Very experimental miscellaneous and extra utilities for fortios

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for ssato from gravatar.com ssato

Unverified details

These details have not been verified by PyPI
Project links
Meta
Classifiers
Report project as malware

Project description

fortios-xutils

[Latest Version] [Python versions] MIT License Test status [Code Quality by LGTM]

Very experimental miscellaneous and extra utilities for fortios (fortigate).

Features

  • Parse and dump a structured JSON file from fortios CLI’s “show *configuration” outputs

  • Search an item or items from JSON files generated as a parsed result from fortios CLI’s “show *configuration” outputs, using JMESPath query

  • Collect nework information from the JSON files and generate a structured JSON files gives that network information

  • Compose multiple network JSON files into a network file

  • Analyze and dump firewall policy table as a pandas data for further analysis

  • Search firewall policy matches given ip address

  • Find the network paths from network JSON file by ip address (src and dst) to figure out which firewall nodes to configure

CLI Usage

See fortios_xutils –help.

ssato@x1-carbon-gen6% PYTHONPATH=src python3 ./src/fortios_xutils/cli.py --help
Usage: cli.py [OPTIONS] COMMAND [ARGS]...

  CLI frontend entrypoint.

Options:
  -v, --verbose
  --help         Show this message and exit.

Commands:
  firewall-policy-save    Make and save firewall policy table...
  firewall-policy-search  Search firewall policy table generated by...
  network-collect         Make and save network data collected from the
                          JSON...

  network-compose         Compose network files collected from the
                          fortigate...

  network-find-paths      Search paths from the source `src_ip` to the...
  parse                   Parse fortigate CLI's "show *configuration*...
  search                  Search an item or items from JSON file generated...
ssato@x1-carbon-gen6% for sc in parse search network-collect network-compose firewall-policy-save firewall-policy-search; do echo "# $sc"; PYTHONPATH=src python3 ./src/fortios_xutils/cli.py $sc --help; done
# parse
Usage: cli.py parse [OPTIONS] [FILEPATHS]...

  Parse fortigate CLI's "show *configuration* outputs and generate a
  structured JSON file. FILEPATHS is a list of file paths or a glob pattern
  gives that.

  Examples:

      $ fortios_xutils parse -O /tmp/0 \
      > tests/res/show_configs/fortigate_cli_show_sample_*.txt
      $ ls /tmp/0
      fortigate-01  fortigate-02
      $ ls /tmp/0/fortigate-01:
      all.json                         firewall_address.json
      firewall_addrgrp.json            firewall_policy.json
      firewall_service_category.json   firewall_service_custom.json
      firewall_service_group.json      metadata.json
      system_global.json               system_interface.json
      system_object-tagging.json       system_replacemsg-group.json
      system_settings.json
      $ jq '.' /tmp/0/fortigate-01/system_interface.json
      [
        {
          "edit": "dmz",
          "vdom": "root",
          "status": "down",
          "type": "physical",
          "role": "dmz",
          "snmp-index": "1"
        },
        {
          "edit": "port1",
          "vdom": "root",
          "ip": [
            "192.168.122.10",
            "255.255.255.0"
          ],
              ... (snip) ...

Options:
  -O, --outdir TEXT  Output dir to save parsed results [out/ relative to input
                     filepath]

  --help             Show this message and exit.
# search
Usage: cli.py search [OPTIONS] [FILEPATHS]...

  Search an item or items from JSON file generated previously by 'parse' sub
  command. FILEPATHS is a list of file paths or a glob pattern gives that.

  Examples:

      $ # List ip addresses of system interfaces.
      $ fortios_xutils search \
      > -P "configs[?config=='system interface'].edits[].ip" \
      > tests/res/parsed/fortigate-01/all.json
      [
          [
              "192.168.122.10",
              "255.255.255.0"
          ],
          [
              "192.168.1.10",
              "255.255.255.0"
          ]
      ]
      $

Options:
  -P, --path TEXT  JMESPath expression to query
  --help           Show this message and exit.
# network-collect
Usage: cli.py network-collect [OPTIONS] [FILEPATHS]...

  Collect and save network data from the parsed and structured fortigate's
  configuration files in JSON formats. FILEPATHS is a list of path of the
  JSON file, the parsed results of fortigate CLI's "show \*configuration"
  outputs.

  Examples:

      $ fortios_xutils network-collect tests/res/parsed/*/all.json
      $ head -n 10 tests/res/parsed/fortigate-01/networks.yml
      metadata:
        type: metadata
        input: tests/res/parsed/fortigate-01/all.json
        prefix: 24
        timestamp: 2020-05-12_04_58_57
        version: '1.0'
      nodes:
      - id: fortigate-01
        name: fortigate-01
        type: firewall
      $

Options:
  -O, --outdir TEXT  Dir to save results
  -P, --prefix TEXT  Max network prefix [24]
  --help             Show this message and exit.
# network-compose
Usage: cli.py network-compose [OPTIONS] [FILEPATHS]...

  Compose network files collected from the fortigate CLI's configurations
  from multiple fortigate hosts using the preivous network-collect command,
  into a network file.

  Examples:

      $ fortios_xutils network-compose \
      > tests/res/parsed/fortigate-0*/networks.yml \
      > -o tests/res/networks/all.yml
      $ head -n 10 tests/res/networks/all.yml
      metadata:
        inputs:
        - tests/res/parsed/fortigate-01/all.json
        - tests/res/parsed/fortigate-02/all.json
        timestamp: 2020-05-12_05_02_49
        version: '1.0'
      nodes:
      - id: fortigate-01
        name: fortigate-01
        type: firewall
      $

Options:
  -o, --outpath TEXT  Path of the outpath file to save network JSON data
  --help              Show this message and exit.
# firewall-policy-save
Usage: cli.py firewall-policy-save [OPTIONS] [FILEPATHS]...

  Make and save firewall policy table (:class:`pandas.DataFrame` object).

  Examples:

      $ fortios_xutils firewall-policy-save \
      > -o /tmp/0/test.pickle.gz \
      > tests/res/parsed/fortigate-01/all.json
      $ file /tmp/0/test.pickle.gz
      /tmp/0/test.pickle.gz: gzip compressed data, was "test.pickle"  ...
      $

Options:
  -O, --outdir TEXT  Dir to save results [same dir input files exist]
  --help             Show this message and exit.
# firewall-policy-search
Usage: cli.py firewall-policy-search [OPTIONS] FILEPATH

  Search firewall policy table generated by 'firewall-policy-save' command,
  by ip address. FILEPATH is a file path to the pandas dataframe file
  generated by 'firewall-policy-save' command.

  Examples:

      $ fortios_xutils firewall-policy-search \
      > --ip 192.168.122.3 /tmp/0/test.pickle.gz
      [
        {
          "edit": "20",
          "name": "Monitor_Servers_02",
          "uuid": "3da73baa-dacb-48cb-852c-c4be245b4609",
          "srcintf": "port1",
          "dstintf": "",
          "srcaddr": "host_192.168.122.1",
          "dstaddr": "network_192.168.122.0/24",
          "action": "accept",
          "schedule": "always",
          "service": [
            "HTTPS",
            "HTTP"
          ],
          "inspection-mode": "",
          "nat": "",
          "srcaddrs": [
            "192.168.122.1/32"
          ],
          "dstaddrs": [
            "192.168.122.0/24"
          ],
          "comments": ""
        }
      ]

Options:
  -i, --ip TEXT  Specify an IP address to search
  --help         Show this message and exit.
ssato@x1-carbon-gen6%

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page