2012年8月29日 星期三

PHP-EXPECT SSH應用(TELNET)

使用expect可以簡單達到自動交互作用,之前都在SHELL底下工作,用排程完成相關作業。
最近使用PHP expect 移到WEB介面,可遠端利用WEB更輕鬆完成操作,搭配PHP語法更容控制整個程序,不用考慮SHELL下的權限問題。

底下範例:

使用TELNET連至EXTREME交換設備進行命作操作,針對抓取線上使用者MAC,收集所有MAC,針對異常MAC限制存取。


<?php
function getExtreme($cmd,$ip,$arg='')
{
switch ($cmd)
    {
    case "fdb":
        #取得MAC位置
        $cmdString="show fdb \n \n" ;
        break;
    case "setdenymac":
        #設定ACL
        $aclName="deny-$arg";
        $mac=preg_replace('/-/', ':',$arg);
        $cmdString=" create access-list $aclName \"ethernet-source-address $mac\" \"deny\" \n
        configure access-list add \"$aclName\" first any \n ";
        break;
    case "deldenymac":
        #刪除ACL
        $aclName="deny-$arg";
        $mac=preg_replace('/-/', ':',$arg);
        $cmdString="configure access-list delete \"$aclName\" any \n
        delete access-list \"$aclName\" \n ";
        break;
    default:
        return null;
    }
ini_set("expect.timeout", 3);
ini_set("expect.loguser", "Off");
##訂定常數
@define("LOGIN", 'login:');
@define("PASSWORD", 'password:');
@define("SHELL", '#');
@define("YESNO",'(y/N)');
#EXP_EXACT ..
## login get data
$stream = fopen("expect://telnet $ip", "r");
#$stream = expect_popen("telnet $ip");
$status=1;
while ($status) {
    switch (expect_expectl ($stream, array (
    array ('login:', 1 => LOGIN),
    array ('password:', 1 => PASSWORD),
    array ('#', 1 => SHELL, EXP_EXACT),
    array ('(y/N)', 1 => YESNO)
    ),$result))
    {
        case @LOGIN:
            fwrite ($stream, "cmdadmin\n");
            #echo "login\n" ;
        break;
            case @PASSWORD:
            fwrite ($stream, "cmdadminpw\n");
            #echo "password\n" ;
        break;
            case @SHELL:
            #echo 'shell';
            fwrite ($stream, $cmdString);
            sleep(1);
            fwrite ($stream, "exit\ny\n");
        break 2;
            case @YESNO:
            fwrite ($stream, "y\n");
            #echo "YESNO\n" ;
            break;
            case @EXP_TIMEOUT:
            case @EXP_EOF:
            $status=0;
        break 2;
            default:
            die ("Error has occurred!\n");
        break;
    }
}
## get output messages
$line = stream_get_contents($stream) ;
fclose ($stream);
switch ($cmd)
{
    case "fdb" :
    ## next page
    $tag="/ \[7mPress <SPACE> to continue or <Q> to quit: \[m \[60;D \[K/";
    $line = preg_replace($tag, '', $line);
    # ascii 0d 0a
    $log = explode("\r\n",$line);
    $fdblist = '';
    $pattern = "/([a-f0-9]{2}:){5}[a-f0-9]{2}/";
    for ($i=0; $i<count($log); $i++)
    {
        if (preg_match($pattern,$log[$i]))
        {
            #replace muitl space
            $log[$i]=preg_replace('/\s\s+/', ' ',$log[$i]);
            $fdblist[$i]=explode(' ',$log[$i]);
        }
    }
    return $fdblist;
    break;
    default:
    return true;
}
}
?>

#抓取有IP 192.168.200.253線上MAC(將Switch列在清單,就能一次取得線上所有主機MAC
使用方法:
print_r(getExtreme('fdb', '192.168.200.253')

 



#設定MAC ACL (該MAC就會無法存取)
getExtreme('setdenymac', '192.168.200.253','00:01:e6:b0:e2:a9')

#刪除MAC ACL (解除MAC ACL)
getExtreme('deldenymac', '192.168.200.253','00:01:e6:b0:e2:a9')

應用在WEB,已點選方式快速建立黑白名單,再與L3結合將IP及MAC關連

圖:線上管理
沒有留言:
標籤: ,

2012年8月7日 星期二

Fortigate disable IPS engines

Version: Fortigate-3240C v4.0,build4188,120620 (MR3)

