Juniper Implementation (#747)

2018-12-06 14:33:42 -03:00 · 2018-12-06 14:33:42 -03:00 · 571ea4847a
parent 12ac8ce551
commit 571ea4847a
5 changed files with 207 additions and 0 deletions
--- a/.gitmodules
+++ b/.gitmodules
@ -0,0 +1,3 @@
+[submodule "src/juniper_plugin/netconf"]
+	path = src/juniper_plugin/netconf
+	url = https://github.com/Juniper/netconf-php.git
--- a/src/juniper_plugin/README.md
+++ b/src/juniper_plugin/README.md
@ -0,0 +1,65 @@
+Juniper FastNetMon plug-in
+===========
+
+Overview
+--------
+Connects to a Juniper router and adds or removes a blackhole rule for an attack by IP address.
+
+The actions can be modified such as adding a firewall rule.
+
+This script uses the Juniper NETCONF PHP API. More information about this can be found at the following URL:
+ * https://github.com/Juniper/netconf-php
+
+Installation
+------------
+
+#### Prerequisite
+You must have a user and netconf enabled on your Juniper
+
+to enable netconf go to your cli and type:
+```
+user@host> configure
+user@host# set netconf ssh
+```
+if you wish to change netconf port instead of
+```
+user@host# set netconf ssh
+```
+use
+```
+user@host# set netconf ssh port <number>
+``` 
+
+Install php to your server:
+```
+sudo apt-get install php-cli php
+```
+
+#### Process
+1.  Configure the router in the ```fastnetmon_juniper.php``` file
+```
+$cfg['hostname'] = "10.0.0.1"; // Juniper IP
+$cfg['port'] = 880; //NETCONF Port 
+$cfg['username'] = "user"; //user
+$cfg['password'] = "password"; //pass
+```
+2. Change the ```notify_about_attack.sh``` with the new to run the PHP script
+
+This is the first buggy version, you are welcome to add more features.
+
+3. Set executable bit ```sudo chmod +x /etc/fastnetmon/scripts/notify_about_attack.sh```
+
+4. For FastNetMon Advanced, please disable details:
+
+```
+sudo fcli set main notify_script_pass_details disable
+sudo fcli commit
+```
+
+Changelog
+---------
+v1.0 - 5 Dec 18 - Initial version
+
+Author: Christian David <davidchristia@gmail.com>
+
+Based on Mikrotik Plugin by Maximiliano Dobladez <info@mkesolutions.net>
--- a/src/juniper_plugin/fastnetmon_juniper.php
+++ b/src/juniper_plugin/fastnetmon_juniper.php
@ -0,0 +1,121 @@
+#!/usr/bin/php
+<?php
+/*****************************
+ *
+ * Juniper PHP Integration for Fastnetmon
+ *
+ * This script connect to Juniper Router and add or remove a blackhole's rule for the IP attack
+ * 
+ * Author: Christian David <davidchristia@gmail.com>
+ *
+ * Credits for the Netconf API By Juniper/netconf-php <https://github.com/Juniper/netconf-php>
+ * Script based on Mikrotik Plugin by Maximiliano Dobladez <info@mkesolutions.net>
+ *
+ * Made based on a MX5 CLI and not tested yet, please feedback-us in Issues on github
+ * 
+ * LICENSE: GPLv2 GNU GENERAL PUBLIC LICENSE
+ *
+ *
+ * v1.0 - 5 Dec 18 - initial version
+ ******************************/
+
+define( "_VER", '1.0' );
+
+$date = date("Y-m-d H:i:s", time());
+
+// You need to enable NETCONF on your juniper
+// https://www.juniper.net/documentation/en_US/junos/topics/task/configuration/netconf-ssh-connection-establishing.html#task-netconf-service-over-ssh-enabling
+$cfg['hostname'] = "10.0.0.1"; // Juniper IP
+$cfg['port'] = 880; //NETCONF Port 
+$cfg['username'] = "user"; //user
+$cfg['password'] = "password"; //pass
+
+/*
+PARAMS(
+    $argv[1] = STRING (IP)
+    $argv[2] = STRING (ATTACK DIRECTION)
+    $argv[3] = STRING (PPS)
+    $argv[4] = STRING (ACTION = BAN OR UNBAN)
+)
+*/
+$IP_ATTACK          = $argv[ 1 ];
+$DIRECTION_ATTACK   = $argv[ 2 ];
+$POWER_ATTACK       = $argv[ 3 ];
+$ACTION_ATTACK      = $argv[ 4 ];
+if ( $argc <= 4 ) {
