Compare commits
No commits in common. "master" and "revert-337fe63a" have entirely different histories.
master
...
revert-337
8 changed files with 0 additions and 329 deletions
92
mwg/mwg.py
92
mwg/mwg.py
|
@ -1,92 +0,0 @@
|
||||||
#!/usr/bin/env python
|
|
||||||
# 20210907 petbau / https://github.com/mohlcyber/McAfee-Web-Gateway-List-Update
|
|
||||||
|
|
||||||
import sys
|
|
||||||
import requests
|
|
||||||
import json
|
|
||||||
import xml.etree.ElementTree as xml
|
|
||||||
|
|
||||||
MWG_URL = 'http://1.1.1.1' #url of the web gateway
|
|
||||||
MWG_PORT = '4711' #port of the web gateway
|
|
||||||
MWG_USER = 'admin' #username
|
|
||||||
MWG_PWD = 'password' #password
|
|
||||||
VERIFY = False #https verification
|
|
||||||
|
|
||||||
def login(headers):
|
|
||||||
auth = {'userName': MWG_USER,
|
|
||||||
'pass': MWG_PWD}
|
|
||||||
|
|
||||||
res = requests.post(MWG_URL + ':' + MWG_PORT + '/Konfigurator/REST/login', headers=headers, params=auth, verify=VERIFY)
|
|
||||||
|
|
||||||
if res.status_code == 200:
|
|
||||||
print('Successfull logged in')
|
|
||||||
else:
|
|
||||||
print('Something went wrong')
|
|
||||||
sys.exit(1)
|
|
||||||
|
|
||||||
return res.cookies['JSESSIONID']
|
|
||||||
|
|
||||||
def get_list_id(headers, cookies, list):
|
|
||||||
params = {'name': list}
|
|
||||||
res = requests.get(MWG_URL + ':' + MWG_PORT + '/Konfigurator/REST/list', headers=headers, cookies=cookies, params=params, verify=VERIFY)
|
|
||||||
res_parse = xml.fromstring(res.content).find('entry/id')
|
|
||||||
|
|
||||||
if res.status_code == 200:
|
|
||||||
print('The ID for the list {0} is: {1}'.format(list, res_parse.text))
|
|
||||||
else:
|
|
||||||
print('Something went wrong')
|
|
||||||
sys.exit(1)
|
|
||||||
|
|
||||||
return res_parse.text
|
|
||||||
|
|
||||||
def insert_list(headers, cookies, list, list_id, value):
|
|
||||||
data = '''
|
|
||||||
<entry xmlns="http://www.w3org/2011/Atom">
|
|
||||||
<content type="application/xml">
|
|
||||||
<listEntry>
|
|
||||||
<entry>{}</entry>
|
|
||||||
<description></description>
|
|
||||||
</listEntry>
|
|
||||||
</content>
|
|
||||||
</entry>
|
|
||||||
'''
|
|
||||||
data = data.format(value)
|
|
||||||
|
|
||||||
res = requests.post(MWG_URL + ':' + MWG_PORT + '/Konfigurator/REST/list/' + list_id + '/entry/0/insert', \
|
|
||||||
headers=headers, cookies=cookies, data=data, verify=VERIFY)
|
|
||||||
|
|
||||||
if res.status_code == 200:
|
|
||||||
print('Successfull added the IP/Domain {0} to the list {1}'.format(value, list))
|
|
||||||
else:
|
|
||||||
print(res.content, 'Something Went Wrong')
|
|
||||||
return res
|
|
||||||
|
|
||||||
def commit(headers, cookies):
|
|
||||||
res = requests.post(MWG_URL + ':' + MWG_PORT + '/Konfigurator/REST/commit', headers=headers, cookies=cookies, verify=VERIFY)
|
|
||||||
return res.content
|
|
||||||
|
|
||||||
def logout(headers, cookies):
|
|
||||||
res = requests.post(MWG_URL + ':' + MWG_PORT + '/Konfigurator/REST/logout', headers=headers, cookies=cookies, verify=VERIFY)
|
|
||||||
|
|
||||||
if res.status_code == 200:
|
|
||||||
print('Successfull Logged Out')
|
|
||||||
else:
|
|
||||||
print('Something Went Wrong')
|
|
||||||
return res
|
|
||||||
|
|
||||||
if __name__ == "__main__":
|
|
||||||
|
|
||||||
list = 'Global Block: Sites' #list to edit
|
|
||||||
value = sys.argv[1]
|
|
||||||
|
|
||||||
headers = {'Content-Type': 'application/xml'}
|
|
||||||
|
|
||||||
cookie = login(headers)
|
|
||||||
cookies = {'JSESSIONID': cookie}
|
|
||||||
|
|
||||||
list_id = get_list_id(headers, cookies, list)
|
|
||||||
|
|
||||||
insert = insert_list(headers, cookies, list, list_id, value)
|
|
||||||
commit = commit(headers, cookies)
|
|
||||||
|
|
||||||
logout = logout(headers, cookies)
