nexpose_paloalto 0.1.2 → 0.1.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +74 -22
- data/bin/nexpose_paloalto +46 -34
- data/lib/paloalto.rb +23 -12
- data/lib/paloalto/config/encryption.config +20 -0
- data/lib/paloalto/config/nexpose_paloalto.config +42 -0
- data/lib/paloalto/nexpose_helper.rb +2 -2
- data/lib/paloalto/utilities/config_parser.rb +141 -0
- data/lib/paloalto/utilities/gem_options.rb +91 -0
- data/lib/paloalto/{nx_logger.rb → utilities/nx_logger.rb} +2 -2
- data/lib/paloalto/version.rb +1 -1
- metadata +27 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: c0af792eac7ae480fd8b3b64aafa83fbe1404dee
|
4
|
+
data.tar.gz: 2a45f4ccc434c1e6e6cf111215704e91219a3a93
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 3fa81cb10b01533f4fbee535e9994656ff6b5d7f47d0deb93df354b65936cafaa7dd028903625957d6c53b6ad3b2d1552c3c5cd99ff80efb4e484736383ae955
|
7
|
+
data.tar.gz: be3c6a081d67b4d200a0e0f60ad7fd50dbad2628afa2e65fa173c214ef0f786b13f132806048e2401d33760efff5077715b2537088375afdc7c06feba1135573
|
data/README.md
CHANGED
@@ -2,14 +2,17 @@
|
|
2
2
|
|
3
3
|
Nexpose -> Palo Alto integration Gem.
|
4
4
|
|
5
|
-
|
6
|
-
|
7
|
-
|
8
|
-
|
9
|
-
|
10
|
-
|
11
|
-
|
12
|
-
*
|
5
|
+
This gem is an integration between Nexpose Dynamic Asset Groups and Palo
|
6
|
+
Alto's PAN Tags. By using this integration,
|
7
|
+
dynamic asset groups could be setup in Nexpose that correspond to groups in PAN
|
8
|
+
with applicable policies.
|
9
|
+
|
10
|
+
For example:
|
11
|
+
|
12
|
+
* Create a DAG in Nexpose which affects a particular vulnerability (Heartbleed).
|
13
|
+
* Define a policy in PAN to block SSL (mitigates temporarily Heartbleed).
|
14
|
+
* Run this gem with the Hearbleed DAG in the configuration.
|
15
|
+
* All assets identified by Nexpose will be registered in PAN.
|
13
16
|
* Apply PAN Heartbleed Policy on the created group.
|
14
17
|
|
15
18
|
## Installation
|
@@ -32,32 +35,81 @@ Or install it yourself as:
|
|
32
35
|
|
33
36
|
Follow these steps once installed:
|
34
37
|
|
35
|
-
* Modify the file nexpose_paloalto.
|
38
|
+
* Modify the file nexpose_paloalto.config under the lib/paloalto/config folder,
|
39
|
+
and add the DAGs to report on. Sites can also be used.
|
40
|
+
|
41
|
+
* Also include the port for the Nexpose console if it does not use the default
|
42
|
+
port.
|
36
43
|
|
37
|
-
* Add the following
|
44
|
+
* Add the following information to the configuration file, or set as environment
|
45
|
+
variables:
|
38
46
|
|
39
|
-
NEXPOSE_URL
|
47
|
+
* NEXPOSE_URL (IP address or hostname)
|
40
48
|
|
41
|
-
NEXPOSE_USERNAME
|
49
|
+
* NEXPOSE_USERNAME
|
42
50
|
|
43
|
-
NEXPOSE_PASSWORD
|
51
|
+
* NEXPOSE_PASSWORD
|
44
52
|
|
53
|
+
* PAN_URL
|
45
54
|
|
46
|
-
|
55
|
+
* PAN_USERNAME
|
47
56
|
|
48
|
-
|
57
|
+
* PAN_PASSWORD
|
49
58
|
|
50
|
-
PAN_PASSWORD
|
51
59
|
|
60
|
+
* Run the command 'nexpose_paloalto' under the bin folder.
