close #2, close #3 and some profile fixes

CHANGELOG.md

@@ -1,3 +1,9 @@
+# 1.2.0 (2014-12-14)
+
+#### New feature
+- [Issue #2](https://github.com/syepes/cvm/issues/2). Enable/Expert login support
+- [Issue #3](https://github.com/syepes/cvm/issues/3). CheckPoint and Cisco enable Device Profiles support
+
 # 1.1.0 (2014-10-16)
 
 #### New feature

README.md

@@ -22,11 +22,13 @@ A Brief Overview  of how CVM works:
 
 ## Working Device Profiles
 - Cisco:
-  - Routers/Switchs/Nexus (Using TACACS+ enable mode account)
+  - Routers/Switchs/Nexus
 - Fortinet
   - FortiGate Firewalls
 - JuniperNetworks
   - Juniper
+- Check Point
+  - SecurePlatform Linux
 
 ## Requirements
 - [Java](http://www.java.com) 1.7+

build.gradle

@@ -15,7 +15,7 @@ description = "$projectName - Configuration Versioning Manager"
 group = 'com.allthingsmonitoring.utils.CVM'
 archivesBaseName = 'cvm'
 distsDirName = 'dist'
-version = '1.1.0'
+version = '1.2.0'
 
 def authorString = 'Sebastian YEPES FERNANDEZ (syepes@gmail.com)'
 def copyrightString = 'Copyright © 2014 – Sebastian YEPES FERNANDEZ All Rights Reserved.'

src/dist/authProfiles.groovy

@@ -1,5 +1,6 @@
 authProfiles = [[type:"vendor", pattern:"~/(?i)cisco.*/", auth:['cisco','secret']],
-                [type:"vendor", pattern:"~/(?i)fortinet.*/", auth:['admin','admin']],
+                [type:"device", pattern:"~/(?i)dc1-ro.*/", auth:['admin','secret','enablePasswd']],
+                [type:"vendor", pattern:"~/(?i).*fortinet.*/", auth:['admin','admin']],
                 [type:"vendor", pattern:"~/(?i)juniper.*/", auth:['netscreen','netscreen']],
-                [type:"device", pattern:"~/(?i)dc.-core.*/", auth:['admin','secret']]
+                [type:"device", pattern:"~/(?i)fw-core.*/", auth:['admin','secret','expertPasswd']]
                ]

src/dist/calaca/cvm_search.conf

@@ -1,21 +1,21 @@
 Alias /search /var/www/htdocs/calaca/
-<LocationMatch "^/(search|_plugin)$">
+<LocationMatch "^/(search.*|_plugin.*|_status|_cluster.*|_nodes.*|_aliases|_search|.*/_search|_mapping|.*/_mapping)">
   AuthType Basic
   AuthName "CVM - Configuration Versioning Manager"
   AuthBasicProvider file
   AuthUserFile /opt/cvm/.access
   <LimitExcept OPTIONS>
     Require valid-user
   </LimitExcept>
-</LocationMatch >
+</LocationMatch>
 
 ProxyRequests On
 <Proxy http://127.0.0.1:9200>
   ProxySet connectiontimeout=5 timeout=90
 </Proxy>
 
 # Proxy for _aliases and .*/_search
-<LocationMatch "^/(_plugin.*|_status|_cluster.*|_nodes.*|_aliases|_search|.*/_search|_mapping|.*/_mapping)$">
+<LocationMatch "^/(_plugin.*|_status|_cluster.*|_nodes.*|_aliases|_search|.*/_search|_mapping|.*/_mapping)">
   ProxyPassMatch http://127.0.0.1:9200/$1
   ProxyPassReverse http://127.0.0.1:9200/$1
 </LocationMatch>

src/dist/config.groovy

@@ -1,18 +1,17 @@
-// Absolute or Relative Paths
+// Paths can be either Absolute or Relative
 git.repo                      = $/repository/$
 authProfileConfig             = $/authProfiles.groovy/$
 deviceProfileConfig           = $/deviceProfiles.groovy/$
 deviceProfilePath             = $/profiles/$
 
-deviceSource.src              = 'NNMi' // file, NNMi
+deviceSource.src = 'file'
+deviceSource.file_path        = $//opt/cvm/deviceList.groovy/$
 