+    $msg .= "Juniper API Integration for FastNetMon  - Ver: " . _VER . "\n";
+    $msg .= "missing arguments";
+    $msg .= "php fastnetmon_juniper.php [IP] [data_direction] [pps_as_string] [action]  \n";
+    echo $msg;
+    exit( 1 );
+}
+//NOTE  help
+if ( $argv[ 1 ] == "help" ) {
+    $msg = "Juniper API Integration for FastNetMon  - Ver: " . _VER;
+    echo $msg;    
+    exit( 1 );
+}
+
+require_once "netconf/netconf/Device.php";
+$conn = new Device($cfg);
+switch($ACTION_ATTACK){
+    case 'ban':
+        try{
+            $desc = 'FastNetMon Guard: IP '. $IP_ATTACK .' unblocked because '. $DIRECTION_ATTACK .' attack with power '. $POWER_ATTACK .' pps | at '.$fecha_now;
+            $conn->connect(); //Try conect or catch NetconfException (Wrong username, Timeout, Device not found, etc)
+            $locked = $conn->lock_config(); //Equivalent of "configure exclusive" on Juniper CLI
+            if($locked){
+                //Community 65535:666 = BLACKHOLE
+                $conn->load_set_configuration("set routing-options static route {$IP_ATTACK} community 65535:666 discard");
+                $conn->commit();
+            }
+            $conn->unlock(); //Unlock the CLI
+            $conn->close(); //Close the connection
+            _log($desc);
+
+        }
+        catch(NetconfException $e){
+            $msg = "Couldn't connect to " . $cfg['hostname'] . '\nLOG: '.$e;
+            _log( $msg );
+            echo $msg;
+            exit( 1 );
+        }
+        break;
+    case 'unban':
+        try{
+            $desc = 'FastNetMon Guard: IP '. $IP_ATTACK .' remove from blacklist.';
+            $conn->connect(); //Try conect or catch NetconfException (Wrong username, Timeout, Device not found, etc)
+            $locked = $conn->lock_config(); //Equivalent of "configure exclusive" on Juniper CLI
+            if($locked){
+                $conn->load_set_configuration("delete routing-options static route {$IP_ATTACK}/32");
+                $conn->commit();
+            }
+            $conn->unlock(); //Unlock the CLI
+            $conn->close(); //Close the connection
+            _log($desc);            
+        }
+        catch(NetconfException $e){
+            $msg = "Couldn't connect to " . $cfg['hostname'] . '\nLOG: '.$e;
+            _log( $msg );
+            echo $msg;
+            exit( 1 );
+        }
+        break;
+    default:
+        $msg = "Juniper API Integration for FastNetMon  - Ver: " . _VER;
+        echo $msg;    
+        exit( 1 );
+        break;
+}
+/**
+ * [_log Write a log file]
+ * @param  [type] $msg [text to log]
+ * @return [type]      
+ */
+function _log( $msg ) {
+    $FILE_LOG_TMP = "/tmp/fastnetmon_api_juniper.log";
+    if ( !file_exists( $FILE_LOG_TMP ) )    exec( "echo `date` \"- [FASTNETMON] - " . $msg . " \" > " . $FILE_LOG_TMP );
+    else exec( "echo `date` \"- [FASTNETMON] - " . $msg . " \" >> " . $FILE_LOG_TMP );
+     
+}
+?>
--- a/src/juniper_plugin/netconf
+++ b/src/juniper_plugin/netconf
@ -0,0 +1 @@
+Subproject commit 652a8b61c27bbe627c752569a489bcb455b31b67
--- a/src/juniper_plugin/notify_about_attack.sh
+++ b/src/juniper_plugin/notify_about_attack.sh
@ -0,0 +1,17 @@
+#!/usr/bin/env bash
+#
+#  Fastnetmon: Juniper plugin  
+#  
+#  Author: - info@mkesolutions.net - http://maxid.com.ar  
+#  Modified by Christian David <davidchristia@gmail.com> for juniper implementation
+#
+# This script will get following params:
+#  $1 client_ip_as_string
+#  $2 data_direction
+#  $3 pps_as_string
+#  $4 action (ban or unban)
+  
+ 
+php -f /opt/fastnetmon/fastnetmon_juniper.php $1 $2 $3 $4
+exit 0
+
				`@ -0,0 +1 @@`
				`Subproject commit 652a8b61c27bbe627c752569a489bcb455b31b67`