|
52
61
|
|
53
|
-
|
62
|
+
* (Optional) Review the log file under the logs folder in the Gem path.
|
54
63
|
|
55
|
-
For
|
64
|
+
For any support requests, please email support@rapid7.com with a description of
|
65
|
+
the issue and any logs available.
|
56
66
|
|
57
|
-
|
67
|
+
#### Notes on Environment Variables
|
68
|
+
For Linux systems, make sure they are added to the current environment where
|
69
|
+
the gem is run.
|
58
70
|
|
59
|
-
|
71
|
+
For Windows systems, make sure they are set within the environment variables
|
72
|
+
section in your Control Panel.
|
73
|
+
|
74
|
+
|
75
|
+
## Encryption Settings
|
76
|
+
|
77
|
+
The usernames and passwords within the configuration files are automatically
|
78
|
+
encrypted when the integration runs. The key and IV files used during
|
79
|
+
encryption/decryption are saved within the config folder by default.
|
80
|
+
|
81
|
+
#### Setting Custom Locations for Encryption Files
|
82
|
+
|
83
|
+
To set custom locations for the key and IV files, update the following values
|
84
|
+
within the encryption.config file:
|
85
|
+
|
86
|
+
- key_filename - The absolute path to where the key file will be created.
|
87
|
+
- iv_file - The absolute path to where the IV file will be created.
|
88
|
+
|
89
|
+
To set a custom path after the integration has already executed, the files must
|
90
|
+
be moved to the new location manually.
|
91
|
+
|
92
|
+
#### Encrypting the Configuration without running the Integration
|
93
|
+
The Nexpose Paloalto integration can encrypt its configuration file without running the gem. This allows users to secure their login information for future use e.g for use in a cron-schedule.
|
94
|
+
|
95
|
+
The command to do so is:
|
96
|
+
```
|
97
|
+
nexpose_paloalto -e
|
98
|
+
```
|
99
|
+
or
|
100
|
+
```
|
101
|
+
nexpose_paloalto --encrypt_config
|
102
|
+
```
|
103
|
+
|
104
|
+
|
105
|
+
## Changelog
|
106
|
+
|
107
|
+
### 0.1.3
|
108
|
+
|
109
|
+
User now has the option to configure the gem using a configuration file as well
|
110
|
+
as with environment variables. DAG and site selection has now been moved to the configuration file.
|
60
111
|
|
112
|
+
Added an encryption configuration file. Usernames and passwords within the
|
113
|
+
configuration files are now encrypted when the application runs.
|
61
114
|
|
62
|
-
|
63
|
-
available.
|
115
|
+
Command line options have been added to the gem. Several are common to all Nexpose gem integrations. Call the gem with '-h' or '--help' to view these options.
|
data/bin/nexpose_paloalto
CHANGED
@@ -1,40 +1,52 @@
|
|
1
1
|
#!/usr/bin/env ruby
|
2
2
|
require 'paloalto'
|
3
|
+
require 'paloalto/utilities/config_parser'
|
4
|
+
require 'paloalto/utilities/gem_options'