|
|
|
@ -1,98 +0,0 @@
|
||||||
#!/bin/sh
|
|
||||||
#
|
|
||||||
# The MIT License
|
|
||||||
#
|
|
||||||
# Copyright 2014-2017 Jakub Jirutka <jakub@jirutka.cz>.
|
|
||||||
#
|
|
||||||
# Permission is hereby granted, free of charge, to any person obtaining a copy
|
|
||||||
# of this software and associated documentation files (the "Software"), to deal
|
|
||||||
# in the Software without restriction, including without limitation the rights
|
|
||||||
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
|
||||||
# copies of the Software, and to permit persons to whom the Software is
|
|
||||||
# furnished to do so, subject to the following conditions:
|
|
||||||
#
|
|
||||||
# The above copyright notice and this permission notice shall be included in
|
|
||||||
# all copies or substantial portions of the Software.
|
|
||||||
#
|
|
||||||
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
|
||||||
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
|
||||||
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
|
||||||
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
|
||||||
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
|
||||||
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
|
|
||||||
# THE SOFTWARE.
|
|
||||||
|
|
||||||
# Credit: Based on http://stackoverflow.com/a/2686185/305019 by Alex Soto
|
|
||||||
|
|
||||||
|
|
||||||
usage() {
|
|
||||||
cat <<- EOF
|
|
||||||
usage: $0 options
|
|
||||||
|
|
||||||
This script changes ownership for all tables, views, sequences and functions in
|
|
||||||
a database schema and also owner of the schema itself.
|
|
||||||
|
|
||||||
Note: If you want to change the ownership of all objects, in the specified database,
|
|
||||||
owned by a database role, then you can simply use command "REASSIGN OWNED".
|
|
||||||
|
|
||||||
OPTIONS:
|
|
||||||
-h Show this message
|
|
||||||
-d Database name
|
|
||||||
-o New owner name
|
|
||||||
-s Schema (defaults to public)
|
|
||||||
EOF
|
|
||||||
}
|
|
||||||
|
|
||||||
pgexec() {
|
|
||||||
local cmd=$1
|
|
||||||
psql --no-psqlrc --no-align --tuples-only --record-separator=\0 --quiet \
|
|
||||||
--command="$cmd" "$DB_NAME"
|
|
||||||
}
|
|
||||||
|
|
||||||
pgexec_echo() {
|
|
||||||
local cmd=$1
|
|
||||||
psql --no-psqlrc --no-align --tuples-only --record-separator=\0 --quiet \
|
|
||||||
--echo-queries --command="$cmd" "$DB_NAME"
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
DB_NAME=''
|
|
||||||
NEW_OWNER=''
|
|
||||||
SCHEMA='public'
|
|
||||||
while getopts 'hd:o:s:' OPTION; do
|
|
||||||
case $OPTION in
|
|
||||||
h) usage; exit 1;;
|
|
||||||
d) DB_NAME=$OPTARG;;
|
|
||||||
o) NEW_OWNER=$OPTARG;;
|
|
||||||
s) SCHEMA=$OPTARG;;
|
|
||||||
esac
|
|
||||||
done
|
|
||||||
|
|
||||||
if [ -z "$DB_NAME" ] || [ -z "$NEW_OWNER" ]; then
|
|
||||||
usage
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Using the NULL byte as the separator as its the only character disallowed from PG table names.
