Merge pull request #1 from certanet/develop

Added system, security policy and ICMP methods

.github/workflows/python-publish.yml

@@ -0,0 +1,31 @@
+# This workflow will upload a Python Package using Twine when a release is created
+# For more information see: https://help.github.com/en/actions/language-and-framework-guides/using-python-with-github-actions#publishing-to-package-registries
+
+name: Upload Python Package
+
+on:
+  release:
+    types: [created]
+
+jobs:
+  deploy:
+
+    runs-on: ubuntu-latest
+
+    steps:
+    - uses: actions/checkout@v2
+    - name: Set up Python
+      uses: actions/setup-python@v2
+      with:
+        python-version: '3.x'
+    - name: Install dependencies
+      run: |
+        python -m pip install --upgrade pip
+        pip install setuptools wheel twine
+    - name: Build and publish
+      env:
+        TWINE_USERNAME: ${{ secrets.PYPI_USERNAME }}
+        TWINE_PASSWORD: ${{ secrets.PYPI_PASSWORD }}
+      run: |
+        python setup.py sdist bdist_wheel
+        twine upload dist/*

docs/change.rst

@@ -1,5 +1,8 @@
 Change Log
 ==========
 
-* 0.0.1 - 2020-01-09
+* 0.0.2 - 2021-01-12
+    * Added system, security policy and ICMP methods
+
+* 0.0.1 - 2021-01-09
     * Initial release

docs/fp_output/get_access_rules.txt

@@ -0,0 +1,45 @@
+[{'destinationDynamicObjects': [],
+  'destinationNetworks': [{'id': '2904a9b9-4db6-11eb-aab5-93170f9c3b34',
+                           'name': 'GROUP-ALL-HOSTS',
+                           'type': 'networkobjectgroup',
+                           'version': 'i4oe7b4lpaxos'}],
+  'destinationPorts': [{'id': '18312adc-38bb-11e2-86aa-62f0c593a59a',
+                        'name': 'HTTP',
+                        'type': 'tcpportobject',
+                        'version': 'jfkuxugpghogc'}],
+  'destinationZones': [{'id': 'b1af33e1-b3e5-11e5-8db8-afdc0be5453e',
+                        'name': 'outside_zone',
+                        'type': 'securityzone',
+                        'version': 'chx6737ygiktz'}],
+  'embeddedAppFilter': None,
+  'eventLogAction': 'LOG_FLOW_END',
+  'filePolicy': None,
+  'id': '5c405b75-5105-11eb-aab5-0140ccd4feb7',
+  'identitySources': [],
+  'intrusionPolicy': {'id': '80875699-4d44-11eb-9e04-190e1a7b8344',
+                      'name': 'Maximum Detection',
+                      'type': 'intrusionpolicy',
+                      'version': 'nlypnji4gaseu'},
+  'links': {'self': 'https://192.168.133.7/api/fdm/latest/policy/accesspolicies/c78e66bc-cb57-43fe-bcbf-96b79b3475b3/accessrules/5c405b75-5105-11eb-aab5-0140ccd4feb7'},
+  'logFiles': False,
+  'name': 'very-secure-rule',
+  'ruleAction': 'PERMIT',
+  'ruleId': 268435505,
+  'sourceDynamicObjects': [],
+  'sourceNetworks': [{'id': '9f42dab3-4db5-11eb-aab5-19160f885ae8',
+                      'name': 'Host1-NIC1',
+                      'type': 'networkobject',
+                      'version': 'jpfwstwwapru5'}],
+  'sourcePorts': [],
+  'sourceZones': [{'id': '90c377e0-b3e5-11e5-8db8-651556da7898',
+                   'name': 'inside_zone',
+                   'type': 'securityzone',
+                   'version': 'm6c22ydlemewj'}],
+  'syslogServer': None,
+  'timeRangeObjects': [],
+  'type': 'accessrule',
+  'urlFilter': {'type': 'embeddedurlfilter',
+                'urlCategories': [],
+                'urlObjects': []},
+  'users': [],
+  'version': 'hjxr5d7i3mg5s'}]