|
3
5
|
|
4
|
-
# Obtain
|
5
|
-
|
6
|
-
|
7
|
-
|
8
|
-
|
9
|
-
|
10
|
-
|
11
|
-
|
12
|
-
|
13
|
-
|
14
|
-
|
15
|
-
|
16
|
-
|
17
|
-
|
18
|
-
|
19
|
-
|
20
|
-
|
21
|
-
#
|
22
|
-
|
23
|
-
|
24
|
-
|
25
|
-
|
26
|
-
|
27
|
-
|
28
|
-
|
29
|
-
|
30
|
-
|
31
|
-
|
32
|
-
|
33
|
-
|
34
|
-
|
35
|
-
|
36
|
-
|
37
|
-
|
6
|
+
# Obtain Integration settings from Encrypted Configuration File.
|
7
|
+
PA_CONFIG_PATH = File.join(File.dirname(__FILE__),
|
8
|
+
'../lib/paloalto/config/nexpose_paloalto.config')
|
9
|
+
config_path = File.expand_path(PA_CONFIG_PATH)
|
10
|
+
|
11
|
+
# Setup Logging
|
12
|
+
Paloalto.enable_logging
|
13
|
+
|
14
|
+
# Setup CLI Options
|
15
|
+
GemOptions.create_parser
|
16
|
+
.with_banner_and_options('nexpose_paloalto')
|
17
|
+
.with_configuration_encryption([config_path])
|
18
|
+
.with_help_and_version('Nexpose PaloAlto', Paloalto::VERSION)
|
19
|
+
.parse
|
20
|
+
|
21
|
+
service_data = ConfigParser.get_config(config_path)
|
22
|
+
|
23
|
+
# Setup Logging
|
24
|
+
Paloalto.enable_logging
|
25
|
+
|
26
|
+
# Use ENV instead of configuration options if they are set
|
27
|
+
nexpose_settings = Paloalto.set_variables(service_data[:nexpose_options])
|
28
|
+
pan_settings = Paloalto.set_variables(service_data[:pan_options])
|
29
|
+
|
30
|
+
nexpose_fields = %i(nexpose_url nexpose_username nexpose_password)
|
31
|
+
pan_fields= %i(pan_url pan_username pan_password)
|
32
|
+
|
33
|
+
if nexpose_fields.any? { |i| nexpose_settings[i].nil? }
|
34
|
+
raise "Must configure Nexpose settings before starting (by Configuration \
|
35
|
+
file or Environment variable)"
|
36
|
+
end
|
37
|
+
|
38
|
+
if pan_fields.any? { |i| pan_settings[i].nil? }
|
39
|
+
raise "Must configure PAN settings before starting (by Configuration \
|
40
|
+
file or Environment variable)"
|
41
|
+
end
|
42
|
+
|
43
|
+
if service_data[:options][:dag].empty? && service_data[:options][:sites].empty?
|
44
|
+
raise 'Must configure a site or a dag before starting'
|
45
|
+
end
|
46
|
+
|
47
|
+
nexpose_settings[:dag] = service_data[:options][:dag]
|
48
|
+
nexpose_settings[:sites] = service_data[:options][:sites]
|
49
|
+
nexpose_settings[:timeout] = service_data[:options][:report_timeout]
|
38
50
|
|
39
51
|
# Start integration with all the parameters.
|
40
52
|
Paloalto.start_integration(nexpose_settings, pan_settings)
|
data/lib/paloalto.rb
CHANGED
@@ -1,12 +1,12 @@
|
|
1
1
|
require 'paloalto/version'
|
2
2
|
require 'paloalto/nexpose_helper'
|
3
3
|
require 'paloalto/ngfw'
|
4
|
-
require 'paloalto/nx_logger'
|
4
|
+
require 'paloalto/utilities/nx_logger'
|
5
5
|
|
6
6
|
module Paloalto
|
7
7
|
def self.start_integration(nexpose_settings, pan_settings)
|
8
|
-
|
9
|
-
|
8
|
+
# Asset query.
|
9
|
+
asset_query = "select asset_id, da.ip_address, string_agg(DISTINCT '<' || dt.tag_name, '>') || '>' as tags
|
10
10
|
from dim_site_asset
|
11
11
|
LEFT OUTER JOIN dim_asset da USING (asset_id)
|
12
12
|
LEFT OUTER JOIN dim_tag_asset dta using (asset_id)
|
@@ -24,15 +24,9 @@ module Paloalto
|
|
24
24
|
|
25
25
|
report_timeout = nexpose_settings[:timeout]
|
26
26
|
|
27
|
-
#
|
28
|
-
|
29
|
-
|
30
|
-
Paloalto::PRODUCT,
|
31
|
-
Paloalto::VERSION)
|
32
|
-
@log.setup_logging(true, 'info')
|
33
|
-
|
34
|
-
#Nexpose sites and DAGs to import. Uses Site Id and DAG ID e.g. 'sites = [1,2,3,4]'. Leave as nil to run on all sites and DAGs the user has access to or