-// deviceSource.src = 'file'
-//deviceSource.file_path        = $//opt/cvm/deviceList.groovy/$
-
-// deviceSource.src = 'NNMi'
-deviceSource.nnmi_vip         = 'nnm.domain.com' // NNMi VIP
-deviceSource.nnmi_usr         = 'system'
-deviceSource.nnmi_pwd         = 'system'
-deviceSource.nnmi_deviceTypes = ['router','switchrouter','switch','firewall','wirelessaccesspoint']
-deviceSource.nnmi_nodeGroup   = 'Topology group' // NodeGroup or null
+// HP NNMi Integration
+//deviceSource.src              = 'NNMi' // file, NNMi
+//deviceSource.nnmi_vip         = 'nnm.domain.com' // NNMi VIP
+//deviceSource.nnmi_usr         = 'system'
+//deviceSource.nnmi_pwd         = 'system'
+//deviceSource.nnmi_deviceTypes = ['router','switchrouter','switch','firewall','wirelessaccesspoint']
+//deviceSource.nnmi_nodeGroup   = 'Topology group' // NodeGroup or null
 

src/dist/deviceList.groovy

@@ -1,7 +1,7 @@
 deviceList = [
-              ['device':'ro1.domain.com', 'vendor':'Cisco', 'model':'1812', 'type':'Router'],
-              ['device':'ro2.domain.com', 'vendor':'Juniper', 'model':'XXX', 'type':'Router'],
-              ['device':'fw1.domain.com', 'vendor':'Fortigate', 'model':'50C', 'type':'Firewall'],
-              ['device':'fw2.domain.com', 'port':22, 'vendor':'Fortigate', 'model':'40C', 'type':'Firewall'],
-              ['device':'linux.domain.com', 'vendor':'Linux', 'model':'RedHat', 'type':'Server']
+              ['device':'cisco-ro1.domain.com', 'port':22, 'vendor':'Cisco', 'model':'1812', 'type':'Router'],
+              ['device':'dc1-ro1.domain.com', 'vendor':'Cisco', 'model':'1812', 'type':'Router'],
+              ['device':'dc1-fortinet-fw1.domain.com', 'vendor':'Fortigate', 'model':'50C', 'type':'Firewall'],
+              ['device':'juniper-ro2.domain.com', 'vendor':'Juniper', 'model':'XXX', 'type':'Router'],
+              ['device':'fw-core1.domain.com', 'vendor':'Check Point', 'model':'SecurePlatformLinux', 'type':'Firewall'],
              ]

src/dist/deviceProfiles.groovy

@@ -1,5 +1,7 @@
 deviceProfiles = [[type:"vendor", pattern:"~/(?i)cisco.*/", profileName:'Cisco_Generic'],
-                  [type:"vendor", pattern:"~/(?i)fortinet.*/", profileName:'Fortinet-Full_Generic'],
+                  [type:"device", pattern:"~/(?i)dc1-ro.*/", profileName:'Cisco-Enable_Generic'],
+                  [type:"vendor", pattern:"~/(?i)dc1-fortinet.*/", profileName:'Fortinet-Full_Generic'],
+                  [type:"device", pattern:"~/(?i)dc2-fortinet.*/", profileName:'Fortinet-Small_Generic'],
                   [type:"vendor", pattern:"~/(?i)juniper.*/", profileName:'JuniperNetworks_Generic'],
-                  [type:"device", pattern:"~/(?i)dc.-core.*/", profileName:'Fortinet-Small_Generic']
+                  [type:"device", pattern:"~/(?i)fw-core.*/", profileName:'CheckPoint_SecurePlatformLinux_Generic']
                  ]