docs/fp_output/get_dhcp_servers.txt

@@ -0,0 +1,31 @@
+{'autoConfig': True,
+ 'id': 'a47ce00c-fe55-11e4-8e99-f73968181bfd',
+ 'interface': {'hardwareName': 'GigabitEthernet0/0',
+               'id': '8d6c41df-3e5f-465b-8e5a-d336b282f93f',
+               'name': 'outside',
+               'type': 'physicalinterface',
+               'version': 'h4kqp4iu2yvff'},
+ 'links': {'self': 'https://192.168.133.7/api/fdm/latest/devicesettings/default/dhcpservercontainers/a47ce00c-fe55-11e4-8e99-f73968181bfd'},
+ 'name': 'DHCP-Server-Container',
+ 'primaryDNS': None,
+ 'primaryWINS': None,
+ 'secondaryDNS': None,
+ 'secondaryWINS': None,
+ 'servers': [{'addressPool': '192.168.45.46-192.168.45.254',
+              'enableDHCP': True,
+              'interface': {'hardwareName': 'GigabitEthernet0/1',
+                            'id': 'ad6a9497-4d44-11eb-9e04-63d0b1958967',
+                            'name': 'inside',
+                            'type': 'physicalinterface',
+                            'version': 'eqotynhtlcuyf'},
+              'type': 'dhcpserver'},
+             {'addressPool': '192.168.133.8-192.168.133.100',
+              'enableDHCP': False,
+              'interface': {'hardwareName': 'GigabitEthernet0/2',
+                            'id': 'aeb5b238-4d44-11eb-9e04-cd44159d2943',
+                            'name': 'dmz',
+                            'type': 'physicalinterface',
+                            'version': 'ojwiwyovklamk'},
+              'type': 'dhcpserver'}],
+ 'type': 'dhcpservercontainer',
+ 'version': 'eb6ciywtkaqs4'}

docs/fp_output/get_icmp_ports.txt

@@ -0,0 +1,18 @@
+[{'description': None,
+  'icmpv4Code': None,
+  'icmpv4Type': 'ECHO_REPLY',
+  'id': '7d1e807d-545b-11eb-aab5-95f8b07b5659',
+  'isSystemDefined': False,
+  'links': {'self': 'https://192.168.133.7/api/fdm/latest/object/icmpv4ports/7d1e807d-545b-11eb-aab5-95f8b07b5659'},
+  'name': 'ec reply',
+  'type': 'icmpv4portobject',
+  'version': 'loxpplznuzrjn'},
+ {'description': None,
+  'icmpv4Code': 'NET_UNREACHABLE',
+  'icmpv4Type': 'DESTINATION_UNREACHABLE',
+  'id': 'fb816ea2-545c-11eb-aab5-5dd867fd255a',
+  'isSystemDefined': False,
+  'links': {'self': 'https://192.168.133.7/api/fdm/latest/object/icmpv4ports/fb816ea2-545c-11eb-aab5-5dd867fd255a'},
+  'name': 'ICMP_UNREACHABLE',
+  'type': 'icmpv4portobject',
+  'version': 'bf3gltejkuiws'}]

docs/fp_output/get_icmp_ports_params.txt

@@ -0,0 +1,11 @@
+af='6'
+
+[{'description': 'A very large ICMPv6',
+  'icmpv6Code': None,
+  'icmpv6Type': 'PACKET_TOO_BIG',
+  'id': '10d19dae-5458-11eb-aab5-e946ff8eb526',
+  'isSystemDefined': False,
+  'links': {'self': 'https://192.168.133.7/api/fdm/latest/object/icmpv6ports/10d19dae-5458-11eb-aab5-e946ff8eb526'},
+  'name': 'BIG6',
+  'type': 'icmpv6portobject',
+  'version': 'lrerbmosmioew'}]