|
35
|
-
# set as an empty array e.g. 'dags=[]' to not run on any sites/dags.
|
27
|
+
# Nexpose sites and DAGs to import. Uses Site Id and DAG ID e.g.
|
28
|
+
# 'sites = [1,2,3,4]'. Leave as nil to run on all sites and DAGs the user
|
29
|
+
# has access to or set as an empty array e.g. 'dags=[]' to not run on any sites/dags.
|
36
30
|
sites = nexpose_settings[:sites]
|
37
31
|
dags = nexpose_settings[:dag]
|
38
32
|
|
@@ -151,5 +145,22 @@ module Paloalto
|
|
151
145
|
@log.log_message('Exiting..')
|
152
146
|
end
|
153
147
|
|
148
|
+
def self.enable_logging()
|
149
|
+
@log = Paloalto::NxLogger.instance
|
150
|
+
@log.setup_statistics_collection(Paloalto::VENDOR,
|
151
|
+
Paloalto::PRODUCT,
|
152
|
+
Paloalto::VERSION)
|
153
|
+
@log.setup_logging(true, 'info')
|
154
|
+
end
|
154
155
|
|
156
|
+
def self.set_variables(options)
|
157
|
+
settings = {}
|
158
|
+
options.each_key do |key|
|
159
|
+
value = ENV[key.to_s.upcase]
|
160
|
+
value ||= options[key]
|
161
|
+
@log.log_message('No configuration value found for #{key}') if value.nil?
|
162
|
+
settings[key] = value
|
163
|
+
end
|
164
|
+
settings
|
165
|
+
end
|
155
166
|
end
|
@@ -0,0 +1,20 @@
|
|
1
|
+
#
|
2
|
+
# Symmetric Encryption for Ruby
|
3
|
+
#
|
4
|
+
---
|
5
|
+
production:
|
6
|
+
# Since the encryption key must NOT be stored along with the
|
7
|
+
# source code, only store the key encryption key here.
|
8
|
+
private_rsa_key:
|
9
|
+
|
10
|
+
# List Symmetric Key Ciphers in the order of current / newest first
|
11
|
+
ciphers:
|
12
|
+
-
|
13
|
+
# Name of the file containing the encrypted key and iv.
|
14
|
+
key_filename: <absolute/path/to/filename>.key
|
15
|
+
iv_filename: <absolute/path/to/filename>.iv
|
16
|
+
|
17
|
+
cipher: aes-256-cbc
|
18
|
+
encoding: base64strict
|
19
|
+
version: 1
|
20
|
+
always_add_header: true
|
@@ -0,0 +1,42 @@
|
|
1
|
+
---
|
2
|
+
# This configuration file defines all the particular options necessary to run the service.
|
3
|
+
# Fields marked (M) are mandatory.
|
4
|
+
#
|
5
|
+
# For this integration a DAG or site needs to be provided, or both can be provided.
|
6
|
+
# To not generate tags for a group (e.g. sites), leave a single '-' as shown below.
|
7
|
+
# Removing the '-' will result in tags being generated for all of that group.
|
8
|
+
# Do not place site or DAG ids in quotes ('' or "")
|
9
|
+
#
|
10
|
+
# Service options:
|
11
|
+
:options:
|
12
|
+
# Dynamic Asset Groups to use, newline for each:
|
13
|
+
:dag:
|
14
|
+
- 1
|
15
|
+
# Sites to use, newline for each. We recommend using DAGs, above:
|
16
|
+
:sites:
|
17
|
+
-
|
18
|
+
# Report Time_out. Leave default value of 10800.
|
19
|
+
:report_timeout: 10800
|
20
|
+
# Nexpose options.
|
21
|
+
:nexpose_options:
