Package routerdefense :: Module main
[hide private]
[frames] | no frames]

Source Code for Module routerdefense.main

  1  # -*- coding: iso-8859-1 -*- 
  2   
  3  __docformat__ = 'restructuredtext' 
  4  __version__ = '$Id$' 
  5   
  6  # modules imports 
  7  import sys 
  8  import __builtin__ 
  9  import inspect 
 10   
 11  import ConfigParser 
 12  from optparse import OptionParser 
 13   
 14  from common import * 
 15  from metrics import * 
 16  from engines import * 
 17  from reports import * 
 18   
 19  # arguments parsing 
 20  parser = OptionParser() 
 21  parser.add_option("-c", "--config", 
 22                    dest = "configurationFile", 
 23                    help = "Configuration file.") 
 24  parser.add_option("-t", "--template", 
 25                    dest = "templateFile", 
 26                    help = "Template file.") 
 27  (options, args) = parser.parse_args() 
 28   
 29  if ((len(sys.argv) <= 3) or 
 30      (options.configurationFile is None) ): 
 31      parser.error("Arguments: no configuration nor template file.") 
 32   
 33  # template parsing 
 34  try: 
 35      config = ConfigParser.ConfigParser() 
 36      config.read(options.templateFile) 
 37      __builtin__.iosVersion = config.get('engine'   , 'iosversion') 
 38      __builtin__.deviceType = config.get('engine'   , 'platform') 
 39      IP4outbound            = config.get('engine'   , 'IP4outbound') 
 40      IP4inbound             = config.get('engine'   , 'IP4inbound') 
 41      __builtin__.outputType = config.get('reporting', 'format') 
 42      __builtin__.outputFile = config.get('reporting', 'filename') 
 43  except ConfigParser.Error: 
 44      print "Template arguments: parameters errors." 
 45      print sys.exc_info() 
 46      exit(1) 
 47   
 48  if len(IP4inbound) > 0: 
 49      netManagement = IP4outbound.split(',') 
 50      __builtin__.ipv4_mgmt_outbound = list() 
 51      for entry in netManagement: 
 52          entry = entry.split('/') 
 53          if len(entry) == 1: 
 54              entry.append('32') 
 55          entry.append(dotted_netmask(entry[1])) 
 56          entry.append(netmask_wildcard(entry[2])) 
 57          entry.append(network_address(entry[0], entry[2])) 
 58          __builtin__.ipv4_mgmt_outbound.append(entry) 
 59  else: 
 60      __builtin__.ipv4_mgmt_outbound = None 
 61   
 62  if len(IP4inbound) > 0: 
 63      netStations = IP4inbound.split(',') 
 64      __builtin__.ipv4_mgmt_inbound = list() 
 65      for entry in netStations: 
 66          entry = entry.split('/') 
 67          if len(entry) == 1: 
 68              entry.append('32') 
 69          entry.append(dotted_netmask(entry[1])) 
 70          entry.append(netmask_wildcard(entry[2])) 
 71          entry.append(network_address(entry[0], entry[2])) 
 72          __builtin__.ipv4_mgmt_inbound.append(entry) 
 73  else: 
 74      __builtin__.ipv4_mgmt_inbound = None 
 75   
 76  print stdout_header() 
 77   
 78  # configuration file reading 
 79  lines = read_cfg(options.configurationFile) 
 80  __builtin__.wholeconfig = lines 
 81   
 82  # Cisco IOS configuration file type checking 
 83  check_cfg(lines) 
 84   
 85  __builtin__.genericCfg = addBasicInfo(lines) 
 86   
 87  # Add metrics for the Management Plane. 
 88  MgmtPlane = metrics() 
 89  # Add metrics for the Control Plane. 
 90  CtrlPlane = CPmetrics() 
 91  # Add metrics for the Data Plane. 
 92  DataPlane = DPmetrics() 
 93  # Add metric for the interfaces. 
 94  interfaces = IFSmetrics() 
 95  # Add metric for the IPv4 ACLs. 
 96  AclsV4 = ACLV4metrics() 
 97  # Add metric for the IPv6 ACLs. 
 98  AclsV6 = ACLV6metrics() 
 99   
100  # Find interfaces (ifaceCfg). 
101  ifaceCfg = populate_ifaces(lines,interfaces) 
102  for i in range(0, len(ifaceCfg)): 
103      ifaceCfg[i].get_metrics_from_config() 
104   
105  # Find IPv4 access-list (aclIPv4). 
106  aclIPv4 = populate_acl_v4(lines, AclsV4) 
107  for i in range(0, len(aclIPv4)): 
108      aclIPv4[i].get_metrics_from_config() 
109   
110  # Find IPv6 access-list (aclIPv6). 
111  aclIPv6 = populate_acl_v6(lines, AclsV6) 
112  for i in range(0, len(aclIPv6)): 
113      aclIPv6[i].get_metrics_from_config() 
114   
115  # Add generic metrics. 