docs/fp_output/get_intrusion_policies.txt

@@ -0,0 +1,32 @@
+[{'description': 'Security Over Connectivity Layer',
+  'id': '6a75c525-4d44-11eb-9e04-6f0a2ca42b30',
+  'inspectionMode': 'PREVENTION',
+  'links': {'self': 'https://192.168.133.7/api/fdm/latest/policy/intrusionpolicies/6a75c525-4d44-11eb-9e04-6f0a2ca42b30'},
+  'name': 'Security Over Connectivity',
+  'rules': {'links': {'self': 'https://192.168.133.7/api/fdm/latest/policy/intrusionpolicies/6a75c525-4d44-11eb-9e04-6f0a2ca42b30/intrusionrules'}},
+  'type': 'intrusionpolicy',
+  'version': 'm7z67ffrxabw'},
+ {'description': 'Balanced Security and Connectivity Layer',
+  'id': '7481ca70-4d44-11eb-9e04-af619bd5bf8e',
+  'inspectionMode': 'PREVENTION',
+  'links': {'self': 'https://192.168.133.7/api/fdm/latest/policy/intrusionpolicies/7481ca70-4d44-11eb-9e04-af619bd5bf8e'},
+  'name': 'Balanced Security and Connectivity',
+  'rules': {'links': {'self': 'https://192.168.133.7/api/fdm/latest/policy/intrusionpolicies/7481ca70-4d44-11eb-9e04-af619bd5bf8e/intrusionrules'}},
+  'type': 'intrusionpolicy',
+  'version': 'j6fstu4h5qlna'},
+ {'description': 'Connectivity Over Security Layer',
+  'id': '7bce629b-4d44-11eb-9e04-77616a49e58c',
+  'inspectionMode': 'PREVENTION',
+  'links': {'self': 'https://192.168.133.7/api/fdm/latest/policy/intrusionpolicies/7bce629b-4d44-11eb-9e04-77616a49e58c'},
+  'name': 'Connectivity Over Security',
+  'rules': {'links': {'self': 'https://192.168.133.7/api/fdm/latest/policy/intrusionpolicies/7bce629b-4d44-11eb-9e04-77616a49e58c/intrusionrules'}},
+  'type': 'intrusionpolicy',
+  'version': 'phs2e2tlvyhdn'},
+ {'description': 'Maximum Detection Layer',
+  'id': '80875699-4d44-11eb-9e04-190e1a7b8344',
+  'inspectionMode': 'PREVENTION',
+  'links': {'self': 'https://192.168.133.7/api/fdm/latest/policy/intrusionpolicies/80875699-4d44-11eb-9e04-190e1a7b8344'},
+  'name': 'Maximum Detection',
+  'rules': {'links': {'self': 'https://192.168.133.7/api/fdm/latest/policy/intrusionpolicies/80875699-4d44-11eb-9e04-190e1a7b8344/intrusionrules'}},
+  'type': 'intrusionpolicy',
+  'version': 'nlypnji4gaseu'}

docs/fp_output/get_net_obj_or_grp_params.txt

@@ -0,0 +1,12 @@
+'Host1-NIC1'
+
+{'description': 'HOST1-NIC1',
+ 'dnsResolution': 'IPV4_ONLY',
+ 'id': '9f42dab3-4db5-11eb-aab5-19160f885ae8',
+ 'isSystemDefined': False,
+ 'links': {'self': 'https://192.168.133.7/api/fdm/latest/object/networks/9f42dab3-4db5-11eb-aab5-19160f885ae8'},
+ 'name': 'Host1-NIC1',
+ 'subType': 'HOST',
+ 'type': 'networkobject',
+ 'value': '10.0.1.1',
+ 'version': 'jpfwstwwapru5'}

docs/fp_output/get_port_obj_or_grp_params.txt

@@ -0,0 +1,11 @@
+'BIG6'
+
+{'description': 'A very large ICMPv6',
+ 'icmpv6Code': None,
+ 'icmpv6Type': 'PACKET_TOO_BIG',
+ 'id': '10d19dae-5458-11eb-aab5-e946ff8eb526',
+ 'isSystemDefined': False,
+ 'links': {'self': 'https://192.168.133.7/api/fdm/latest/object/icmpv6ports/10d19dae-5458-11eb-aab5-e946ff8eb526'},
+ 'name': 'BIG6',
+ 'type': 'icmpv6portobject',
+ 'version': 'lrerbmosmioew'}