|
22
|
+
# (M) Nexpose console hostname.
|
23
|
+
:nexpose_url: 127.0.0.1
|
24
|
+
# (M) Nexpose username.
|
25
|
+
:nexpose_username: username
|
26
|
+
# (M) Nexpose password.
|
27
|
+
:nexpose_password: password
|
28
|
+
# Port for Nexpose console. Leave default value of 3780
|
29
|
+
:nexpose_port: 3780
|
30
|
+
# PaloAlto Firewall options
|
31
|
+
:pan_options:
|
32
|
+
# (M) PAN hostname.
|
33
|
+
:pan_url: 127.0.0.1
|
34
|
+
# (M) PAN username.
|
35
|
+
:pan_username: username
|
36
|
+
# (M) PAN password
|
37
|
+
:pan_password: password
|
38
|
+
# Encryption options
|
39
|
+
:encryption_options:
|
40
|
+
# (M) Path to the encryption.config file
|
41
|
+
:directory: '../../config/encryption.config'
|
42
|
+
|
@@ -2,11 +2,11 @@ module Paloalto
|
|
2
2
|
module NexposeHelper
|
3
3
|
require 'nexpose'
|
4
4
|
require 'csv'
|
5
|
-
require 'paloalto/nx_logger'
|
5
|
+
require 'paloalto/utilities/nx_logger'
|
6
6
|
|
7
7
|
# Logs in to Nexpose using the url, username and password.
|
8
8
|
def self.login(url=nil, username=nil, password=nil, port=3780)
|
9
|
-
raise 'Nexpose connection must be set
|
9
|
+
raise 'Nexpose connection details must be set.' if url.nil? || username.nil? || password.nil?
|
10
10
|
nsc = Nexpose::Connection.new(url, username, password, port)
|
11
11
|
nsc.login
|
12
12
|
Paloalto::NxLogger.instance.on_connect(url, port, nsc.session_id, "{}")
|
@@ -0,0 +1,141 @@
|
|
1
|
+
require 'erb'
|
2
|
+
require 'yaml'
|
3
|
+
require 'fileutils'
|
4
|
+
require 'symmetric-encryption'
|
5
|
+
|
6
|
+
class ConfigParser
|
7
|
+
ENCRYPTED_FORMAT = '<%%= SymmetricEncryption.try_decrypt "%s" %%>'
|
8
|
+
PLACEHOLDER = '<absolute/path/to/filename>'
|
9
|
+
# The environment to use, defined within the encryption config
|
10
|
+
STANZA = 'production'
|
11
|
+
# The line width of the YAML file before line-wrapping occurs
|
12
|
+
WIDTH = 120
|
13
|
+
|
14
|
+
# Encrypts a configuration file and returns the unencrypted hash.
|
15
|
+
def self.get_config(config_path, enc_path=nil)
|
16
|
+
# Try to load a path from the provided config
|
17
|
+
custom_enc_path = get_enc_directory(config_path)
|
18
|
+
enc_path = custom_enc_path unless custom_enc_path.nil?
|
19
|
+
|
20
|
+
enc_path = File.expand_path(enc_path, __FILE__)
|
21
|
+
config_path = File.expand_path(config_path)
|
22
|
+
|
23
|
+
|
24
|
+
generate_keys(enc_path, config_path)
|
25
|
+
encrypt_config(enc_path, config_path)
|
26
|
+
decrypt_config(enc_path, config_path)
|
27
|
+
end
|
28
|
+
|
29
|
+
# Writes the YAML to file with custom formatting options
|
30
|
+
def self.save_config(config_details, config_path)
|
31
|
+
yaml = config_details.to_yaml(line_width: WIDTH)
|
32
|
+
File.open(config_path, 'w') {|f| f.write yaml }
|
33
|
+
end
|
34
|
+
|
35
|
+
def self.encrypt_field(value)
|
36
|
+
encrypted_value = SymmetricEncryption.encrypt value
|
37
|
+
ENCRYPTED_FORMAT % encrypted_value
|
38
|
+
end
|
39
|
+
|
40
|
+
# Retrieves the custom directory of the encryption config
|
41
|
+
def self.get_enc_directory(config_path)
|
42
|
+
settings = YAML.load_file(config_path)
|
43
|
+
return nil if settings[:encryption_options].nil?
