fortios(fortigate)的非常实验性的杂项和额外工具

导航

验证细节

这些细节已由PyPI验证
维护者
Avatar for ssato from gravatar.com ssato

未验证细节

这些细节尚未由PyPI验证
项目链接
元数据
分类器

项目描述

fortios-xutils

[Latest Version] [Python versions] MIT License Test status [Code Quality by LGTM]

fortios(fortigate)的非常实验性的杂项和额外工具

功能

  • 解析并导出fortios CLI的“show *configuration”输出的结构化JSON文件

  • 使用JMESPath查询从fortios CLI的“show *configuration”输出的解析结果生成的JSON文件中搜索项目或项目

  • 从JSON文件中收集网络信息,并生成提供该网络信息的结构化JSON文件

  • 将多个网络JSON文件组合成网络文件

  • 分析并导出防火墙策略表作为pandas数据以供进一步分析

  • 根据给定的IP地址搜索防火墙策略匹配项

  • 通过IP地址(源和目标)从网络JSON文件中找到网络路径,以确定要配置哪些防火墙节点

CLI使用

请参阅fortios_xutils –help

ssato@x1-carbon-gen6% PYTHONPATH=src python3 ./src/fortios_xutils/cli.py --help
Usage: cli.py [OPTIONS] COMMAND [ARGS]...

  CLI frontend entrypoint.

Options:
  -v, --verbose
  --help         Show this message and exit.

Commands:
  firewall-policy-save    Make and save firewall policy table...
  firewall-policy-search  Search firewall policy table generated by...
  network-collect         Make and save network data collected from the
                          JSON...

  network-compose         Compose network files collected from the
                          fortigate...

  network-find-paths      Search paths from the source `src_ip` to the...
  parse                   Parse fortigate CLI's "show *configuration*...
  search                  Search an item or items from JSON file generated...
ssato@x1-carbon-gen6% for sc in parse search network-collect network-compose firewall-policy-save firewall-policy-search; do echo "# $sc"; PYTHONPATH=src python3 ./src/fortios_xutils/cli.py $sc --help; done
# parse
Usage: cli.py parse [OPTIONS] [FILEPATHS]...

  Parse fortigate CLI's "show *configuration* outputs and generate a
  structured JSON file. FILEPATHS is a list of file paths or a glob pattern
  gives that.

  Examples:

      $ fortios_xutils parse -O /tmp/0 \
      > tests/res/show_configs/fortigate_cli_show_sample_*.txt
      $ ls /tmp/0
      fortigate-01  fortigate-02
      $ ls /tmp/0/fortigate-01:
      all.json                         firewall_address.json
      firewall_addrgrp.json            firewall_policy.json
      firewall_service_category.json   firewall_service_custom.json
      firewall_service_group.json      metadata.json
      system_global.json               system_interface.json
      system_object-tagging.json       system_replacemsg-group.json
      system_settings.json
      $ jq '.' /tmp/0/fortigate-01/system_interface.json
      [
        {
          "edit": "dmz",
          "vdom": "root",
          "status": "down",
          "type": "physical",
          "role": "dmz",
          "snmp-index": "1"
        },
        {
          "edit": "port1",
          "vdom": "root",
          "ip": [
            "192.168.122.10",
            "255.255.255.0"
          ],
              ... (snip) ...

Options:
  -O, --outdir TEXT  Output dir to save parsed results [out/ relative to input
                     filepath]

  --help             Show this message and exit.
# search
Usage: cli.py search [OPTIONS] [FILEPATHS]...

  Search an item or items from JSON file generated previously by 'parse' sub
  command. FILEPATHS is a list of file paths or a glob pattern gives that.

  Examples:

      $ # List ip addresses of system interfaces.
      $ fortios_xutils search \
      > -P "configs[?config=='system interface'].edits[].ip" \
      > tests/res/parsed/fortigate-01/all.json
      [
          [
              "192.168.122.10",
              "255.255.255.0"
          ],
          [
              "192.168.1.10",
              "255.255.255.0"
          ]
      ]
      $

Options:
  -P, --path TEXT  JMESPath expression to query
  --help           Show this message and exit.
# network-collect
Usage: cli.py network-collect [OPTIONS] [FILEPATHS]...

