.8.8.8",
"name": "h_8.8.8.8",
"type": "host",
"uid": "c210af07-1939-49d3-a351-953a9c471d9e"
}
],
"to": 2,
"total": 2
},
"status_code": 200
},
"status_code": 200,
"success": true
})
Icubungula imiphumela yamakholi we-API
Emva kwalokhu ungasebenzisa okuguquguqukayo nezindlela zekilasi I-APIResponse(kokubili ngaphakathi komphathi komongo nangaphandle). Ekilasini I-APIResponse Izindlela ezi-4 neziguquguquko ezi-5 zichazwe ngaphambili; sizogxila kwezibaluleke kakhulu ngokuningiliziwe.
impumelelo
Okokuqala, kungaba umqondo omuhle ukwenza isiqiniseko sokuthi ikholi ye-API ibe yimpumelelo futhi ibuyisele umphumela. Kukhona indlela yalokhu impumelelo:
In [49]: api_versions.success
Out[49]: True
Ibuyisela Iqiniso uma ikholi ye-API iphumelele (ikhodi yokuphendula - 200) kanye nokuthi Amanga uma ingaphumeleli (noma iyiphi enye ikhodi yokuphendula). Kulula ukusebenzisa ngokushesha ngemva kocingo lwe-API ukuze ubonise ulwazi oluhlukile kuye ngekhodi yokusabela.
if api_ver.success:
print(api_versions.data)
else:
print(api_versions.err_message) ikhodi yesimo
Ibuyisela ikhodi yokuphendula ngemva kokwenziwa kwekholi ye-API.
In [62]: api_versions.status_code
Out[62]: 400
Amakhodi okuphendula okungenzeka: 200,400,401,403,404,409,500,501.
setha_isimo_sempumelelo
Kulokhu, kungase kudingeke ukuguqula inani lesimo sempumelelo. Ngobuchwepheshe, ungabeka noma yini lapho, ngisho nentambo evamile. Kodwa isibonelo sangempela kungaba ukusetha kabusha le pharamitha kokuthi Amanga ngaphansi kwezimo ezithile ezihambisanayo. Ngezansi, naka isibonelo lapho kunemisebenzi esebenza kuseva yokuphatha, kodwa sizobheka lesi sicelo njengengaphumeleli (sizosetha impumelelo eguquguqukayo ukuthi ibe Amanga, ngaphandle kweqiniso lokuthi ikholi ye-API iphumelele futhi yabuyisela ikhodi engu-200).
for task in task_result.data["tasks"]:
if task["status"] == "failed" or task["status"] == "partially succeeded":
task_result.set_success_status(False)
breakimpendulo()
Indlela yokuphendula ikuvumela ukuthi ubuke isichazamazwi ngekhodi yokuphendula (ikhodi_yesimo) kanye nomzimba wokuphendula (umzimba).
In [94]: api_versions.response()
Out[94]:
{'status_code': 200,
'data': {'current-version': '1.6',
'supported-versions': ['1', '1.1', '1.2', '1.3', '1.4', '1.5', '1.6']}}
idatha
Ikuvumela ukuthi ubone kuphela umzimba wempendulo (umzimba) ngaphandle kolwazi olungadingekile.
In [93]: api_versions.data
Out[93]:
{'current-version': '1.6',
'supported-versions': ['1', '1.1', '1.2', '1.3', '1.4', '1.5', '1.6']}
iphutha_umlayezo
Lolu lwazi lutholakala kuphela uma kwenzeke iphutha ngenkathi kucutshungulwa isicelo se-API (ikhodi yokuphendula hhayi 200). Okukhiphayo okuyisibonelo
In [107]: api_versions.error_message
Out[107]: 'code: generic_err_invalid_parameter_namenmessage: Unrecognized parameter [1]n'
Izibonelo eziwusizo
Okulandelayo yizibonelo ezisebenzisa izingcingo ze-API ezengezwe ku-Management API 1.6.