|
44
|
+
|
45
|
+
enc_dir = settings[:encryption_options][:directory]
|
46
|
+
return nil if (enc_dir.nil? || enc_dir == '')
|
47
|
+
|
48
|
+
File.expand_path(enc_dir, __FILE__)
|
49
|
+
end
|
50
|
+
|
51
|
+
# Generates the RSA key, associated files and directories.
|
52
|
+
def self.generate_keys(enc_path, config_path)
|
53
|
+
settings = YAML.load_file(enc_path)
|
54
|
+
key = settings[STANZA]['private_rsa_key']
|
55
|
+
|
56
|
+
# Recognise an existing key
|
57
|
+
return unless (key.nil? || key == '')
|
58
|
+
|
59
|
+
# Generate a new RSA key and store the details
|
60
|
+
new_rsa_key = SymmetricEncryption::KeyEncryptionKey.generate
|
61
|
+
settings[STANZA]['private_rsa_key'] = new_rsa_key
|
62
|
+
save_config(settings, enc_path)
|
63
|
+
|
64
|
+
# Populate the placeholder values within the config
|
65
|
+
populate_ciphers(enc_path, config_path)
|
66
|
+
|
67
|
+
# Need to create a folder (specified by the user) to store the key files
|
68
|
+
dir = File.dirname(settings[STANZA]['ciphers'].first['key_filename'])
|
69
|
+
|
70
|
+
begin
|
71
|
+
unless File.directory?(dir) || PLACEHOLDER.include?(dir)
|
72
|
+
puts "Creating folder: #{dir}"
|
73
|
+
FileUtils::mkdir_p dir
|
74
|
+
end
|
75
|
+
rescue Exception => e
|
76
|
+
msg = "Unable to create the folders used to store encryption details.\n"\
|
77
|
+
'Please ensure the user has permissions to create folders in the ' \
|
78
|
+
"path specified in the encryption config: #{enc_path}\n"
|
79
|
+
handle_error(msg, e)
|
80
|
+
end
|
81
|
+
|
82
|
+
SymmetricEncryption.generate_symmetric_key_files(enc_path, STANZA)
|
83
|
+
end
|
84
|
+
|
85
|
+
# Replace placeholder values for the key and iv file paths,
|
86
|
+
# placing them in the config folder by default.
|
87
|
+
def self.populate_ciphers(enc_path, config_path)
|
88
|
+
settings = YAML.load_file(enc_path)
|
89
|
+
ciphers = settings[STANZA]['ciphers'].first
|
90
|
+
config_folder = File.dirname(config_path)
|
91
|
+
config_name = File.basename(config_path, File.extname(config_path))
|
92
|
+
|
93
|
+
%w(key iv).each do |file|
|
94
|
+
label = "#{file}_filename"
|
95
|
+
file_path = ciphers[label]
|
96
|
+
next unless file_path.include? PLACEHOLDER
|
97
|
+
|
98
|
+
filename = ".#{config_name}.#{file}"
|
99
|
+
ciphers[label] = File.join(config_folder, filename)
|
100
|
+
end
|
101
|
+
|
102
|
+
save_config(settings, enc_path)
|
103
|
+
end
|
104
|
+
|
105
|
+
def self.encrypt_config(enc_path, config_path)
|
106
|
+
SymmetricEncryption.load!(enc_path, STANZA)
|
107
|
+
|
108
|
+
# Read the config in as an array of strings
|
109
|
+
f = File.open(config_path)
|
110
|
+
config_lines = f.readlines
|
111
|
+
f.close
|
112
|
+
|
113
|
+
# Define the regex that can find relevant fields
|
114
|
+
regex = /^(?<label>\s*:?\w*(passw|pwd|user|usr)\w*:?\s)(?<value>.*)$/
|
115
|
+
|
116
|
+
# Line by line, write the line to file, encrypting sensitive fields
|
117
|
+
File.open(config_path, 'w+') do |f|
|
118
|
+
config_lines.each do |l|
|
119
|
+
matches = l.match(regex)
|
120
|
+
|
121
|
+
# Encrypt fields with username/password labels that are in plaintext
|
122
|
+
unless matches.nil? || matches['value'].include?('SymmetricEncryption')
|
123
|
+
l = "#{matches['label']}#{encrypt_field(matches['value'])}"
