From 5d16513da0a43c12c6f051850cf446ce7e2480a2 Mon Sep 17 00:00:00 2001 From: Eric Chou Date: Thu, 7 Jul 2016 18:49:13 -0700 Subject: [PATCH 1/9] Added a10_plugin for A10 Networks TPS onramp --- src/a10_plugin/a10.py | 43 ++++++++ src/a10_plugin/a10.pyc | Bin 0 -> 1561 bytes src/a10_plugin/fastnetmon_a10_v0.2.py | 143 ++++++++++++++++++++++++++ 3 files changed, 186 insertions(+) create mode 100755 src/a10_plugin/a10.py create mode 100644 src/a10_plugin/a10.pyc create mode 100755 src/a10_plugin/fastnetmon_a10_v0.2.py diff --git a/src/a10_plugin/a10.py b/src/a10_plugin/a10.py new file mode 100755 index 0000000..a391b61 --- /dev/null +++ b/src/a10_plugin/a10.py @@ -0,0 +1,43 @@ + +# +# v0.1 +# ericc@a10networks.com +# + +import json, urllib2 + +def axapi_auth(host, username, password): + base_uri = 'https://'+host + auth_payload = {"credentials": {"username": username, "password": password}} + r = axapi_action(base_uri + '/axapi/v3/auth', payload=auth_payload) + signature = json.loads(r)['authresponse']['signature'] + return base_uri, signature + + +def axapi_action(uri, payload='', signature='', method='POST'): + try: + if method == 'POST': + req = urllib2.Request(uri) + req.add_header('content-type', 'application/json') + if signature: + req.add_header('Authorization', 'A10 {0}'.format(signature)) + response = urllib2.urlopen(req, json.dumps(payload)) + elif method == 'GET': + req = urllib2.Request(uri) + req.add_header('content-type', 'application/json') + if signature: + req.add_header('Authorization', 'A10 {0}'.format(signature)) + response = urllib2.urlopen(req) + elif method == 'DELETE': + req = urllib2.Request(uri) + req.add_header('content-type', 'application/json') + req.get_method = lambda: 'DELETE' + if signature: + req.add_header('Authorization', 'A10 {0}'.format(signature)) + response = urllib2.urlopen(req) + return response.read() + except Exception as e: + raise + + + diff --git a/src/a10_plugin/a10.pyc b/src/a10_plugin/a10.pyc new file mode 100644 index 0000000000000000000000000000000000000000..116396cb82b079aba1fbcefcb96e9151ac785172 GIT binary patch literal 1561 zcmbtT-D(s`6h77SlbB631~JMmi|mEWg{BjQC?cY`gEvc7IsqlSFjl%MnV$4?cdDw@ z=nR7Kt$c$8?|c&cC72r z51f6a5A#x+Fb|oP&ibk>ybT=8XM2SXwX+>AcJdE<=;<_MWf8dafrrq7z;1kpeTu$c z`jFs2iDDHex}&}A)h;^;);o^Qzqo|Gbg(9yzX2)kmqQ!dv|rZouJ)m@VOSQicWJEG zR(n-m?_~vxE7f6`gMn1o<4U9eR*{-hKdZ}XS)uXM?4JI)xs`JIoG-@}1YaPJ!^euj zQM4bCD;TSRU23v{%-_3zbho-GBzc%sn^>NKmhp`sY$QwAPkDAK z{d>kStMBJ}xMTE#-ynM|>M-eKxN4W@+0HGI6MIlwA0{L6`#QB1cWW|x+z-rH!e5yv2{AQfrLzYzjVF`N zZLplMyjFa)djVv+Ughe>v!_fRGyccC3PNubr>3{Ho3$SV=ewp^AYJk TLNhE)o!bZ8O(DUR=-li#ODQ&= literal 0 HcmV?d00001 diff --git a/src/a10_plugin/fastnetmon_a10_v0.2.py b/src/a10_plugin/fastnetmon_a10_v0.2.py new file mode 100755 index 0000000..60816a1 --- /dev/null +++ b/src/a10_plugin/fastnetmon_a10_v0.2.py @@ -0,0 +1,143 @@ +#!