src/dist/profiles/CheckPoint_SecurePlatformLinux_Generic.json

@@ -0,0 +1,188 @@
+{
+    "name": "CheckPoint_SecurePlatformLinux_Generic",
+    "access": {
+        "timeout": 30,
+        "prompt_standard": ["\\[.*\\]#\\s*$", ".*#\\s*$"],
+        "cmds_superusr": ["expert"],
+        "expect_superusr_prompt": ["\\[.*\\]#\\s*$", ".*#\\s*$"],
+        "expect_timeout": 30,
+        "expect_bufferSize": 4096,
+        "cmds_disable_more_prompt": ["scroll off"],
+        "expect_disable_more_prompt": ["\\[.*\\]#\\s*$", ".*#\\s*$"],
+        "cmds_post_login": [],
+        "expect_post_login": [],
+        "cmds_disconnect": ["exit","exit"]
+    },
+    "commands": [
+      {
+        "name": "ifconfig",
+        "storage": "ifconfig.cfg",
+        "send": ["ifconfig -a |egrep -iv 'RX|TX'"],
+        "expect": ["\\[.*\\]#\\s*$", ".*#\\s*$"],
+        "expect_timeout": 60,
+        "strip_top": 1,
+        "strip_down": 0,
+        "cleanup_patterns": []
+      },
+      {
+        "name": "netstat_routes",
+        "storage": "netstat_routes.cfg",
+        "send": ["netstat -rnv"],
+        "expect": ["\\[.*\\]#\\s*$", ".*#\\s*$"],
+        "expect_timeout": 60,
+        "strip_top": 1,
+        "strip_down": 0,
+        "cleanup_patterns": []
+      },
+      {
+        "name": "etc_netconf",
+        "storage": "etc_netconf.cfg",
+        "send": ["cat /etc/sysconfig/netconf.C"],
+        "expect": ["\\[.*\\]#\\s*$", ".*#\\s*$"],
+        "expect_timeout": 60,
+        "strip_top": 1,
+        "strip_down": 0,
+        "cleanup_patterns": []
+      },
+      {
+        "name": "etc_hosts",
+        "storage": "etc_hosts.cfg",
+        "send": ["cat /etc/hosts"],
+        "expect": ["\\[.*\\]#\\s*$", ".*#\\s*$"],
+        "expect_timeout": 60,
+        "strip_top": 1,
+        "strip_down": 0,
+        "cleanup_patterns": []
+      },
+      {
+        "name": "etc_resolv",
+        "storage": "etc_resolv.cfg",
+        "send": ["cat /etc/resolv.conf"],
+        "expect": ["\\[.*\\]#\\s*$", ".*#\\s*$"],
+        "expect_timeout": 60,
+        "strip_top": 1,
+        "strip_down": 0,
+        "cleanup_patterns": []
+      },
+      {
+        "name": "etc_snmpd",
+        "storage": "etc_snmpd.cfg",
+        "send": ["cat /etc/snmp/snmpd.conf"],
+        "expect": ["\\[.*\\]#\\s*$", ".*#\\s*$"],
+        "expect_timeout": 60,
+        "strip_top": 1,
+        "strip_down": 0,
+        "cleanup_patterns": []
+      },
+      {
+        "name": "cpstat-os",
+        "storage": "cpstat-os.cfg",
+        "send": ["cpstat os"],
+        "expect": ["\\[.*\\]#\\s*$", ".*#\\s*$"],
+        "expect_timeout": 300,
+        "strip_top": 1,
+        "strip_down": 0,
+        "cleanup_patterns": []
+      },
+      {
+        "name": "fw-ver",
+        "storage": "fw-ver.cfg",
+        "send": ["fw ver"],
+        "expect": ["\\[.*\\]#\\s*$", ".*#\\s*$"],
+        "expect_timeout": 60,
+        "strip_top": 1,
+        "strip_down": 0,
+        "cleanup_patterns": []
+      },
+      {
+        "name": "fw-stat",
+        "storage": "fw-stat.cfg",
+        "send": ["fw stat -s"],
+        "expect": ["\\[.*\\]#\\s*$", ".*#\\s*$"],
+        "expect_timeout": 60,
+        "strip_top": 1,
+        "strip_down": 0,
+        "cleanup_patterns": []
+      },
+      {
+        "name": "conf_objects",
+        "storage": "conf_objects_5_0.C.cfg",
+        "send": ["cat $FWDIR/conf/objects_5_0.C"],
+        "expect": ["\\[.*\\]#\\s*$", ".*#\\s*$"],
+        "expect_timeout": 60,
+        "strip_top": 1,
+        "strip_down": 0,
+        "cleanup_patterns": []
+      },
+      {
+        "name": "conf_rulebases",
+        "storage": "conf_rulebases_5_0.fws.cfg",
+        "send": ["cat $FWDIR/conf/rulebases_5_0.fws"],
+        "expect": ["\\[.*\\]#\\s*$", ".*#\\s*$"],
+        "expect_timeout": 60,
+        "strip_top": 1,
+        "strip_down": 0,
+        "cleanup_patterns": []
+      },
+      {
+        "name": "conf_fgrulebases",
+        "storage": "conf_fgrulebases_5_0.C.cfg",
+        "send": ["cat $FWDIR/conf/fgrulebases_5_0.fws"],
+        "expect": ["\\[.*\\]#\\s*$", ".*#\\s*$"],
+        "expect_timeout": 60,
+        "strip_top": 1,
+        "strip_down": 0,
+        "cleanup_patterns": []
+      },
+      {
+        "name": "conf_log_policy",
+        "storage": "conf_log_policy.cfg",
+        "send": ["cat $FWDIR/conf/log_policy.C"],
+        "expect": ["\\[.*\\]#\\s*$", ".*#\\s*$"],
+        "expect_timeout": 60,
+        "strip_top": 1,
+        "strip_down": 0,
+        "cleanup_patterns": []
+      },
+      {
+        "name": "conf_smtp",
+        "storage": "conf_smtp.cfg",
+        "send": ["cat $FWDIR/conf/smtp.conf"],
+        "expect": ["\\[.*\\]#\\s*$", ".*#\\s*$"],
+        "expect_timeout": 60,
+        "strip_top": 1,
+        "strip_down": 0,
+        "cleanup_patterns": []
+      },
+      {
+        "name": "conf_thresholds",
+        "storage": "conf_thresholds.cfg",
+        "send": ["cat $FWDIR/conf/thresholds.conf"],
+        "expect": ["\\[.*\\]#\\s*$", ".*#\\s*$"],
+        "expect_timeout": 60,
+        "strip_top": 1,
+        "strip_down": 0,
+        "cleanup_patterns": []
+      },
+      {
+        "name": "db_objects",
+        "storage": "db_objects.C.cfg",
+        "send": ["cat $FWDIR/database/objects.C"],
+        "expect": ["\\[.*\\]#\\s*$", ".*#\\s*$"],
+        "expect_timeout": 300,
+        "strip_top": 1,
+        "strip_down": 0,
+        "cleanup_patterns": []
+      },
+      {
+        "name": "db_rules",
+        "storage": "db_rules.C.cfg",
+        "send": ["cat $FWDIR/database/rules.C"],
+        "expect": ["\\[.*\\]#\\s*$", ".*#\\s*$"],
+        "expect_timeout": 300,
+        "strip_top": 1,
+        "strip_down": 0,
+        "cleanup_patterns": []
+      }
+    ]
+}