Okokuqala, ake sibheke ukuthi izingcingo zisebenza kanjani engeza-umsingathi и engeza-ikheli-ububanzi. Ake sithi sidinga ukudala wonke amakheli e-IP we-subnet 192.168.0.0/24, i-octet yokugcina engu-5, njengezinto zohlobo lomsingathi, futhi sibhale wonke amanye amakheli e-IP njengezinto zohlobo lwebanga lekheli. Kulokhu, ungafaki ikheli le-subnet nekheli lokusakaza.
Ngakho-ke, ngezansi kuneskripthi esixazulula le nkinga futhi sidale izinto ezingu-50 zohlobo lomsingathi kanye nezinto ezingu-51 zohlobo lwebanga lekheli. Ukuze kuxazululwe inkinga, amakholi we-API angu-101 ayadingeka (singabali ucingo lokugcina lokushicilela). Futhi, sisebenzisa imojula yesikhathi, sibala isikhathi esisithathayo ukwenza iskripthi kuze kushicilelwe izinguquko.
Iskripthi usebenzisa i-add-host kanye ne-add-address-range
import timeit
from cpapi import APIClient, APIClientArgs
start = timeit.default_timer()
first_ip = 1
last_ip = 4
client_args = APIClientArgs(server="192.168.47.240")
with APIClient(client_args) as client:
login = client.login_with_api_key('3TsbPJ8ZKjaJGvFyoFqHFA==')
for ip in range(5,255,5):
add_host = client.api_call("add-host", {"name" : f"h_192.168.0.{ip}", "ip-address": f'192.168.0.{ip}'})
while last_ip < 255:
add_range = client.api_call("add-address-range", {"name": f"r_192.168.0.{first_ip}-{last_ip}", "ip-address-first": f"192.168.0.{first_ip}", "ip-address-last": f"192.168.0.{last_ip}"})
first_ip+=5
last_ip+=5
stop = timeit.default_timer()
publish = client.api_call("publish")
print(f'Time to execute batch request: {stop - start} seconds')
Endaweni yami yelebhu, lesi sikripthi sithatha phakathi kwemizuzwana engama-30 nengama-50 ukuze siphume, kuye ngomthwalo osesiphakelini sokuphatha.
Manje ake sibone ukuthi ungayixazulula kanjani inkinga efanayo usebenzisa ikholi ye-API engeza-izinto-inqwaba, ukusekelwa okwengezwe kunguqulo ye-API 1.6. Le kholi ikuvumela ukuthi udale izinto eziningi ngesikhathi esisodwa esicelweni esisodwa se-API. Ngaphezu kwalokho, lezi zingaba izinto zezinhlobo ezahlukene (isibonelo, abasingathi, ama-subnet kanye nobubanzi bamakheli). Ngakho, umsebenzi wethu ungaxazululwa ngaphakathi kohlaka lwekholi eyodwa ye-API.
Iskripthi usebenzisa i-add-objects-batch
import timeit
from cpapi import APIClient, APIClientArgs
start = timeit.default_timer()
client_args = APIClientArgs(server="192.168.47.240")
objects_list_ip = []
objects_list_range = []
for ip in range(5,255,5):
data = {"name": f'h_192.168.0.{ip}', "ip-address": f'192.168.0.{ip}'}
objects_list_ip.append(data)
first_ip = 1
last_ip = 4
while last_ip < 255:
data = {"name": f"r_192.168.0.{first_ip}-{last_ip}", "ip-address-first": f"192.168.0.{first_ip}", "ip-address-last": f"192.168.0.{last_ip}"}
objects_list_range.append(data)
first_ip+=5
last_ip+=5
data_for_batch = {
"objects" : [ {
"type" : "host",
"list" : objects_list_ip
}, {
"type" : "address-range",
"list" : objects_list_range
}]
}
with APIClient(client_args) as client:
login = client.login_with_api_key('3TsbPJ8ZKjaJGvFyoFqHFA==')
add_objects_batch = client.api_call("add-objects-batch", data_for_batch)
stop = timeit.default_timer()
publish = client.api_call("publish")
print(f'Time to execute batch request: {stop - start} seconds')
Futhi ukusebenzisa lesi sikripthi endaweni yami yelebhu kuthatha imizuzwana emi-3 kuye kweyisi-7, kuya ngomthwalo osesiphakelini sokuphatha. Okusho ukuthi, ngokwesilinganiso, ezintweni ze-API eziyi-101, ucingo lohlobo lwe-batch lugijima izikhathi eziyi-10 ngokushesha. Ngenani elikhulu lezinto umehluko uzomangalisa nakakhulu.