  Collect and save network data from the parsed and structured fortigate's
  configuration files in JSON formats. FILEPATHS is a list of path of the
  JSON file, the parsed results of fortigate CLI's "show \*configuration"
  outputs.

  Examples:

      $ fortios_xutils network-collect tests/res/parsed/*/all.json
      $ head -n 10 tests/res/parsed/fortigate-01/networks.yml
      metadata:
        type: metadata
        input: tests/res/parsed/fortigate-01/all.json
        prefix: 24
        timestamp: 2020-05-12_04_58_57
        version: '1.0'
      nodes:
      - id: fortigate-01
        name: fortigate-01
        type: firewall
      $

Options:
  -O, --outdir TEXT  Dir to save results
  -P, --prefix TEXT  Max network prefix [24]
  --help             Show this message and exit.
# network-compose
Usage: cli.py network-compose [OPTIONS] [FILEPATHS]...

  Compose network files collected from the fortigate CLI's configurations
  from multiple fortigate hosts using the preivous network-collect command,
  into a network file.

  Examples:

      $ fortios_xutils network-compose \
      > tests/res/parsed/fortigate-0*/networks.yml \
      > -o tests/res/networks/all.yml
      $ head -n 10 tests/res/networks/all.yml
      metadata:
        inputs:
        - tests/res/parsed/fortigate-01/all.json
        - tests/res/parsed/fortigate-02/all.json
        timestamp: 2020-05-12_05_02_49
        version: '1.0'
      nodes:
      - id: fortigate-01
        name: fortigate-01
        type: firewall
      $

Options:
  -o, --outpath TEXT  Path of the outpath file to save network JSON data
  --help              Show this message and exit.
# firewall-policy-save
Usage: cli.py firewall-policy-save [OPTIONS] [FILEPATHS]...

  Make and save firewall policy table (:class:`pandas.DataFrame` object).

  Examples:

      $ fortios_xutils firewall-policy-save \
      > -o /tmp/0/test.pickle.gz \
      > tests/res/parsed/fortigate-01/all.json
      $ file /tmp/0/test.pickle.gz
      /tmp/0/test.pickle.gz: gzip compressed data, was "test.pickle"  ...
      $

Options:
  -O, --outdir TEXT  Dir to save results [same dir input files exist]
  --help             Show this message and exit.
# firewall-policy-search
Usage: cli.py firewall-policy-search [OPTIONS] FILEPATH

  Search firewall policy table generated by 'firewall-policy-save' command,
  by ip address. FILEPATH is a file path to the pandas dataframe file
  generated by 'firewall-policy-save' command.

  Examples:

      $ fortios_xutils firewall-policy-search \
      > --ip 192.168.122.3 /tmp/0/test.pickle.gz
      [
        {
          "edit": "20",
          "name": "Monitor_Servers_02",
          "uuid": "3da73baa-dacb-48cb-852c-c4be245b4609",
          "srcintf": "port1",
          "dstintf": "",
          "srcaddr": "host_192.168.122.1",
          "dstaddr": "network_192.168.122.0/24",
          "action": "accept",
          "schedule": "always",
          "service": [
            "HTTPS",
            "HTTP"
          ],
          "inspection-mode": "",
          "nat": "",
          "srcaddrs": [
            "192.168.122.1/32"
          ],
          "dstaddrs": [
            "192.168.122.0/24"
          ],
          "comments": ""
        }
      ]

Options:
  -i, --ip TEXT  Specify an IP address to search
  --help         Show this message and exit.
ssato@x1-carbon-gen6%

项目详情

验证细节

这些细节已由PyPI验证
维护者
Avatar for ssato from gravatar.com ssato

未验证细节

这些细节尚未由PyPI验证
项目链接
元数据
分类器

发布历史 发布通知 | RSS源

此版本

0.4.2

0.4.1

0.4.0

0.3.2

0.3.1

0.3.0

0.2.0

0.1.2

0.1.0

下载文件

下载适用于您平台文件的文件。如果您不确定该选择哪个,请了解更多关于安装包的信息

源分发

fortios_xutils-0.4.2.tar.gz (118.6 kB 查看哈希值)

上传时间

构建分发

fortios_xutils-0.4.2-py2.py3-none-any.whl (27.4 kB 查看哈希值)

上传时间 Python 2 Python 3

支持