非常实验性的杂项和额外的实用程序的fortios
fortios-xutils的Python项目详细描述
富通
非常实验性的杂项和额外的实用程序为fortios(fortigate)。在
特点
- 从fortios CLI的“show”中解析并转储结构化JSON文件 *“配置”输出
- 从作为分析结果生成的JSON文件中搜索一个或多个项 fortios CLI的“show*configuration”输出,使用JMESPath查询
- 从JSON文件收集nework信息并生成结构化JSON 文件提供了网络信息
- 将多个网络JSON文件组合成一个网络文件
- 分析并转储防火墙策略表作为pandas数据以供进一步分析
- 搜索防火墙策略与给定ip地址匹配
- 按ip地址(src和dst)查找从网络JSON文件到 找出要配置的防火墙节点
CLI使用
请参见fortios_xutils–帮助。在
ssato@x1-carbon-gen6%PYTHONPATH=src python3 ./src/fortios_xutils/cli.py --help Usage: cli.py [OPTIONS] COMMAND [ARGS]... CLI frontend entrypoint. Options: -v, --verbose --help Show this message and exit. Commands: firewall-policy-save Make and save firewall policy table... firewall-policy-search Search firewall policy table generated by... network-collect Make and save network data collected from the JSON... network-compose Compose network files collected from the fortigate... network-find-paths Search paths from the source `src_ip` to the... parse Parse fortigate CLI's "show *configuration*... search Search an item or items from JSON file generated... ssato@x1-carbon-gen6%for sc in parse search network-collect network-compose firewall-policy-save firewall-policy-search;doecho"# $sc";PYTHONPATH=src python3 ./src/fortios_xutils/cli.py $sc --help;done# parse Usage: cli.py parse [OPTIONS] [FILEPATHS]... Parse fortigate CLI's "show *configuration* outputs and generate a structured JSON file. FILEPATHS is a list of file paths or a glob pattern gives that. Examples: $ fortios_xutils parse -O /tmp/0 \ > tests/res/show_configs/fortigate_cli_show_sample_*.txt $ ls /tmp/0 fortigate-01 fortigate-02 $ ls /tmp/0/fortigate-01: all.json firewall_address.json firewall_addrgrp.json firewall_policy.json firewall_service_category.json firewall_service_custom.json firewall_service_group.json metadata.json system_global.json system_interface.json system_object-tagging.json system_replacemsg-group.json system_settings.json $ jq '.' /tmp/0/fortigate-01/system_interface.json [ { "edit": "dmz", "vdom": "root", "status": "down", "type": "physical", "role": "dmz", "snmp-index": "1" }, { "edit": "port1", "vdom": "root", "ip": [ "192.168.122.10", "255.255.255.0" ], ... (snip) ... Options: -O, --outdir TEXT Output dir to save parsed results [out/ relative to input filepath] --help Show this message and exit. # search Usage: cli.py search [OPTIONS] [FILEPATHS]... Search an item or items from JSON file generated previously by 'parse' sub command. FILEPATHS is a list of file paths or a glob pattern gives that. Examples: $# List ip addresses of system interfaces. $ fortios_xutils search \ > -P "configs[?config=='system interface'].edits[].ip"\ > tests/res/parsed/fortigate-01/all.json [ [ "192.168.122.10", "255.255.255.0" ], [ "192.168.1.10", "255.255.255.0" ] ] $ Options: -P, --path TEXT JMESPath expression to query --help Show this message and exit. # network-collect Usage: cli.py network-collect [OPTIONS] [FILEPATHS]... Collect and save network data from the parsed and structured fortigate's configuration files in JSON formats. FILEPATHS is a list of path of the JSON file, the parsed results of fortigate CLI's "show \*configuration" outputs. Examples: $ fortios_xutils network-collect tests/res/parsed/*/all.json $ head -n 10 tests/res/parsed/fortigate-01/networks.yml metadata: type: metadata input: tests/res/parsed/fortigate-01/all.json prefix: 24 timestamp: 2020-05-12_04_58_57 version: '1.0' nodes: - id: fortigate-01 name: fortigate-01 type: firewall $ Options: -O, --outdir TEXT Dir to save results -P, --prefix TEXT Max network prefix [24] --help Show this message and exit. # network-compose Usage: cli.py network-compose [OPTIONS] [FILEPATHS]... Compose network files collected from the fortigate CLI's configurations from multiple fortigate hosts using the preivous network-collect command, into a network file. Examples: $ fortios_xutils network-compose \ > tests/res/parsed/fortigate-0*/networks.yml \ > -o tests/res/networks/all.yml $ head -n 10 tests/res/networks/all.yml metadata: inputs: - tests/res/parsed/fortigate-01/all.json - tests/res/parsed/fortigate-02/all.json timestamp: 2020-05-12_05_02_49 version: '1.0' nodes: - id: fortigate-01 name: fortigate-01 type: firewall $ Options: -o, --outpath TEXT Path of the outpath file to save network JSON data --help Show this message and exit. # firewall-policy-save Usage: cli.py firewall-policy-save [OPTIONS] [FILEPATHS]... Make and save firewall policy table (:class:`pandas.DataFrame` object). Examples: $ fortios_xutils firewall-policy-save \ > -o /tmp/0/test.pickle.gz \ > tests/res/parsed/fortigate-01/all.json $ file /tmp/0/test.pickle.gz /tmp/0/test.pickle.gz: gzip compressed data, was "test.pickle" ... $ Options: -O, --outdir TEXT Dir to save results [same dir input files exist] --help Show this message and exit. # firewall-policy-search Usage: cli.py firewall-policy-search [OPTIONS] FILEPATH Search firewall policy table generated by 'firewall-policy-save' command, by ip address. FILEPATH is a file path to the pandas dataframe file generated by 'firewall-policy-save' command. Examples: $ fortios_xutils firewall-policy-search \ > --ip 192.168.122.3 /tmp/0/test.pickle.gz [ { "edit": "20", "name": "Monitor_Servers_02", "uuid": "3da73baa-dacb-48cb-852c-c4be245b4609", "srcintf": "port1", "dstintf": "", "srcaddr": "host_192.168.122.1", "dstaddr": "network_192.168.122.0/24", "action": "accept", "schedule": "always", "service": [ "HTTPS", "HTTP" ], "inspection-mode": "", "nat": "", "srcaddrs": [ "192.168.122.1/32" ], "dstaddrs": [ "192.168.122.0/24" ], "comments": "" } ] Options: -i, --ip TEXT Specify an IP address to search --help Show this message and exit. ssato@x1-carbon-gen6%
- 项目
标签:
欢迎加入QQ群-->: 979659372