Manje ake sibone ukuthi singasebenza kanjani set-izinto-inqwaba. Ngokusebenzisa le kholi ye-API, singashintsha ngobuningi noma iyiphi ipharamitha. Ake simise ingxenye yokuqala yamakheli asuka esibonelweni sangaphambilini (kufika ku-.124 abasingathi, kanye nobubanzi futhi) kumbala we-sienna, futhi sinikeze umbala okhaki engxenyeni yesibili yamakheli.
Ukushintsha umbala wezinto ezidalwe esibonelweni sangaphambilini
from cpapi import APIClient, APIClientArgs
client_args = APIClientArgs(server="192.168.47.240")
objects_list_ip_first = []
objects_list_range_first = []
objects_list_ip_second = []
objects_list_range_second = []
for ip in range(5,125,5):
data = {"name": f'h_192.168.0.{ip}', "color": "sienna"}
objects_list_ip_first.append(data)
for ip in range(125,255,5):
data = {"name": f'h_192.168.0.{ip}', "color": "khaki"}
objects_list_ip_second.append(data)
first_ip = 1
last_ip = 4
while last_ip < 125:
data = {"name": f"r_192.168.0.{first_ip}-{last_ip}", "color": "sienna"}
objects_list_range_first.append(data)
first_ip+=5
last_ip+=5
while last_ip < 255:
data = {"name": f"r_192.168.0.{first_ip}-{last_ip}", "color": "khaki"}
objects_list_range_second.append(data)
first_ip+=5
last_ip+=5
data_for_batch_first = {
"objects" : [ {
"type" : "host",
"list" : objects_list_ip_first
}, {
"type" : "address-range",
"list" : objects_list_range_first
}]
}
data_for_batch_second = {
"objects" : [ {
"type" : "host",
"list" : objects_list_ip_second
}, {
"type" : "address-range",
"list" : objects_list_range_second
}]
}
with APIClient(client_args) as client:
login = client.login_with_api_key('3TsbPJ8ZKjaJGvFyoFqHFA==')
set_objects_batch_first = client.api_call("set-objects-batch", data_for_batch_first)
set_objects_batch_second = client.api_call("set-objects-batch", data_for_batch_second)
publish = client.api_call("publish")
Ungasusa izinto eziningi kukholi eyodwa ye-API usebenzisa susa-inqwaba-yezinto. Manje ake sibheke isibonelo sekhodi esisusa bonke abasingathi abadalwe ngaphambilini nge engeza-izinto-inqwaba.
