generic import and report on rule level

[tpurschke]

add new module which allows to quickly integrate new configs consisting of rules which can be reported on per rule
this could be used for all kinds of configs/rules like proxies, firewalls, routers, ....

database structure

• add schema generic

create table generic.rule 
(
    id      bigserial,
    mgm_id  int,
    dev_id int,
    created timestamp,
    deleted timestamp,
    details_text varchar, 
    details_json jsonb             -- optional one of the two should be filled, could also be both
);

create table generic.dev_type 
(
    id      serial,
    name varchar,
    manufacturer varchar,
    format varchar,    -- format the API returns, either json or xml
    login_path varchar default '/login',
    ...
);

alter table public.device add column generic_dev_type int;
-- reference into generic.dev_type

• database contains no column-based details below rule level
• database could even be a nosql db in unstructured format like mongodb
• do not allow historic data, just current config
• each rule is an arbitrary json struct
• have 2 patterns for each config type to
  • identify relevant part of config
  • divide relevant part of config into single rules
• do not resolve rule parts
• need new dev_typ "generic"

functionality to be implemented in first step

• rules & statistics report for generic rules
• report export as PDF,JSON
• recertification as most important module for generic rules

First PoC candidate

• first generic config for prototype might be McAfee Web Gateway Proxy

tim@acantha:~$ echo "YWRtaW46d2ViZ2F0ZXdheQ==" | base64 -d
admin:webgateway
tim@acantha:~$ 
0)  REST=https://1.2.3.4:4712/Konfigurator/REST
1) curl -i -H "Authorization: Basic YWRtaW46d2ViZ2F0ZXdheQ==" -X POST "$REST/login"
2) curl -i -b cookies.txt -X GET "$REST/rulesets?topLevelOnly=false"
3) curl -i -b cookies.txt -X GET "$REST/rulesets/rulegroups/5234/successor?topLevelOnly=false"

• also add existing import modules as generic imports (fortimanager, checkpoint)
• add palo alto generic importer
• add F5 LB generic importer