/usr/bin/python + +# +# v0.2 created [ban |unban] [on ramp | off ramp action] for A10 TPS +# Eric Chou (ericc@a10networks.com) +# + +import sys +from sys import stdin +import optparse +import logging, json +from a10 import axapi_auth, axapi_action + +LOG_FILE = "/var/log/fastnetmon-notify.log" + + +logger = logging.getLogger("DaemonLog") +logger.setLevel(logging.INFO) +formatter = logging.Formatter("%(asctime)s - %(name)s - %(levelname)s - %(message)s") +handler = logging.FileHandler(LOG_FILE) +handler.setFormatter(formatter) +logger.addHandler(handler) + + + +client_ip_as_string=sys.argv[1] +data_direction=sys.argv[2] +pps_as_string=int(sys.argv[3]) +action=sys.argv[4] + +logger.info(" - " . join(sys.argv)) + + +# A10 Mitigator Information +mitigator_ip = "192.168.199.152" +zone_name = client_ip_as_string + "_zone" +ip_addr = client_ip_as_string +asn="64513" +mitigator_base_url, signature = axapi_auth(mitigator_ip, "admin", "a10") + + +if action == "unban": + try: + r = axapi_action(mitigator_base_url+'/axapi/v3/router/bgp/'+asn+'/network/ip-cidr/'+ip_addr+'%2F32', method="DELETE", signature=signature) + except Exception as e: + logger.info("route not removed in unban, returned: " + str(e)) + + axapi_action(mitigator_base_url+'/axapi/v3/logoff', signature=signature) + + sys.exit(0) + +elif action == "ban": + + r = axapi_action(mitigator_base_url+'/axapi/v3/ddos/dst/zone/', method='GET', signature=signature) + if zone_name in [i['zone-name'] for i in json.loads(r)['zone-list']]: + r = axapi_action(mitigator_base_url+'/axapi/v3/ddos/dst/zone/'+zone_name, method="DELETE", signature=signature) + logger.info(str(r)) + axapi_action(mitigator_base_url+'/axapi/v3/logoff', signature=signature) + + # A10 Mitigation On Ramp + mitigator_base_url, signature = axapi_auth(mitigator_ip, "admin", "a10") + zone_name = client_ip_as_string + "_zone" + ip_addr = client_ip_as_string + port_num = 53 + port_protocol = 'udp' + ddos_violation_action_payload = { + "zone-list": [ + { + "zone-name":zone_name, + "ip": [ + { + "ip-addr":ip_addr + } + ], + "operational-mode":"monitor", + "port": { + "zone-service-list": [ + { + "port-num":port_num, + "protocol":port_protocol, + "level-list": [ + { + "level-num":"0", + "zone-escalation-score":1, + "indicator-list": [ + { + "type":"pkt-rate", + "score":50, + "zone-threshold-num":1, + "zone-violation-actions":"bmf_a10_script", + } + ], + }, + { + "level-num":"1", + } + ], + } + ], + }, + } + ] + } + try: + r = axapi_action(mitigator_base_url+'/axapi/v3/ddos/dst/zone', signature=signature, payload=ddos_violation_action_payload) + except Exception as e: + logger("zone not created: " + str(e)) + + route_advertisement = { + "bgp": + { + "network": { + "ip-cidr-list": [ + { + "network-ipv4-cidr":ip_addr+"/32", + } + ] + }, + } + } + try: + r = axapi_action(mitigator_base_url+'/axapi/v3/router/bgp/'+asn, payload=route_advertisement, signature=signature) + except Exception as e: + logger("route not added: " + str(e)) + + # Commit changes + axapi_action(mitigator_base_url+'/axapi/v3/write/memory', signature=signature) + # Log off + axapi_action(mitigator_base_url+'/axapi/v3/logoff', signature=signature) + + sys.exit(0) + +elif action == "attack_details": + + sys.exit(0) + + +else: + sys.exit(0) + + + + From 1033a067311ca0fe58ebc13ec977817030d812ca Mon Sep 17 00:00:00 2001 From: Eric Chou Date: Thu, 7 Jul 2016 19:19:48 -0700 Subject: [PATCH 2/9] Delete a10.pyc --- src/a10_plugin/a10.pyc | Bin 1561 -> 0 bytes 1 file changed, 0 insertions(+), 0 deletions(-) delete mode 100644 src/a10_plugin/a10.pyc diff --git a/src/a10_plugin/a10.pyc b/src/a10_plugin/a10.pyc deleted file mode 100644 index 116396cb82b079aba1fbcefcb96e9151ac785172..