|
|
||||||
IFS=\0
|
|
||||||
|
|
||||||
# Change owner of schema itself.
|
|
||||||
pgexec_echo "ALTER SCHEMA \"$SCHEMA\" OWNER TO \"$NEW_OWNER\";"
|
|
||||||
|
|
||||||
# Change owner of tables and views.
|
|
||||||
for tbl in $(pgexec "SELECT table_name FROM information_schema.tables WHERE table_schema = '$SCHEMA';") \
|
|
||||||
$(pgexec "SELECT table_name FROM information_schema.views WHERE table_schema = '$SCHEMA';"); do
|
|
||||||
pgexec_echo "ALTER TABLE \"$SCHEMA\".\"$tbl\" OWNER TO $NEW_OWNER;"
|
|
||||||
done
|
|
||||||
|
|
||||||
# Change owner of sequences.
|
|
||||||
for seq in $(pgexec "SELECT sequence_name FROM information_schema.sequences WHERE sequence_schema = '$SCHEMA';"); do
|
|
||||||
pgexec_echo "ALTER SEQUENCE \"$SCHEMA\".\"$seq\" OWNER TO $NEW_OWNER;"
|
|
||||||
done
|
|
||||||
|
|
||||||
# Change owner of functions and procedures.
|
|
||||||
for func in $(pgexec "SELECT quote_ident(p.proname) || '(' || pg_catalog.pg_get_function_identity_arguments(p.oid) || ')' \
|
|
||||||
FROM pg_catalog.pg_proc p JOIN pg_catalog.pg_namespace n ON n.oid = p.pronamespace \
|
|
||||||
WHERE n.nspname = '$SCHEMA';"); do
|
|
||||||
pgexec_echo "ALTER FUNCTION \"$SCHEMA\".$func OWNER TO $NEW_OWNER;"
|
|
||||||
done
|
|
|
@ -1,75 +0,0 @@
|
||||||
#!/bin/sh
|
|
||||||
#
|
|
||||||
# The MIT License
|
|
||||||
#
|
|
||||||
# Copyright 2014-2017 Jakub Jirutka <jakub@jirutka.cz>.
|
|
||||||
#
|
|
||||||
# Permission is hereby granted, free of charge, to any person obtaining a copy
|
|
||||||
# of this software and associated documentation files (the "Software"), to deal
|
|
||||||
# in the Software without restriction, including without limitation the rights
|
|
||||||
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
|
||||||
# copies of the Software, and to permit persons to whom the Software is
|
|
||||||
# furnished to do so, subject to the following conditions:
|
|
||||||
#
|
|
||||||
# The above copyright notice and this permission notice shall be included in
|
|
||||||
# all copies or substantial portions of the Software.
|
|
||||||
#
|
|
||||||
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
|
||||||
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
|
||||||
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
|
||||||
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
|
||||||
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
|
||||||
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
|
|
||||||
# THE SOFTWARE.
|
|
||||||
|
|
||||||
|
|
||||||
usage() {
|
|
||||||
cat <<- EOF
|
|
||||||
usage: $0 options
|
|
||||||
|
|
||||||
This script grants read-only privileges to a specified role on all tables, views
|
|
||||||
and sequences in a database schema and sets them as default.
|
|
||||||
|
|
||||||
OPTIONS:
|
|
||||||
-h Show this message
|
|
||||||
-d Database name
|
|
||||||
-u Role name
|
|
||||||
-s Schema (defaults to public)
|
|
||||||
EOF
|
|
||||||
}
|
|
||||||
|
|
||||||
pgexec() {
|
|
||||||
local cmd=$1
|
|
||||||
psql --no-psqlrc --no-align --tuples-only --record-separator=\0 --quiet \
|
|
||||||
--echo-queries --command="$cmd" "$DB_NAME"
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
DB_NAME=''
|
|
||||||
ROLE=''
|
|
||||||
SCHEMA='public'
|
|
||||||
while getopts 'hd:u:s:' OPTION; do
|
|
||||||
case $OPTION in
|
|
||||||
h) usage; exit 1;;
|
|
||||||
d) DB_NAME=$OPTARG;;
|
|
||||||
u) ROLE=$OPTARG;;
|
|
||||||
s) SCHEMA=$OPTARG;;
|
|
||||||
esac
|
|
||||||
done
|
|
||||||
|
|
||||||
if [ -z "$DB_NAME" ] || [ -z "$ROLE" ]; then
|
|
||||||
usage
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
pgexec "GRANT CONNECT ON DATABASE $DB_NAME TO $ROLE;
|
|
||||||
GRANT USAGE ON SCHEMA $SCHEMA TO $ROLE;
|
|
||||||
GRANT SELECT ON ALL TABLES IN SCHEMA $SCHEMA TO $ROLE;
|
|
||||||
GRANT SELECT ON ALL SEQUENCES IN SCHEMA $SCHEMA TO $ROLE;
|
|
||||||
ALTER DEFAULT PRIVILEGES IN SCHEMA $SCHEMA GRANT SELECT ON TABLES TO $ROLE;
|
|
||||||
ALTER DEFAULT PRIVILEGES IN SCHEMA $SCHEMA GRANT SELECT ON SEQUENCES TO $ROLE;"
