SSL API client for Stormshield Network Security appliances
Project description
python-SNS-API
A Python client for the Stormshield Network Security appliance SSL API.
Note: this module requires python2.7 or python3.3
API usage
from stormshield.sns.sslclient import SSLClient
client = SSLClient(
host="10.0.0.254", port=443,
user='admin', password='password',
sslverifyhost=False)
response = client.send_command("SYSTEM PROPERTY")
if response:
model = response.data['Result']['Model']
version = response.data['Result']['Version']
print("Model: {}".format(model))
print("Firmware version: {}".format(version))
else:
print("Command failed: {}".format(response.output))
client.disconnect()
Command results
Command results are available in text, xml or python structure formats:
>>> response = client.send_command("CONFIG NTP SERVER LIST")
>>> print(response.output)
101 code=00a01000 msg="Begin" format="section_line"
[Result]
name=ntp1.stormshieldcs.eu keynum=none type=host
name=ntp2.stormshieldcs.eu keynum=none type=host
100 code=00a00100 msg="Ok"
>>> print(response.xml)
<?xml version="1.0"?>
<nws code="100" msg="OK"><serverd ret="101" code="00a01000" msg="Begin"><data format="section_line"><section title="Result"><line><key name="name" value="ntp1.stormshieldcs.eu"/><key name="keynum" value="none"/><key name="type" value="host"/></line><line><key name="name" value="ntp2.stormshieldcs.eu"/><key name="keynum" value="none"/><key name="type" value="host"/></line></section></data></serverd><serverd ret="100" code="00a00100" msg="Ok"></serverd></nws>
>>> print(response.data)
{'Result': [{'name': 'ntp1.stormshieldcs.eu', 'keynum': 'none', 'type': 'host'}, {'name': 'ntp2.stormshieldcs.eu', 'keynum': 'none', 'type': 'host'}]}
The keys of the data
property are case insensitive, response.data['Result'][0]['name']
and response.data['ReSuLt'][0]['NaMe']
will return the same value.
Results token are also available via response.parser.get()
method which accepts a default parameter to return if the token is not present.
>>> print(response.output)
101 code=00a01000 msg="Begin" format="section"
[Server]
1=dns1.google.com
2=dns2.google.com
100 code=00a00100 msg="Ok"
>>> print(response.data['Server']['3'])
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/usr/local/lib/python3.7/site-packages/requests/structures.py", line 52, in __getitem__
return self._store[key.lower()][1]
KeyError: '3'
>>> print(response.parser.get(section='Server', token='3', default=None))
None
File upload/download
Files can be downloaded or uploaded by adding a redirection to a file with '>' or '<' at the end of the configuration command.
>>> client.send_command("CONFIG BACKUP list=all > /tmp/mybackup.na")
100 code=00a00100 msg="Ok"
snscli
snscli
is a python cli for executing configuration commands and scripts on Stormshield Network Security appliances.
- Output format can be chosen between section/ini or xml
- File upload and download available with adding
< upload
or> download
at the end of the command - Client can execute script files using
--script
option. - Comments are allowed with
#
$ snscli --host <utm>
$ snscli --host <utm> --user admin --password admin --script config.script
Concerning the SSL validation:
- For the first connection to a new appliance, ssl host name verification can be bypassed with
--no-sslverifyhost
option. - To connect to a known appliance with the default certificate use
--host <serial> --ip <ip address>
to validate the peer certificate. - If a custom CA and certificate is installed, use
--host myfirewall.tld --cabundle <ca.pem>
. - For client certificate authentication, the expected format is a PEM file with the certificate and the unencrypted key concatenated.
Proxy
The library and snscli
tool support HTTP and SOCKS proxies, use --proxy scheme://user:password@host:port
option.
Build
$ python3 setup.py sdist bdist_wheel
Install
From PyPI:
$ pip3 install stormshield.sns.sslclient
From source:
$ python3 setup.py install
Tests
Warning: some tests require a remote SNS appliance.
$ PASSWORD=password APPLIANCE=10.0.0.254 python3 setup.py test
To run snscli
from the source folder without install:
$ PYTHONPATH=. python3 stormshield/sns/cli.py --help
Links
Project details
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distributions
Hashes for stormshield.sns.sslclient-1.0.1.tar.gz
Algorithm | Hash digest | |
---|---|---|
SHA256 | 00aa5e07a3c3a41d0955c586be2fc859a604e46e37e2aa4e9f0a0950bc5812f3 |
|
MD5 | d47a8b019e321e57b81959041fe64d39 |
|
BLAKE2b-256 | d3f37fbd063ee709ed7b3d2e03e93070af83c55225f9be3bf0e782e3212d7acb |
Hashes for stormshield.sns.sslclient-1.0.1-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | d3b91531664bc3ac720bf524e977f3dbf276e2947c065b66e27888c26d72a582 |
|
MD5 | 05012ff1467bf1a14cdf66c836519308 |
|
BLAKE2b-256 | 8e8af78216cd844875b0c51c43cd388b358bbbd8ebf88a5ebfe987db77a7c3fc |
Hashes for stormshield.sns.sslclient-1.0.1-py2-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 30591bf98955e794472be7c1b025b8a648acdf99c4716a8254f4191858ca14b3 |
|
MD5 | 430a6e959bddc844d8d2622cebe74e75 |
|
BLAKE2b-256 | 1668b90a5e64492a58fc59acc9acdc05f0cc2ebcc7b957d2cbb948924d4b48fe |