FG3240C-HA# diag test application ipsmonitor 98
FG3240C-HA# diagnose sys top
Run Time:  1 days, 8 hours and 49 minutes
0U, 0S, 100I; 10956T, 6128F, 193KF
     proxyworker       80      S       0.0     0.9
          cw_acd      116      S       0.0     0.4
         cmdbsvr       57      S       0.0     0.4
          httpsd      168      S       0.0     0.3
          httpsd      122      S       0.0     0.3
       forticron       77      S       0.0     0.2
          httpsd       70      S       0.0     0.2
         miglogd       68      S       0.0     0.2
       scanunitd      130      S <     0.0     0.1
       scanunitd      124      S <     0.0     0.1
       scanunitd      128      S <     0.0     0.1
       scanunitd      129      S <     0.0     0.1
       scanunitd      125      S <     0.0     0.1
       scanunitd      126      S <     0.0     0.1
       scanunitd      127      S <     0.0     0.1
       scanunitd      123      S <     0.0     0.1
       scanunitd       73      S <     0.0     0.1
       urlfilter       79      S       0.0     0.1
       wad_diskd       72      S       0.0     0.1
          newcli     1525      R       0.0     0.1


# diag test application ipsmonitor IPS Engine Test Usage: (Values for >
1: Display IPS engine information
2: Toggle IPS engine enable/disable status
3: Display restart log
4: Clear restart log
5: Toggle bypass status
6: Submit attack characteristics now
97: Start all IPS engines
98: Stop all IPS engines
99: Restart all IPS engines and monitor

The most common command that we issue to deal with the IPS Engine running high is the following which restarts the IPS process:

# diag test application ipsmonitor 99

config ids process (default 8)
#config system global
    set proxy-worker-count 1
end

# diagnose debug crashlog clear
# diagnose debug crashlog get


沒有留言:
標籤:

2012年8月1日 星期三

PHP 查詢已載入模組, 查詢模組功能

##檢查'rrdtool'是否載入, 若不存在就動態載入

<?php
  if (!extension_loaded('rrdtool'))
  {
     if (function_exists('rrdtool')
     {
       dl('rrdtool.so');
     }
  }
  dl('gd.so');
 #列出所有已載入的模組
  print_r(get_loaded_extensions());
  echo "xml modules\n";
  #列出模組XML, 的所有FUNC
  print_r(get_extension_funcs("xml"));

?>


Array
(
    [0] => Core
    [1] => date
    [2] => ereg
    [3] => libxml
...
)
Array
(
    [0] => xml_parser_create
    [1] => xml_parser_create_ns
    [2] => xml_set_object
...
)


#列出所有已載入的模組
phpinfo(INFO_MODULES);


##命令 查詢已載模組
# php -m

php.ini , 是否允許動態載入模組
  enable_dl = Off

預設模組載入路徑 /etc/php.d/
# more /etc/php.d/ssh2.ini
   extension=ssh2.so

# ls /usr/lib64/php/modules/
curl.so    fileinfo.so  json.so    mysql.so      pdo.so         phar.so     snmp.so     ssh2.so
expect.so  gd.so        mysqli.so  pdo_mysql.so  pdo_sqlite.so  rrdtool.so  sqlite3.so  zip.so


CentOS6 x86_64

沒有留言:
訂閱: 文章 (Atom)

Extreme XOS run pyton scripts

XOS run python scripts v15.7 or high 將交換器上的 IP & MAC 往syslog 丟, 簡單將IP資料保留下 ## 編緝Scripts # vi ip2syslog.py #!/usr/bin/python # ...

  • CACTI Alert 增加 LineNotify
    加入CACTI程式裡, 取代原有的2G簡訊系統, 改由LineNotify 增加在plugins: settings & thold 的function 內 # vim plugins/settings/include/functions.php    funct...
  • Fortigate disable IPS engines
    Version: Fortigate-3240C v4.0,build4188,120620 (MR3) FG3240C-HA # diag test application ipsmonitor 98 FG3240C-HA# diagnose sys top Run T...
  • Rsyslog 收集所有設備SYSLOG, 依設備的IP分檔案儲存
    Rsyslog增加 udp & tcp syslog 服務, RULES 來源IP分類檔案 若是有大量設備效果非常好, 也可必免單檔快速過大 #  cat /etc/rsyslog.conf # Provides UDP syslog reception $M...