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1561 zcmbtT-D(s`6h77SlbB631~JMmi|mEWg{BjQC?cY`gEvc7IsqlSFjl%MnV$4?cdDw@ z=nR7Kt$c$8?|c&cC72r z51f6a5A#x+Fb|oP&ibk>ybT=8XM2SXwX+>AcJdE<=;<_MWf8dafrrq7z;1kpeTu$c z`jFs2iDDHex}&}A)h;^;);o^Qzqo|Gbg(9yzX2)kmqQ!dv|rZouJ)m@VOSQicWJEG zR(n-m?_~vxE7f6`gMn1o<4U9eR*{-hKdZ}XS)uXM?4JI)xs`JIoG-@}1YaPJ!^euj zQM4bCD;TSRU23v{%-_3zbho-GBzc%sn^>NKmhp`sY$QwAPkDAK z{d>kStMBJ}xMTE#-ynM|>M-eKxN4W@+0HGI6MIlwA0{L6`#QB1cWW|x+z-rH!e5yv2{AQfrLzYzjVF`N zZLplMyjFa)djVv+Ughe>v!_fRGyccC3PNubr>3{Ho3$SV=ewp^AYJk TLNhE)o!bZ8O(DUR=-li#ODQ&= From bfab7e1d4dd86af82b8ac5b4e6997f8f7dc89c86 Mon Sep 17 00:00:00 2001 From: Eric Chou Date: Thu, 7 Jul 2016 19:34:42 -0700 Subject: [PATCH 3/9] Create README.md --- src/a10_plugin/README.md | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) create mode 100644 src/a10_plugin/README.md diff --git a/src/a10_plugin/README.md b/src/a10_plugin/README.md new file mode 100644 index 0000000..360643d --- /dev/null +++ b/src/a10_plugin/README.md @@ -0,0 +1,24 @@ + +Fastnetmon Plugin: A10 Networks TPS AXAPIv3 integration for FastNetMon + +This script connect to A10 TPS device to create Protected Object and announce BGP route toward upstream router upon FastNetMon ban detection. + +1. Place both Python files at a directory that is reachable by FastNetMon +2. Make sure both scripts are executable, i.e. "chmod +x a10.py fastnetmon_a10_v0.2.py" +3. Modify fastnetmon.conf for notification, i.e. notify_script_path = /fastnetmon_a10_v0.2.py + +Please modify the following: + +1. A10 mitigator IP +2. BGP Autonomous System Number +3. Username and Password for your A10 Device. Note that you can use your own password vault or protection schema + +For more information about A10 Networks AXAPIv3: +https://www.a10networks.com/resources/glossary/axapi-custom-management + + +v0.2 - Jul 7th, 2016 - initial commit + +Author: Eric Chou ericc@a10networks.com + +Feedback and Feature Requests are Welcomed. From a5337989b2b4d06e6d55716fc78d480b61f71aa8 Mon Sep 17 00:00:00 2001 From: Eric Chou Date: Tue, 12 Jul 2016 13:41:31 -0700 Subject: [PATCH 4/9] Add json_config and modified fastnetmon_a10_v02.py file --- .gitignore | 3 +++ src/a10_plugin/a10.pyc | Bin 1561 -> 1561 bytes src/a10_plugin/fastnetmon_a10_v0.2.py | 16 +++++++++------- src/a10_plugin/json_config/__init__.py | 0 src/a10_plugin/json_config/logoff.py | 3 +++ src/a10_plugin/json_config/write_memory.py | 1 + 6 files changed, 16 insertions(+), 7 deletions(-) create mode 100644 .gitignore create mode 100644 src/a10_plugin/json_config/__init__.py create mode 100644 src/a10_plugin/json_config/logoff.py create mode 100644 src/a10_plugin/json_config/write_memory.py diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..f14285f --- /dev/null +++ b/.gitignore @@ -0,0 +1,3 @@ +*.pyc +__pycache__ +*.DS_Store diff --git a/src/a10_plugin/a10.pyc