116  CdpProtocol                         = MgmtPlane.add('cdp') 
117  LldpProtocol                        = MgmtPlane.add('lldp') 
118  __builtin__.console                 = MgmtPlane.add('consolePort') 
119  __builtin__.aux                     = MgmtPlane.add('auxPort') 
120  __builtin__.motd                    = MgmtPlane.add('BannerMotd') 
121  __builtin__.banLogin                = MgmtPlane.add('BannerLogin') 
122  __builtin__.banExec                 = MgmtPlane.add('BannerExec') 
123  __builtin__.genericServices         = MgmtPlane.add('genSvcs') 
124  __builtin__.memoryCpu               = MgmtPlane.add('memCpu') 
125  __builtin__.exceptionCrashinfo      = MgmtPlane.add('exceptions') 
126  __builtin__.pwdManagement           = MgmtPlane.add('pwdMgmt') 
127  __builtin__.ManagementProtection    = MgmtPlane.add('MgmtPP') 
128  __builtin__.tacacsPlusRedundant     = MgmtPlane.add('tacacsRed') 
129  __builtin__.tacacsPlusAuth          = MgmtPlane.add('tacacsThe') 
130  __builtin__.tacacsPlusAuthorization = MgmtPlane.add('tacacsTho') 
131  __builtin__.tacacsPlusAccounting    = MgmtPlane.add('tacacsAcc') 
132  __builtin__.snmp                    = MgmtPlane.add('snmp') 
133  __builtin__.syslog                  = MgmtPlane.add('syslog') 
134  __builtin__.archive                 = MgmtPlane.add('archive') 
135  icmpUnreachable                     = CtrlPlane.add('icmpunreach') 
136  proxyArp                            = CtrlPlane.add('proxyarp') 
137  __builtin__.ntp                     = CtrlPlane.add('ntp') 
138  __builtin__.tcp                     = CtrlPlane.add('tcp') 
139   
140  # Launch generic engines. 
141  engine_cdp(CdpProtocol, lines, ifaceCfg) 
142  engine_lldp(LldpProtocol, lines, ifaceCfg) 
143  engine_snmp(lines, snmp) 
144  engine_syslog(lines, syslog) 
145  engine_archive(lines, archive) 
146  engine_icmp_unreach(icmpUnreachable, lines, ifaceCfg) 
147  engine_arp_proxy(proxyArp, lines, ifaceCfg) 
148  engine_ntp(lines, ntp) 
149  engine_tcp(lines, tcp) 
150  engine_services(lines, genericServices) 
151  engine_mem_cpu(lines, memoryCpu) 
152  engine_crashinfo(lines, exceptionCrashinfo) 
153  engine_password_management(lines, pwdManagement) 
154   
155  # motd banner 
156  bannerMotd = parse_motd(lines) 
157  engine_banner(bannerMotd, motd, 0) 
158   
159  # login banner 
160  bannerLogin = parse_login_banner(lines) 
161  engine_banner(bannerLogin, banLogin, 1) 
162   
163  # exec banner 
164  bannerExec = parse_exec_banner(lines) 
165  engine_banner(bannerExec, banExec, 2) 
166   
167  # console port 
168  consoleCfg = parse_console(lines) 
169  engine_console(consoleCfg, console, lines) 
170   
171  # aux port 
172  auxCfg = parse_aux(lines) 
173  engine_aux(auxCfg,aux) 
174   
175  # vty 
176  vtyCfg = parse_vty(lines) 
177  __builtin__.vtyList = [] 
178  for i in range (0, len(vtyCfg)): 
179      __builtin__.vtyList.append(MgmtPlane.add('vtyPort')) 
180      __builtin__.vtyList[i].sessionNumbers = vtyCfg[i][0].split(' ')[2:] 
181  for i in range(0, len(vtyList)): 
182      engine_vty(vtyCfg[i],vtyList[i]) 
183   
184  engine_mpp(lines, vtyList, vtyCfg, ManagementProtection) 
185   
186  # AAA redundancy 
187  mode = 'RedundantAAA' 
188  engine_tacacs(lines, tacacsPlusRedundant, mode) 
189   
190  # AAA authentication 
191  mode = 'Authentication' 
192  engine_tacacs(lines, tacacsPlusAuth, mode) 
193   
194  # AAA authorization 
195  mode = 'Authorization' 
196  engine_tacacs(lines, tacacsPlusAuthorization, mode) 
197   
198  # AAA accounting 
199  mode = 'Accounting' 
200  engine_tacacs(lines, tacacsPlusAccounting, mode) 
201   
202  # If device is a router or a multilayer switch. 