|
|
||||||
|
|
||||||
# Uncomment to also grant privileges on all functions/procedures in the schema.
|
|
||||||
# It's usually NOT what you want - functions can modify data!
|
|
||||||
#pgexec "GRANT EXECUTE ON ALL FUNCTIONS IN SCHEMA $SCHEMA TO $ROLE;
|
|
||||||
#ALTER DEFAULT PRIVILEGES IN SCHEMA $SCHEMA GRANT EXECUTE ON FUNCTIONS TO $ROLE;"
|
|
|
@ -1,14 +0,0 @@
|
||||||
# tcpdump scripts
|
|
||||||
|
|
||||||
- tcpdump_getdata.sh: Capture network traffic, stop with Ctrl-C
|
|
||||||
- tcpdump_stop.sh: Stop the tcpdump command (e.g. when using crontab)
|
|
||||||
- tcpdump.yml: Ansible Playbook which takes a tcpdump on the remote side(s) and copy it automatically to your server
|
|
||||||
|
|
||||||
# crontab
|
|
||||||
|
|
||||||
This is the crontab for an example tcpdump which starts at 02:00am and stops at 02:05am.
|
|
||||||
|
|
||||||
```
|
|
||||||
0 2 * * * bash /tmp/tcpdump_getdata.sh
|
|
||||||
5 2 * * * bash /tmp/tcpdump_stop.sh
|
|
||||||
```
|
|
|
@ -1,41 +0,0 @@
|
||||||
# Ansible Playbook
|
|
||||||
- hosts: all
|
|
||||||
|
|
||||||
vars:
|
|
||||||
cap_file: packet_capture_{{ ansible_hostname }}_{{ ansible_date_time['epoch'] }}.pcap
|
|
||||||
|
|
||||||
|
|
||||||
vars_prompt:
|
|
||||||
- name: dur_in_sec
|
|
||||||
prompt: Please specify the runtime duration in sec
|
|
||||||
private: no
|
|
||||||
|
|
||||||
- name: interface
|
|
||||||
prompt: Please specify the interface (e.g. eth0)
|
|
||||||
private: no
|
|
||||||
|
|
||||||
- name: dest_folder
|
|
||||||
prompt: Please specify the destination folder (location on remote server e.g. /var/tmp/)
|
|
||||||
private: no
|
|
||||||
|
|
||||||
- name: filter
|
|
||||||
prompt: Please specify the tcpdump filter (e.g. host 10.10.10.10). For no filter just press enter
|
|
||||||
default: ""
|
|
||||||
private: no
|
|
||||||
|
|
||||||
|
|
||||||
tasks:
|
|
||||||
- name: start tcpdump
|
|
||||||
command: sudo /usr/sbin/tcpdump -G {{ dur_in_sec }} -W 1 -i {{ interface }} -s 0 -w {{ dest_folder}}/{{ cap_file }} {{ filter }}
|
|
||||||
|
|
||||||
- name: compress capture file
|
|
||||||
command: sudo gzip {{cap_file}} chdir={{ dest_folder}}/
|
|
||||||
|
|
||||||
- name: Change file permission
|
|
||||||
command: sudo chmod 755 {{ dest_folder}}/{{cap_file}}.gz
|
|
||||||
|
|
||||||
- name: copy logs to /export/tmp/ansible/
|
|
||||||
fetch: src={{ dest_folder}}/{{cap_file}}.gz dest=/export/tmp/ansible/ flat=yes
|
|
||||||
|
|
||||||
- name: remove files from remote server
|
|
||||||
command: sudo rm -r {{ dest_folder}}/{{cap_file}}.gz
|
|
|
@ -1,8 +0,0 @@
|
||||||
INTERFACE=0.0
|
|
||||||
PATH=/shared/tmp/pba
|
|
||||||
FILENAME=tcpdump-%Y-%m-%d_%H%M%S.pcap
|
|
||||||
|
|
||||||
# Execute tcpdump command
|
|
||||||
# -W 5 = Limit 5 files
|
|
||||||
# -G 60 = Rotate every 60 seconds
|
|
||||||
/usr/sbin/tcpdump -K -W 5 -G 60 -nni $INTERFACE -s0 -w "$PATH/$FILENAME"
|
|
|
@ -1 +0,0 @@
|
||||||
/usr/bin/killall -9 tcpdump
|
|
Loading…
Add table
Add a link
Reference in a new issue