|
124
|
+
end
|
125
|
+
|
126
|
+
f.puts l
|
127
|
+
end
|
128
|
+
end
|
129
|
+
end
|
130
|
+
|
131
|
+
# Returns a hash containing the decrypted details from a config file.
|
132
|
+
def self.decrypt_config(enc_path, config_path)
|
133
|
+
SymmetricEncryption.load!(enc_path, STANZA)
|
134
|
+
return YAML.load(ERB.new(File.new(config_path).read).result)
|
135
|
+
end
|
136
|
+
|
137
|
+
def self.handle_error(message, error)
|
138
|
+
puts message
|
139
|
+
raise error
|
140
|
+
end
|
141
|
+
end
|
@@ -0,0 +1,91 @@
|
|
1
|
+
require 'optparse'
|
2
|
+
|
3
|
+
class GemOptions
|
4
|
+
|
5
|
+
@parser
|
6
|
+
|
7
|
+
def self.create_parser
|
8
|
+
@parser = OptionParser.new
|
9
|
+
self
|
10
|
+
end
|
11
|
+
|
12
|
+
# How the gem is used e.g 'nexpose ticketing jira [options]'
|
13
|
+
def self.with_banner(gem_usage_string)
|
14
|
+
@parser.banner = "Usage: #{gem_usage_string} [options]"
|
15
|
+
@parser.separator ''
|
16
|
+
self
|
17
|
+
end
|
18
|
+
|
19
|
+
# Header for options list
|
20
|
+
def self.with_options
|
21
|
+
@parser.separator 'Options:'
|
22
|
+
self
|
23
|
+
end
|
24
|
+
|
25
|
+
# Creates banner and options
|
26
|
+
def self.with_banner_and_options(gem_usage_string)
|
27
|
+
with_banner(gem_usage_string)
|
28
|
+
with_options
|
29
|
+
self
|
30
|
+
end
|
31
|
+
|
32
|
+
# For setting encryption switch. Can be set to work with two configurations
|
33
|
+
# Config_paths is an array
|
34
|
+
def self.with_configuration_encryption(config_paths, enc_path = nil)
|
35
|
+
@parser.on('-e',
|
36
|
+
'--encrypt_config',
|
37
|
+
'Encrypt the configuration file(s) without running the gem') do |e|
|
38
|
+
ConfigParser.get_config(config_paths.first, enc_path) unless enc_path.nil?
|
39
|
+
ConfigParser.get_config(config_paths.last)
|
40
|
+
puts "\nConfiguration File(s) Encrypted"
|
41
|
+
exit
|
42
|
+
end
|
43
|
+
self
|
44
|
+
end
|
45
|
+
|
46
|
+
def self.with_help
|
47
|
+
@parser.on_tail('-h', '--help', 'Show this message') do |h|
|
48
|
+
puts @parser
|
49
|
+
exit
|
50
|
+
end
|
51
|
+
self
|
52
|
+
end
|
53
|
+
|
54
|
+
def self.with_version(gem, version)
|
55
|
+
@parser.on_tail('--version', 'Version Information') do |v|
|
56
|
+
puts "#{gem} #{version}"
|
57
|
+
exit
|
58
|
+
end
|
59
|
+
self
|
60
|
+
end
|
61
|
+
|
62
|
+
def self.with_help_and_version(gem, version)
|
63
|
+
with_help
|
64
|
+
with_version(gem, version)
|
65
|
+
self
|
66
|
+
end
|
67
|
+
|
68
|
+
# Method to allow integrations to create own options, with both short and long
|
69
|
+
# switches and description.
|
70
|
+
# Handler is the block to run when option is called.
|
71
|
+
def self.with_other_option(short_switch, long_switch, description, &handler)