Ukususa izinto kusetshenziswa i-delete-objects-batch
from cpapi import APIClient, APIClientArgs
client_args = APIClientArgs(server="192.168.47.240")
objects_list_ip = []
objects_list_range = []
for ip in range(5,255,5):
data = {"name": f'h_192.168.0.{ip}'}
objects_list_ip.append(data)
first_ip = 1
last_ip = 4
while last_ip < 255:
data = {"name": f"r_192.168.0.{first_ip}-{last_ip}"}
objects_list_range.append(data)
first_ip+=5
last_ip+=5
data_for_batch = {
"objects" : [ {
"type" : "host",
"list" : objects_list_ip
}, {
"type" : "address-range",
"list" : objects_list_range
}]
}
with APIClient(client_args) as client:
login = client.login_with_api_key('3TsbPJ8ZKjaJGvFyoFqHFA==')
delete_objects_batch = client.api_call("delete-objects-batch", data_for_batch)
publish = client.api_call("publish")
print(delete_objects_batch.data)
Yonke imisebenzi evela ekukhishweni okusha kwesofthiwe ye-Check Point ithola ngokushesha amakholi we-API. Ngakho, ngama-R80.40 “izici” ezifana nokuthi Buyela ekubuyekezweni kanye ne-Smart Task zivele, futhi izingcingo ezihambisanayo ze-API zalungiselelwa zona ngokushesha. Ngaphezu kwalokho, konke ukusebenza lapho usuka ku-Legacy consoles kuya kumodi Yenqubomgomo Ehlanganisiwe iphinde ithole ukwesekwa kwe-API. Isibonelo, isibuyekezo ebesilindelwe isikhathi eside kunguqulo yesofthiwe engu-R80.40 kwaba ukususwa kwenqubomgomo yokuhlola i-HTTPS ukusuka kumodi yefa kuya kumodi Yenqubomgomo Ehlanganisiwe, futhi lokhu kusebenza kuthola ngokushesha amakholi e-API. Nasi isibonelo sekhodi engeza umthetho endaweni ephezulu yenqubomgomo yokuhlola i-HTTPS engafaki izigaba ezi-3 ekuhlolweni (Ezempilo, Ezezimali, Izinsizakalo Zikahulumeni), ezingavunyelwe ukuhlolwa ngokuvumelana nomthetho emazweni amaningana.
Engeza umthetho kunqubomgomo yokuhlola ye-HTTPS
from cpapi import APIClient, APIClientArgs
client_args = APIClientArgs(server="192.168.47.240")
data = {
"layer" : "Default Layer",
"position" : "top",
"name" : "Legal Requirements",
"action": "bypass",
"site-category": ["Health", "Government / Military", "Financial Services"]
}
with APIClient(client_args) as client:
login = client.login_with_api_key('3TsbPJ8ZKjaJGvFyoFqHFA==')
add_https_rule = client.api_call("add-https-rule", data)
publish = client.api_call("publish")
Isebenzisa imibhalo yePython kuseva yokuphatha ye-Check Point
Konke kuyefana iqukethe ulwazi lwendlela yokusebenzisa imibhalo ye-Python ngokuqondile kuseva yokulawula. Lokhu kungaba lula uma ungakwazi ukuxhuma kuseva ye-API usuka komunye umshini. Ngiqophe ividiyo yemizuzu eyisithupha lapho ngibheka khona ukufaka imojuli cpa nezici zokusebenzisa imibhalo yePython kuseva yokulawula. Njengesibonelo, iskripthi siqhutshwa esenza ngokuzenzakalelayo ukumiswa kwesango elisha lomsebenzi ofana nokuhlolwa kwenethiwekhi. Ukuhlola Ukuphepha. Phakathi kwezici okufanele ngibhekane nazo: umsebenzi awukakaveli kuPython 2.7 okokufaka, ukuze kucutshungulwe ulwazi olufakwa umsebenzisi, kusetshenziswa umsebenzi okokufaka_okuluhlaza. Uma kungenjalo, ikhodi iyafana nokwethulwa kweminye imishini, kuphela kulula kakhulu ukusebenzisa umsebenzi ngena_njengempande, ukuze ungacacisi igama lakho lomsebenzisi, iphasiwedi kanye nekheli le-IP leseva yokuphatha futhi.
Iskripthi sokusetha okusheshayo kokuhlolwa kokuvikela
from __future__ import print_function
import getpass
import sys, os
sys.path.append(os.path.abspath(os.path.join(os.path.dirname(__file__), '..')))
from cpapi import APIClient, APIClientArgs
def main():
with APIClient() as client:
# if client.check_fingerprint() is False:
# print("Could not get the server's fingerprint - Check connectivity with the server.")
# exit(1)
login_res = client.login_as_root()
if login_res.success is False:
print("Login failed:n{}".format(login_res.error_message))
exit(1)
gw_name = raw_input("Enter the gateway name:")
gw_ip = raw_input("Enter the gateway IP address:")
if sys.stdin.isatty():
sic = getpass.getpass("Enter one-time password for the gateway(SIC): ")
else:
print("Attention! Your password will be shown on the screen!")