b/src/a10_plugin/a10.pyc index 116396cb82b079aba1fbcefcb96e9151ac785172..17a8f468dadc3ebfd28cd92a6e45be8434b02e65 100644 GIT binary patch delta 15 WcmbQqGn0pn`7 Date: Tue, 12 Jul 2016 13:57:37 -0700 Subject: [PATCH 5/9] Added example to README.md --- src/a10_plugin/README.md | 42 +++++++++++++++++++++++++++++++++++++++- 1 file changed, 41 insertions(+), 1 deletion(-) diff --git a/src/a10_plugin/README.md b/src/a10_plugin/README.md index 360643d..95e4469 100644 --- a/src/a10_plugin/README.md +++ b/src/a10_plugin/README.md @@ -1,4 +1,3 @@ - Fastnetmon Plugin: A10 Networks TPS AXAPIv3 integration for FastNetMon This script connect to A10 TPS device to create Protected Object and announce BGP route toward upstream router upon FastNetMon ban detection. @@ -22,3 +21,44 @@ v0.2 - Jul 7th, 2016 - initial commit Author: Eric Chou ericc@a10networks.com Feedback and Feature Requests are Welcomed. + +Example Usage: + +- Ban action: + +a10-ubuntu3:~/fastnetmon/src/a10_plugin$ sudo python fastnetmon_a10_v0.2.py "10.10.10.10" "outgoing" "111111" "ban" + +TH4435-1#show ddos dst zone all-entries +Legend (Rate/Limit): 'U'nlimited, 'E'xceeded, '-' Not applicable +Legend (State) : 'W'hitelisted, 'B'lacklisted, 'P'ermitted, black'H'oled, 'I'dle, 'L'earning, 'M'onitoring, '-' Regular mode +Zone Name / Zone Service Info | [State]| Curr Conn| Conn Rate| Pkt Rate | kBit Rate|Frag Pkt R|Sources # |Age |LockU + | | Limit| Limit| Limit| Limit| Limit| Limit|#min| Time +----------------------------------------------------------------------------------------------------------------------------------- +10.10.10.10_zone [M] U U U U U 1S 0 + - U U U U U +Displayed Entries: 1 +Displayed Services: 0 + +TH4435-1#sh run router bgp +!Section configuration: 221 bytes +! +router bgp 64513 + + network 10.10.10.10/32 + +! +TH4435-1# +TH4435-1#sh run router bgp | i 10.10.10.10 + network 10.10.10.10/32 +TH4435-1# + +- Unban action: + +a10-ubuntu3:~/fastnetmon/src/a10_plugin$ sudo python fastnetmon_a10_v0.2.py "10.10.10.10" "outgoing" "111111" "unban" + +TH4435-1#sh run router bgp | i 10.10.10.10 +TH4435-1# + + + + From 641e8ed9a176cbb13839fea143cf66da730095c6 Mon Sep 17 00:00:00 2001 From: Eric Chou Date: Tue, 12 Jul 2016 14:00:32 -0700 Subject: [PATCH 6/9] Update README.md --- src/a10_plugin/README.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/a10_plugin/README.md b/src/a10_plugin/README.md index 95e4469..d4b8edd 100644 --- a/src/a10_plugin/README.md +++ b/src/a10_plugin/README.md @@ -26,6 +26,7 @@ Example Usage: - Ban action: +``` a10-ubuntu3:~/fastnetmon/src/a10_plugin$ sudo python fastnetmon_a10_v0.2.py "10.10.10.10" "outgoing" "111111" "ban" TH4435-1#show ddos dst zone all-entries @@ -51,13 +52,16 @@ TH4435-1# TH4435-1#sh run router bgp | i 10.10.10.10 network 10.10.10.10/32 TH4435-1# +``` - Unban action: a10-ubuntu3:~/fastnetmon/src/a10_plugin$ sudo python fastnetmon_a10_v0.2.py "10.10.10.10" "outgoing" "111111" "unban" +``` TH4435-1#sh run router bgp | i 10.10.10.10 TH4435-1# +``` From 86a697dda4b9f9b3c8c1c9d7458e84e7cbf012b5 Mon Sep 17 00:00:00 2001 From: Eric Chou Date: Mon, 18 Jul 2016 13:54:19 -0700 Subject: [PATCH 7/9] added config folder --- src/a10_plugin/configs/dns_test_server.txt | 14 ++++++++++++++ 1 file changed, 14 insertions(+) create mode 100644 src/a10_plugin/configs/dns_test_server.txt diff --git a/src/a10_plugin/configs/dns_test_server.txt b/src/a10_plugin/configs/dns_test_server.txt new file mode 100644 index 0000000..963cfa6 --- /dev/null +++ b/src/a10_plugin/configs/dns_test_server.txt @@ -0,0 +1,14 @@ +! +ddos dst zone Test-Server + ip 210.0.0.10 + operational-mode monitor + port 53 udp + level 0 + zone-escalation-score 1 + indicator pkt-rate + score 50 + zone-threshold 1 + zone-violation-actions bmf_a10_script + level 1 +! + From 899952dc419b8b8ec642c956372c0b8f994b7586 Mon Sep 17 00:00:00 2001 From: Eric Chou Date: Mon, 18 Jul 2016 14:45:49 -0700 Subject: [PATCH 8/9] v0.3 fastnetmon_a10_v0.2 break URI path and json config body into separate files under json_config folder --- src/a10_plugin/fastnetmon_a10_v0.2.py | 66 ++++----------------- src/a10_plugin/json_config/bgp.py | 16 +++++ src/a10_plugin/json_config/ddos_dst_zone.py | 44 ++++++++++++++ 3 files changed, 70 insertions(+), 56 deletions(-) create mode 100644 src/a10_plugin/json_config/bgp.py create mode 100644 src/a10_plugin/json_config/ddos_dst_zone.py diff --git a/src/a10_plugin/fastnetmon_a10_v0.2.py b/src/a10_plugin/fastnetmon_a10_v0.2.py index a2e9e37..b040dd2 100755 --- a/src/a10_plugin/fastnetmon_a10_v0.2.py +++ b/src/a10_plugin/fastnetmon_a10_v0.2.py @@ -2,6 +2,7 @@ # # v0.2 created [ban | unban] [on ramp | off ramp action] for A10 TPS +# v0.3 offload URI path and json_body into separate json_config files # Eric Chou (ericc@a10networks.com) # @@ -12,6 +13,8 @@ import logging, json from a10 import axapi_auth, axapi_action from json_config.logoff import logoff_path from json_config.write_memory import write_mem_path +from json_config.ddos_dst_zone import ddos_dst_zone_path, ddos_dst_zone +from json_config.bgp import bgp_advertisement_path, bgp_advertisement LOG_FILE = "/var/log/fastnetmon-notify.log" @@ -43,7 +46,7 @@ mitigator_base_url, signature = axapi_auth(mitigator_ip, "admin", "a10") if action == "unban": try: - r = axapi_action(mitigator_base_url+'/axapi/v3/router/bgp/'+asn+'/network/ip-cidr/'+ip_addr+'%2F32', method="DELETE", signature=signature) + r = axapi_action(mitigator_base_url+bgp_advertisement+asn+'/network/ip-cidr/'+ip_addr+'%2F32', method="DELETE", signature=signature) except Exception as e: logger.info("route not removed in unban, returned: " + str(e)) @@ -56,72 +59,23 @@ if action == "unban": elif action == "ban": - r = axapi_action(mitigator_base_url+'/axapi/v3/ddos/dst/zone/', method='GET', signature=signature) + r = axapi_action(mitigator_base_url+ddos_dst_zone_path, method='GET', signature=signature) if zone_name in [i['zone-name'] for i in json.loads(r)['zone-list']]: - r = axapi_action(mitigator_base_url+'/axapi/v3/ddos/dst/zone/'+zone_name, method="DELETE", signature=signature) + r = axapi_action(mitigator_base_url+ddos_dst_zone_path+zone_name, method="DELETE", signature=signature) logger.info(str(r)) # A10 Mitigation On Ramp zone_name = client_ip_as_string + "_zone" ip_addr = client_ip_as_string - port_num = 53 - port_protocol = 'udp' - ddos_violation_action_payload = { - "zone-list": [ - { - "zone-name":zone_name, - "ip": [ - { - "ip-addr":ip_addr - } - ], - "operational-mode":"monitor", - "port": { - "zone-service-list": [ - { - "port-num":port_num, - "protocol":port_protocol, - "level-list": [ - { - "level-num":"0", - "zone-escalation-score":1, - "indicator-list": [ - { - "type":"pkt-rate", - "score":50, - "zone-threshold-num":1, - } - ], - }, - { - "level-num":"1", - } - ], - } - ], - }, - } - ] - } + returned_body = ddos_dst_zone(zone_name, ip_addr) try: - r = axapi_action(mitigator_base_url+'/axapi/v3/ddos/dst/zone', signature=signature, payload=ddos_violation_action_payload) + r = axapi_action(mitigator_base_url+ddos_dst_zone_path, signature=signature, payload=returned_body) except Exception as e: logger("zone not created: " + str(e)) - route_advertisement = { - "bgp": - { - "network": { - "ip-cidr-list": [ - { - "network-ipv4-cidr":ip_addr+"/32", - } - ] - }, - } - } + route_advertisement = bgp_advertisement(ip_addr) try: - r = axapi_action(mitigator_base_url+'/axapi/v3/router/bgp/'+asn, payload=route_advertisement, signature=signature) + r = axapi_action(mitigator_base_url+bgp_advertisement_path+asn, payload=route_advertisement, signature=signature) except Exception as e: logger("route not added: " + str(e)) diff --git a/src/a10_plugin/json_config/bgp.py b/src/a10_plugin/json_config/bgp.py new file mode 100644 index 0000000..63a7ca3 --- /dev/null +++ b/src/a10_plugin/json_config/bgp.py @@ -0,0 +1,16 @@ +bgp_advertisement_path = '/axapi/v3/router/bgp/' + +def bgp_advertisement(ip_addr): + route_advertisement = { + "bgp": + { + "network": { + "ip-cidr-list": [ + { + "network-ipv4-cidr":ip_addr+"/32", + } + ] + }, + } + } + return route_advertisement diff --git a/src/a10_plugin/json_config/ddos_dst_zone.py b/src/a10_plugin/json_config/ddos_dst_zone.py new file mode 100644 index 0000000..666efab --- /dev/null +++ b/src/a10_plugin/json_config/ddos_dst_zone.py @@ -0,0 +1,44 @@ + +ddos_dst_zone_path = '/axapi/v3/ddos/dst/zone/' + +def ddos_dst_zone(zone_name, ip_addr): + port_num = 53 + port_protocol = 'udp' + ddos_dst_zone_payload = { + "zone-list": [ + { + "zone-name":zone_name, + "ip": [ + { + "ip-addr":ip_addr + } + ], + "operational-mode":"monitor", + "port": { + "zone-service-list": [ + { + "port-num":port_num, + "protocol":port_protocol, + "level-list": [ + { + "level-num":"0", + "zone-escalation-score":1, + "indicator-list": [ + { + "type":"pkt-rate", + "score":50, + "zone-threshold-num":1, + } + ], + }, + { + "level-num":"1", + } + ], + } + ], + }, + } + ] + } + return ddos_dst_zone_payload From 13e112f239556f6a64321c95dfe6f5cfad760bc0 Mon Sep 17 00:00:00 2001 From: Eric Chou Date: Tue, 26 Jul 2016 19:41:50 -0700 Subject: [PATCH 9/9] added test folder, fastnetmon_a10_v0.2.py --- src/a10_plugin/.gitignore | 5 ++++ src/a10_plugin/fastnetmon_a10_v0.2.py | 11 ++----- src/a10_plugin/tests/__init__.py | 0 src/a10_plugin/tests/helperTests.py | 43 +++++++++++++++++++++++++++ 4 files changed, 51 insertions(+), 8 deletions(-) create mode 100644 