|
72
|
+
@parser.on("-#{short_switch}", "--#{long_switch}", description) do |opt|
|
73
|
+
handler.call
|
74
|
+
end
|
75
|
+
end
|
76
|
+
|
77
|
+
# Method to allow integrations to create own options, with only one size of
|
78
|
+
# switch and description.
|
79
|
+
# '-' for short switches and '--' for long switches is required.
|
80
|
+
# Handler is the block to run when option is called.
|
81
|
+
def self.with_single_switch_option(identifier, switch, description, &handler)
|
82
|
+
@parser.on("#{identifier}#{switch}", description) do |opt|
|
83
|
+
handler.call
|
84
|
+
end
|
85
|
+
end
|
86
|
+
|
87
|
+
# Parses the options to make them available
|
88
|
+
def self.parse
|
89
|
+
@parser.parse!
|
90
|
+
end
|
91
|
+
end
|
@@ -6,7 +6,7 @@ require 'singleton'
|
|
6
6
|
module Paloalto
|
7
7
|
class NxLogger
|
8
8
|
include Singleton
|
9
|
-
LOG_PATH = "
|
9
|
+
LOG_PATH = "../logs/rapid7_%s.log"
|
10
10
|
KEY_FORMAT = "external.integration.%s"
|
11
11
|
PRODUCT_FORMAT = "%s_%s"
|
12
12
|
|
@@ -163,4 +163,4 @@ module Paloalto
|
|
163
163
|
end
|
164
164
|
|
165
165
|
end
|
166
|
-
end
|
166
|
+
end
|
data/lib/paloalto/version.rb
CHANGED
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: nexpose_paloalto
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.1.
|
4
|
+
version: 0.1.3
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Damian Finol
|
@@ -9,7 +9,7 @@ authors:
|
|
9
9
|
autorequire:
|
10
10
|
bindir: bin
|
11
11
|
cert_chain: []
|
12
|
-
date: 2017-05-
|
12
|
+
date: 2017-05-30 00:00:00.000000000 Z
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
15
|
name: bundler
|
@@ -81,6 +81,26 @@ dependencies:
|
|
81
81
|
- - "~>"
|
82
82
|
- !ruby/object:Gem::Version
|
83
83
|
version: '1.6'
|
84
|
+
- !ruby/object:Gem::Dependency
|
85
|
+
name: symmetric-encryption
|
86
|
+
requirement: !ruby/object:Gem::Requirement
|
87
|
+
requirements:
|
88
|
+
- - "~>"
|
89
|
+
- !ruby/object:Gem::Version
|
90
|
+
version: '3.9'
|
91
|
+
- - ">="
|
92
|
+
- !ruby/object:Gem::Version
|
93
|
+
version: 3.9.0
|
94
|
+
type: :runtime
|
95
|
+
prerelease: false
|
96
|
+
version_requirements: !ruby/object:Gem::Requirement
|
97
|
+
requirements:
|
98
|
+
- - "~>"
|
99
|
+
- !ruby/object:Gem::Version
|
100
|
+
version: '3.9'
|
101
|
+
- - ">="
|
102
|
+
- !ruby/object:Gem::Version
|
103
|
+
version: 3.9.0
|
84
104
|
description: This Gem allows usage of Nexpose Dynamic Asset groups with Palo Alto
|
85
105
|
TAGs.
|
86
106
|
email:
|
@@ -97,9 +117,13 @@ files:
|
|
97
117
|
- Rakefile
|
98
118
|
- bin/nexpose_paloalto
|
99
119
|
- lib/paloalto.rb
|
120
|
+
- lib/paloalto/config/encryption.config
|
121
|
+
- lib/paloalto/config/nexpose_paloalto.config
|
100
122
|
- lib/paloalto/nexpose_helper.rb
|
101
123
|
- lib/paloalto/ngfw.rb
|
102
|
-
- lib/paloalto/
|
124
|
+
- lib/paloalto/utilities/config_parser.rb
|
125
|
+
- lib/paloalto/utilities/gem_options.rb
|
126
|
+
- lib/paloalto/utilities/nx_logger.rb
|
103
127
|
- lib/paloalto/version.rb
|
104
128
|
homepage: http://www.rapid7.com
|
105
129
|
licenses:
|