docs/fp_output/get_syslog_servers.txt

@@ -0,0 +1,14 @@
+[{'deviceInterface': {'hardwareName': 'GigabitEthernet0/1',
+                      'id': 'ad6a9497-4d44-11eb-9e04-63d0b1958967',
+                      'name': 'inside',
+                      'type': 'physicalinterface',
+                      'version': 'eqotynhtlcuyf'},
+  'host': '192.168.0.53',
+  'id': '00f2c4e0-52cf-11eb-aab5-55a503dce30e',
+  'links': {'self': 'https://192.168.133.7/api/fdm/latest/object/syslogalerts/00f2c4e0-52cf-11eb-aab5-55a503dce30e'},
+  'name': '192.168.0.53:514',
+  'port': '514',
+  'protocol': 'UDP',
+  'type': 'syslogserver',
+  'useManagementInterface': False,
+  'version': 'gz7i7ht2njk6r'}]

docs/fp_output/get_system_info.txt

@@ -0,0 +1,51 @@
+{'applianceUuid': '12345678-1234-1234-1234-123456789abc',
+ 'currentTime': 1610202358116,
+ 'databaseInfo': {'buildVersion': '6.6.1',
+                  'configDBVersion': 'itrncf35kvb2q',
+                  'firewallConfigChecksum': 'kptuzmstdl7ve',
+                  'id': '00000001-0000-0000-0000-000000000001',
+                  'isBootstrapSuccessFul': True,
+                  'restoredFromBackup': 'NONE',
+                  'schemaVersion': '91',
+                  'softwareVersion': '6.6.1-91',
+                  'type': 'databaseinfo'},
+ 'geolocationVersion': {'geolocationDbVersion': None,
+                        'id': 'e2822936-b3ff-11e5-b2b0-75809939b187',
+                        'lastSuccessGeolocationDate': None,
+                        'name': None,
+                        'type': 'geolocationversion'},
+ 'id': 'default',
+ 'ipv4': '192.168.133.7',
+ 'ipv6': None,
+ 'links': {'self': 'https://192.168.133.7/api/fdm/latest/operational/systeminfo/default'},
+ 'managementInterfaceName': 'br1',
+ 'modelId': 'B',
+ 'modelNumber': '75',
+ 'platformModel': 'Cisco Firepower Threat Defense for KVM',
+ 'securityIntelligenceFeedsInfo': {'id': 'f78b4875-4d43-11eb-9e04-838d9f38aad2',
+                                   'lastFeedsUpdateDate': None,
+                                   'type': 'securityintelligencefeedsinfo'},
+ 'serialNumber': '123ABC123AB',
+ 'snortVersion': {'id': '00000003-0000-0000-0000-000000000003',
+                  'name': '2.9.16-1025',
+                  'snortPackage': '/ngfw/var/sf/snort-2.9.16-1025/snort-75-2.9.16-1025-daq11.tar.bz2',
+                  'snortVersion': '2.9.16-1025',
+                  'type': 'snortversion'},
+ 'softwareVersion': '6.6.1-91',
+ 'sruVersion': {'id': '00000003-0000-0000-0000-000000000001',
+                'lastSuccessSRUDate': '2021-01-02 23:12:33Z',
+                'name': '2020-08-18-001-vrt',
+                'soMd5Checksum': 'f49e3ed1bfe85316b8b050ebfa99e52b',
+                'sruVersion': '2020-08-18-001-vrt',
+                'type': 'sruversion'},
+ 'systemUptime': 1609628582697,
+ 'type': 'systeminformation',
+ 'vdbVersion': {'appIDRevision': '74',
+                'id': '00000003-0000-0000-0000-000000000002',
+                'lastSuccessVDBDate': None,
+                'name': '336',
+                'navlRevision': '98',
+                'type': 'vdbversion',
+                'vdbCurrentBuild': '0',
+                'vdbCurrentVersion': '336',
+                'vdbReleaseDate': '2020-06-15 16:38:24'}}

