mirror of
https://github.com/pavel-odintsov/fastnetmon
synced 2024-11-22 20:42:03 +01:00
Juniper Implementation (#747)
This commit is contained in:
parent
12ac8ce551
commit
571ea4847a
3
.gitmodules
vendored
Normal file
3
.gitmodules
vendored
Normal file
@ -0,0 +1,3 @@
|
||||
[submodule "src/juniper_plugin/netconf"]
|
||||
path = src/juniper_plugin/netconf
|
||||
url = https://github.com/Juniper/netconf-php.git
|
65
src/juniper_plugin/README.md
Normal file
65
src/juniper_plugin/README.md
Normal file
@ -0,0 +1,65 @@
|
||||
Juniper FastNetMon plug-in
|
||||
===========
|
||||
|
||||
Overview
|
||||
--------
|
||||
Connects to a Juniper router and adds or removes a blackhole rule for an attack by IP address.
|
||||
|
||||
The actions can be modified such as adding a firewall rule.
|
||||
|
||||
This script uses the Juniper NETCONF PHP API. More information about this can be found at the following URL:
|
||||
* https://github.com/Juniper/netconf-php
|
||||
|
||||
Installation
|
||||
------------
|
||||
|
||||
#### Prerequisite
|
||||
You must have a user and netconf enabled on your Juniper
|
||||
|
||||
to enable netconf go to your cli and type:
|
||||
```
|
||||
user@host> configure
|
||||
user@host# set netconf ssh
|
||||
```
|
||||
if you wish to change netconf port instead of
|
||||
```
|
||||
user@host# set netconf ssh
|
||||
```
|
||||
use
|
||||
```
|
||||
user@host# set netconf ssh port <number>
|
||||
```
|
||||
|
||||
Install php to your server:
|
||||
```
|
||||
sudo apt-get install php-cli php
|
||||
```
|
||||
|
||||
#### Process
|
||||
1. Configure the router in the ```fastnetmon_juniper.php``` file
|
||||
```
|
||||
$cfg['hostname'] = "10.0.0.1"; // Juniper IP
|
||||
$cfg['port'] = 880; //NETCONF Port
|
||||
$cfg['username'] = "user"; //user
|
||||
$cfg['password'] = "password"; //pass
|
||||
```
|
||||
2. Change the ```notify_about_attack.sh``` with the new to run the PHP script
|
||||
|
||||
This is the first buggy version, you are welcome to add more features.
|
||||
|
||||
3. Set executable bit ```sudo chmod +x /etc/fastnetmon/scripts/notify_about_attack.sh```
|
||||
|
||||
4. For FastNetMon Advanced, please disable details:
|
||||
|
||||
```
|
||||
sudo fcli set main notify_script_pass_details disable
|
||||
sudo fcli commit
|
||||
```
|
||||
|
||||
Changelog
|
||||
---------
|
||||
v1.0 - 5 Dec 18 - Initial version
|
||||
|
||||
Author: Christian David <davidchristia@gmail.com>
|
||||
|
||||
Based on Mikrotik Plugin by Maximiliano Dobladez <info@mkesolutions.net>
|
121
src/juniper_plugin/fastnetmon_juniper.php
Normal file
121
src/juniper_plugin/fastnetmon_juniper.php
Normal file
@ -0,0 +1,121 @@
|
||||
#!/usr/bin/php
|
||||
<?php
|
||||
/*****************************
|
||||
*
|
||||
* Juniper PHP Integration for Fastnetmon
|
||||
*
|
||||
* This script connect to Juniper Router and add or remove a blackhole's rule for the IP attack
|
||||
*
|
||||
* Author: Christian David <davidchristia@gmail.com>
|
||||
*
|
||||
* Credits for the Netconf API By Juniper/netconf-php <https://github.com/Juniper/netconf-php>
|
||||
* Script based on Mikrotik Plugin by Maximiliano Dobladez <info@mkesolutions.net>
|
||||
*
|
||||
* Made based on a MX5 CLI and not tested yet, please feedback-us in Issues on github
|
||||
*
|
||||
* LICENSE: GPLv2 GNU GENERAL PUBLIC LICENSE
|
||||
*
|
||||
*
|
||||
* v1.0 - 5 Dec 18 - initial version
|
||||
******************************/
|
||||
|
||||
define( "_VER", '1.0' );
|
||||
|
||||
$date = date("Y-m-d H:i:s", time());
|
||||
|
||||
// You need to enable NETCONF on your juniper
|
||||
// https://www.juniper.net/documentation/en_US/junos/topics/task/configuration/netconf-ssh-connection-establishing.html#task-netconf-service-over-ssh-enabling
|
||||
$cfg['hostname'] = "10.0.0.1"; // Juniper IP
|
||||
$cfg['port'] = 880; //NETCONF Port
|
||||
$cfg['username'] = "user"; //user
|
||||
$cfg['password'] = "password"; //pass
|
||||
|
||||
/*
|
||||
PARAMS(
|
||||
$argv[1] = STRING (IP)