203  if (__builtin__.deviceType  == 'router' or 
204      __builtin__.deviceType == 'both'): 
205   
206      __builtin__.bgp        = CtrlPlane.add('bgp') 
207      __builtin__.eigrp      = CtrlPlane.add('eigrp') 
208      __builtin__.rip        = CtrlPlane.add('rip') 
209      __builtin__.ospf       = CtrlPlane.add('ospf') 
210      __builtin__.glbp       = CtrlPlane.add('glbp') 
211      __builtin__.hsrp       = CtrlPlane.add('hsrp') 
212      __builtin__.vrrp       = CtrlPlane.add('vrrp') 
213      icmpRedirects          = DataPlane.add('icmpredirects') 
214      __builtin__.ipoptions  = DataPlane.add('ipoptions') 
215      __builtin__.ipsrcroute = DataPlane.add('ipsourceroute') 
216      __builtin__.denyicmp   = DataPlane.add('denyIcmpAnyAny') 
217      __builtin__.ipfrags    = DataPlane.add('IPfragments') 
218      __builtin__.urpf       = DataPlane.add('urpf') 
219      __builtin__.netflow    = DataPlane.add('netflow') 
220      __builtin__.tclsh = CtrlPlane.add('tclsh') 
221   
222      engine_bgp(lines, bgp, aclIPv4) 
223      engine_eigrp(lines, eigrp, ifaceCfg) 
224      engine_rip(lines, rip, ifaceCfg) 
225      engine_ospf(lines, ospf, ifaceCfg) 
226      engine_glbp(lines, glbp, ifaceCfg) 
227      engine_hsrp(lines, hsrp, ifaceCfg) 
228      engine_vrrp(lines, vrrp, ifaceCfg) 
229      engine_icmp_redirects(icmpRedirects, lines, ifaceCfg) 
230      engine_ip_options(lines, ipoptions) 
231      engine_ip_src_route(lines, ipsrcroute) 
232      engine_icmp_deny(lines, denyicmp) 
233      engine_ipfrags(lines, ipfrags) 
234      engine_urpf(lines, urpf, ifaceCfg) 
235      engine_netflow(lines, netflow, ifaceCfg) 
236      engine_tclsh(lines, tclsh) 
237   
238      # multicast 
239      if __builtin__.genericCfg.multicast == "Enabled": 
240          __builtin__.multicast = CtrlPlane.add('multicast') 
241          engine_multicast(lines, multicast) 
242   
243      # qos 
244      if __builtin__.genericCfg.qos == "Enabled": 
245          __builtin__.qos = CtrlPlane.add('qos') 
246          engine_qos(lines, qos, ifaceCfg) 
247   
248      # IPv6 
249      if __builtin__.genericCfg.ipv6 == "Enabled": 
250          __builtin__.urpfv6 = DataPlane.add('urpfv6') 
251          engine_urpfv6(lines, urpfv6, ifaceCfg) 
252   
253      # IPsec 
254      if __builtin__.genericCfg.ipsec == "Enabled": 
255          __builtin__.ipsec = DataPlane.add('ipsec') 
256          engine_ipsec(lines, ipsec) 
257   
258  # If device is a switch or a multilayer switch. 
259  if (__builtin__.deviceType  == 'switch' or 
260      __builtin__.deviceType == 'both'): 
261   
262      __builtin__.portsecurity = DataPlane.add('portsecurity') 
263      __builtin__.l2protos = DataPlane.add('l2protos') 
264   
265      engine_port_security(lines, portsecurity, ifaceCfg) 
266      engine_layer2(lines, l2protos, ifaceCfg) 
267   
268      # IPv6 
269      if __builtin__.genericCfg.ipv6 == "Enabled": 
270          __builtin__.ipv6 = DataPlane.add('ipv6') 
271          engine_ipv6(lines, ipv6, aclIPv6, ifaceCfg) 
272   
273  # reporting 
274  output = { 
275      'stdout': lambda : stdout_report(genericCfg, 
276                                      MgmtPlane.metrics_list, 
277                                      CtrlPlane.metrics_list, 
278                                      DataPlane.metrics_list), 
279   
280      'csv'   : lambda : csvReport   (__builtin__.outputFile, 
281                                      MgmtPlane.metrics_list, 
282                                      CtrlPlane.metrics_list, 
283                                      DataPlane.metrics_list), 
284   
285      'html'  : lambda : htmlReport  (__builtin__.outputFile, 
286                                      genericCfg, 
287                                      MgmtPlane.metrics_list, 
288                                      CtrlPlane.metrics_list, 
289                                      DataPlane.metrics_list), 
290   
291      'pdf'   : lambda : pdfReport   (__builtin__.outputFile, 
292                                      genericCfg, 
293                                      MgmtPlane.metrics_list, 
294                                      CtrlPlane.metrics_list, 
295                                      DataPlane.metrics_list) 
296      }[outputType]() 
297   
298  # End of program 
299  print stdout_footer() 
300