docs/fp_output/send_command_params.txt

@@ -0,0 +1,14 @@
+'show interface ip brief'
+
+Interface                  IP-Address      OK? Method Status                Protocol
+GigabitEthernet0/0         unassigned      YES DHCP   up                    up
+GigabitEthernet0/1         192.168.45.1    YES manual up                    up
+GigabitEthernet0/2         unassigned      YES unset  administratively down up
+GigabitEthernet0/3         unassigned      YES unset  administratively down up
+Internal-Control0/0        127.0.1.1       YES unset  up                    up
+Internal-Control0/1        unassigned      YES unset  up                    up
+Internal-Data0/0           unassigned      YES unset  down                  up
+Internal-Data0/0           unassigned      YES unset  up                    up
+Internal-Data0/1           169.254.1.1     YES unset  up                    up
+Internal-Data0/2           unassigned      YES unset  up                    up
+Management0/0              unassigned      YES unset  up                    up

docs/index.rst

@@ -16,11 +16,12 @@ The intended usage is to replace some of the tedious clicking tasks from the GUI
    :maxdepth: 1
    :caption: Features:
 
-   access_rules
    deployments
    networks
    ports
    routing
+   policies
+   System <system>
 
 
 .. toctree::

docs/networks.rst

@@ -17,3 +17,5 @@ as variables, that can be used in Access Policy rules etc.
    .. automethod:: get_net_objects
    .. fp_output:: get_net_objects
    .. fp_output:: get_net_objects_params
+   .. automethod:: get_net_obj_or_grp
+   .. fp_output:: get_net_obj_or_grp_params

docs/policies.rst

@@ -0,0 +1,13 @@
+Security Policies
+=================
+
+.. py:currentmodule:: firepyer
+
+.. class:: Fdm
+   :noindex:
+
+   .. automethod:: create_access_rule
+   .. automethod:: get_access_rules
+   .. fp_output:: get_access_rules
+   .. automethod:: get_intrusion_policies
+   .. fp_output:: get_intrusion_policies

docs/ports.rst

@@ -10,7 +10,15 @@ as variables, that can be used in Access Policy rules etc.
 .. class:: Fdm
    :noindex:
 
+   .. automethod:: create_icmp_port
+   .. automethod:: create_port_group
+   .. automethod:: create_port_object
+   .. automethod:: get_icmp_ports
+   .. fp_output:: get_icmp_ports
+   .. fp_output:: get_icmp_ports_params
    .. automethod:: get_port_groups
    .. fp_output:: get_port_groups
+   .. automethod:: get_port_obj_or_grp
+   .. fp_output:: get_port_obj_or_grp_params
    .. automethod:: get_tcp_ports
    .. automethod:: get_udp_ports

docs/system.rst

@@ -0,0 +1,22 @@
+System Settings & Tasks
+=======================
+
+General system settings.
+
+
+.. py:currentmodule:: firepyer
+
+.. class:: Fdm
+   :noindex:
+
+   .. automethod:: create_syslog_server
+   .. automethod:: get_dhcp_servers
+   .. fp_output:: get_dhcp_servers
+   .. automethod:: get_hostname
+   .. automethod:: get_syslog_servers
+   .. fp_output:: get_syslog_servers
+   .. automethod:: get_system_info
+   .. fp_output:: get_system_info
+   .. automethod:: send_command
+   .. fp_output:: send_command_params
+   .. automethod:: set_hostname

docs/utils.rst

@@ -2,7 +2,7 @@ Utilities
 =========
 A few general utilites for working with the API and it's objects, such as importing data from CSV files.
 
-.. py:currentmodule:: firepyer.utils
+.. module:: firepyer.utils
 
 .. autofunction:: read_objects_csv