|
||||
$argv[2] = STRING (ATTACK DIRECTION)
|
||||
$argv[3] = STRING (PPS)
|
||||
$argv[4] = STRING (ACTION = BAN OR UNBAN)
|
||||
)
|
||||
*/
|
||||
$IP_ATTACK = $argv[ 1 ];
|
||||
$DIRECTION_ATTACK = $argv[ 2 ];
|
||||
$POWER_ATTACK = $argv[ 3 ];
|
||||
$ACTION_ATTACK = $argv[ 4 ];
|
||||
if ( $argc <= 4 ) {
|
||||
$msg .= "Juniper API Integration for FastNetMon - Ver: " . _VER . "\n";
|
||||
$msg .= "missing arguments";
|
||||
$msg .= "php fastnetmon_juniper.php [IP] [data_direction] [pps_as_string] [action] \n";
|
||||
echo $msg;
|
||||
exit( 1 );
|
||||
}
|
||||
//NOTE help
|
||||
if ( $argv[ 1 ] == "help" ) {
|
||||
$msg = "Juniper API Integration for FastNetMon - Ver: " . _VER;
|
||||
echo $msg;
|
||||
exit( 1 );
|
||||
}
|
||||
|
||||
require_once "netconf/netconf/Device.php";
|
||||
$conn = new Device($cfg);
|
||||
switch($ACTION_ATTACK){
|
||||
case 'ban':
|
||||
try{
|
||||
$desc = 'FastNetMon Guard: IP '. $IP_ATTACK .' unblocked because '. $DIRECTION_ATTACK .' attack with power '. $POWER_ATTACK .' pps | at '.$fecha_now;
|
||||
$conn->connect(); //Try conect or catch NetconfException (Wrong username, Timeout, Device not found, etc)
|
||||
$locked = $conn->lock_config(); //Equivalent of "configure exclusive" on Juniper CLI
|
||||
if($locked){
|
||||
//Community 65535:666 = BLACKHOLE
|
||||
$conn->load_set_configuration("set routing-options static route {$IP_ATTACK} community 65535:666 discard");
|
||||
$conn->commit();
|
||||
}
|
||||
$conn->unlock(); //Unlock the CLI
|
||||
$conn->close(); //Close the connection
|
||||
_log($desc);
|
||||
|
||||
}
|
||||
catch(NetconfException $e){
|
||||
$msg = "Couldn't connect to " . $cfg['hostname'] . '\nLOG: '.$e;
|
||||
_log( $msg );
|
||||
echo $msg;
|
||||
exit( 1 );
|
||||
}
|
||||
break;
|
||||
case 'unban':
|
||||
try{
|
||||
$desc = 'FastNetMon Guard: IP '. $IP_ATTACK .' remove from blacklist.';
|
||||
$conn->connect(); //Try conect or catch NetconfException (Wrong username, Timeout, Device not found, etc)
|
||||
$locked = $conn->lock_config(); //Equivalent of "configure exclusive" on Juniper CLI
|
||||
if($locked){
|
||||
$conn->load_set_configuration("delete routing-options static route {$IP_ATTACK}/32");
|
||||
$conn->commit();
|
||||
}
|
||||
$conn->unlock(); //Unlock the CLI
|
||||
$conn->close(); //Close the connection
|
||||
_log($desc);
|
||||
}
|
||||
catch(NetconfException $e){
|
||||
$msg = "Couldn't connect to " . $cfg['hostname'] . '\nLOG: '.$e;
|
||||
_log( $msg );
|
||||
echo $msg;
|
||||
exit( 1 );
|
||||
}
|
||||
break;
|
||||
default:
|
||||
$msg = "Juniper API Integration for FastNetMon - Ver: " . _VER;
|
||||
echo $msg;
|
||||
exit( 1 );
|
||||
break;
|
||||
}
|
||||
/**
|
||||
* [_log Write a log file]
|
||||
* @param [type] $msg [text to log]
|
||||
* @return [type]
|
||||
*/
|
||||
function _log( $msg ) {
|
||||
$FILE_LOG_TMP = "/tmp/fastnetmon_api_juniper.log";
|
||||
if ( !file_exists( $FILE_LOG_TMP ) ) exec( "echo `date` \"- [FASTNETMON] - " . $msg . " \" > " . $FILE_LOG_TMP );
|
||||
else exec( "echo `date` \"- [FASTNETMON] - " . $msg . " \" >> " . $FILE_LOG_TMP );
|
||||
|
||||
}
|
||||
?>
|
1
src/juniper_plugin/netconf
Submodule
1
src/juniper_plugin/netconf
Submodule
@ -0,0 +1 @@
|
||||
Subproject commit 652a8b61c27bbe627c752569a489bcb455b31b67
|
17
src/juniper_plugin/notify_about_attack.sh
Executable file
17
src/juniper_plugin/notify_about_attack.sh
Executable file
@ -0,0 +1,17 @@
|
||||
#!/usr/bin/env bash
|
||||
#
|
||||
# Fastnetmon: Juniper plugin
|
||||
#
|
||||
# Author: - info@mkesolutions.net - http://maxid.com.ar
|
||||
# Modified by Christian David <davidchristia@gmail.com> for juniper implementation
|
||||
#
|
||||
# This script will get following params:
|
||||
# $1 client_ip_as_string
|
||||
# $2 data_direction
|
||||
# $3 pps_as_string
|
||||
# $4 action (ban or unban)
|
||||
|
||||
|
||||
php -f /opt/fastnetmon/fastnetmon_juniper.php $1 $2 $3 $4
|
||||
exit 0
|
||||
|
Loading…
Reference in New Issue
Block a user