sic = raw_input("Enter one-time password for the gateway(SIC): ")
version = raw_input("Enter the gateway version(like RXX.YY):")
add_gw = client.api_call("add-simple-gateway", {'name' : gw_name, 'ipv4-address' : gw_ip, 'one-time-password' : sic, 'version': version.capitalize(), 'application-control' : 'true', 'url-filtering' : 'true', 'ips' : 'true', 'anti-bot' : 'true', 'anti-virus' : 'true', 'threat-emulation' : 'true'})
if add_gw.success and add_gw.data['sic-state'] != "communicating":
print("Secure connection with the gateway hasn't established!")
exit(1)
elif add_gw.success:
print("The gateway was added successfully.")
gw_uid = add_gw.data['uid']
gw_name = add_gw.data['name']
else:
print("Failed to add the gateway - {}".format(add_gw.error_message))
exit(1)
change_policy = client.api_call("set-access-layer", {"name" : "Network", "applications-and-url-filtering": "true", "content-awareness": "true"})
if change_policy.success:
print("The policy has been changed successfully")
else:
print("Failed to change the policy- {}".format(change_policy.error_message))
change_rule = client.api_call("set-access-rule", {"name" : "Cleanup rule", "layer" : "Network", "action": "Accept", "track": {"type": "Detailed Log", "accounting": "true"}})
if change_rule.success:
print("The cleanup rule has been changed successfully")
else:
print("Failed to change the cleanup rule- {}".format(change_rule.error_message))
# publish the result
publish_res = client.api_call("publish", {})
if publish_res.success:
print("The changes were published successfully.")
else:
print("Failed to publish the changes - {}".format(install_tp_policy.error_message))
install_access_policy = client.api_call("install-policy", {"policy-package" : "Standard", "access" : 'true', "threat-prevention" : 'false', "targets" : gw_uid})
if install_access_policy.success:
print("The access policy has been installed")
else:
print("Failed to install access policy - {}".format(install_tp_policy.error_message))
install_tp_policy = client.api_call("install-policy", {"policy-package" : "Standard", "access" : 'false', "threat-prevention" : 'true', "targets" : gw_uid})
if install_tp_policy.success:
print("The threat prevention policy has been installed")
else:
print("Failed to install threat prevention policy - {}".format(install_tp_policy.error_message))
# add passwords and passphrases to dictionary
with open('additional_pass.conf') as f:
line_num = 0
for line in f:
line_num += 1
add_password_dictionary = client.api_call("run-script", {"script-name" : "Add passwords and passphrases", "script" : "printf "{}" >> $FWDIR/conf/additional_pass.conf".format(line), "targets" : gw_name})
if add_password_dictionary.success:
print("The password dictionary line {} was added successfully".format(line_num))
else:
print("Failed to add the dictionary - {}".format(add_password_dictionary.error_message))
main() Ifayela eliyisibonelo elinesichazamazwi sephasiwedi extra_pass.conf
{
"passwords" : ["malware","malicious","infected","Infected"],
"phrases" : ["password","Password","Pass","pass","codigo","key","pwd","пароль","Пароль","Ключ","ключ","шифр","Шифр"]
}
isiphetho
Lesi sihloko sihlola kuphela amathuba ayisisekelo omsebenzi IPython SDK kanye nemojuli cpa(njengoba ubungase uqagele, lawa empeleni omqondofana), futhi ngokufunda ikhodi kule mojula uzothola amathuba engeziwe okusebenza ngayo. Kungenzeka ukuthi uzofuna ukukwengeza ngamakilasi akho, imisebenzi, izindlela nokuguquguquka. Ungakwazi ukwabelana ngaso sonke isikhathi nomsebenzi wakho futhi ubuke ezinye izikripthi Zephoyinti Lokuhlola esigabeni emphakathini , okuhlanganisa kokubili abathuthukisi bomkhiqizo nabasebenzisi.
Ukubhala amakhodi okujabulisayo futhi siyabonga ngokufunda kuze kube sekupheleni!
Source: www.habr.com