src/a10_plugin/.gitignore create mode 100644 src/a10_plugin/tests/__init__.py create mode 100644 src/a10_plugin/tests/helperTests.py diff --git a/src/a10_plugin/.gitignore b/src/a10_plugin/.gitignore new file mode 100644 index 0000000..d9e24df --- /dev/null +++ b/src/a10_plugin/.gitignore @@ -0,0 +1,5 @@ +*.py +*.python +*.egg +*.egg-info/ + diff --git a/src/a10_plugin/fastnetmon_a10_v0.2.py b/src/a10_plugin/fastnetmon_a10_v0.2.py index b040dd2..c2ba4a1 100755 --- a/src/a10_plugin/fastnetmon_a10_v0.2.py +++ b/src/a10_plugin/fastnetmon_a10_v0.2.py @@ -40,13 +40,13 @@ logger.info(" - " . join(sys.argv)) mitigator_ip = "192.168.199.152" zone_name = client_ip_as_string + "_zone" ip_addr = client_ip_as_string -asn="64513" +asn="65003" mitigator_base_url, signature = axapi_auth(mitigator_ip, "admin", "a10") if action == "unban": try: - r = axapi_action(mitigator_base_url+bgp_advertisement+asn+'/network/ip-cidr/'+ip_addr+'%2F32', method="DELETE", signature=signature) + r = axapi_action(mitigator_base_url+'/axapi/v3/router/bgp/'+asn+'/network/ip-cidr/172.31.201.2%2F32', method="DELETE", signature=signature) except Exception as e: logger.info("route not removed in unban, returned: " + str(e)) @@ -57,7 +57,7 @@ if action == "unban": sys.exit(0) -elif action == "ban": +elif action == "ban" or action == "attack_details": r = axapi_action(mitigator_base_url+ddos_dst_zone_path, method='GET', signature=signature) if zone_name in [i['zone-name'] for i in json.loads(r)['zone-list']]: @@ -86,11 +86,6 @@ elif action == "ban": sys.exit(0) -elif action == "attack_details": - - sys.exit(0) - - else: sys.exit(0) diff --git a/src/a10_plugin/tests/__init__.py b/src/a10_plugin/tests/__init__.py new file mode 100644 index 0000000..e69de29 diff --git a/src/a10_plugin/tests/helperTests.py b/src/a10_plugin/tests/helperTests.py new file mode 100644 index 0000000..7153faf --- /dev/null +++ b/src/a10_plugin/tests/helperTests.py @@ -0,0 +1,43 @@ +import unittest,sys +sys.path.append('../') +from a10 import axapi_auth, axapi_action + +a10_tps = "192.168.199.152" +username = "admin" +password = "a10" +hostname = "TH4435" + +class Test_Auth(unittest.TestCase): + + def testAssertTrue(self): + print("Testing axapi_auth") + try: + mitigator_base_url, signature = axapi_auth(a10_tps, username, password) + print("base url: ", mitigator_base_url, "Signature: ", signature) + axapi_action(mitigator_base_url+"/axapi/v3/logoff") + + except Exception as e: + self.fail("Not authenticated") + + +class Test_API_Actions(unittest.TestCase): + + def testAssertTrue(self): + try: + print("Testing GET") + mitigator_base_url, signature = axapi_auth(a10_tps, username, password) + r = axapi_action(mitigator_base_url+"/axapi/v3/version/oper", method='GET', signature=signature) + print(str(r)) + print("Testing POST") + hostname_payload = {"hostname": {"value": hostname}} + r = axapi_action(mitigator_base_url+"/axapi/v3/hostname", payload=hostname_payload, signature=signature) + print(str(r)) + axapi_action(mitigator_base_url+"/axapi/v3/logoff") + + except Exception as e: + self.fail("Failed") + +if __name__ == "__main__": + unittest.main() + +