src/dist/profiles/Cisco-Enable_Generic.json

@@ -0,0 +1,88 @@
+{
+    "name": "Cisco-Enable_Generic",
+    "access": {
+        "timeout": 30,
+        "prompt_standard": [".*>\\s*$"],
+        "cmds_superusr": ["enable"],
+        "expect_superusr_prompt": [".*#\\s*$"],
+        "expect_timeout": 30,
+        "expect_bufferSize": 3072,
+        "cmds_disable_more_prompt": ["terminal length 0"],
+        "expect_disable_more_prompt": [".*#\\s*$"],
+        "cmds_post_login": [],
+        "expect_post_login": [],
+        "cmds_disconnect": ["exit"]
+    },
+    "commands": [
+      {
+        "name": "running-config",
+        "storage": "running-config.cfg",
+        "send": ["show running-config"],
+        "expect": ["\\r\\n.*#\\s*$","\\r\\n\\r\\n.*#\\s*$",".*#\\s*$"],
+        "expect_timeout": 300,
+        "strip_top": 1,
+        "strip_down": 0,
+        "cleanup_patterns": ["/\\r/g","", "/ --More-- [\\\\x8]+ +[\\\\x8]+/g","", "/(?m)^!Time:\\s.*/","", "/(Load for|Time source is|Current configuration :) .*\\n/g","", "/Building configuration\\.\\.\\.\\s+/","", "/(tacacs-server key).*/g","!$1 <REMOVED>", "/(enable (secret|password)).*/g","!$1 <REMOVED>", "/(?m)^(username.*secret).*/g","!$1 <REMOVED>", "/(?m)^(\\s+password)\\s+.*/g","!$1 <REMOVED>", "/(crypto isakmp key).*(address.*)/g","!$1 <REMOVED> $2", "/(ntp clock-period).*/g","!$1 <REMOVED>", "/(?m)^(username.*password\\s\\d+).*(role.*)/g","!$1 <REMOVED> $2"]
+      },
+      {
+        "name": "startup-config",
+        "storage": "startup-config.cfg",
+        "send": ["show startup-config"],
+        "expect": ["\\r\\n.*#\\s*$","\\r\\n\\r\\n.*#\\s*$",".*#\\s*$"],
+        "expect_timeout": 300,
+        "strip_top": 1,
+        "strip_down": 0,
+        "cleanup_patterns": ["/\\r/g","", "/ --More-- [\\\\x8]+ +[\\\\x8]+/g","", "/(?m)^!Time:\\s.*/","", "/(Load for|Time source is|Current configuration :) .*\\n/g","", "/Building configuration\\.\\.\\.\\s+/","", "/(tacacs-server key).*/g","!$1 <REMOVED>", "/(enable (secret|password)).*/g","!$1 <REMOVED>", "/(?m)^(username.*secret).*/g","!$1 <REMOVED>", "/(?m)^(\\s+password)\\s+.*/g","!$1 <REMOVED>", "/(crypto isakmp key).*(address.*)/g","!$1 <REMOVED> $2", "/(?m)^(username.*password\\s\\d+).*(role.*)/g","!$1 <REMOVED> $2"]
+      },
+      {
+        "name": "version",
+        "storage": "version.cfg",
+        "send": ["show version"],
+        "expect": ["\\r\\n.*#\\s*$",".*#\\s*$"],
+        "expect_timeout": 30,
+        "strip_top": 1,
+        "strip_down": 0,
+        "cleanup_patterns": ["/\\r/g","", "/ --More-- [\\\\x8]+ +[\\\\x8]+/g","", "/(?i).*uptime.*/g","", "/(?i).*restarted at.*/g",""]
+      },
+      {
+        "name": "flash",
+        "storage": "flash.cfg",
+        "send": ["show flash"],
+        "expect": ["\\r\\n.*#\\s*$",".*#\\s*$"],
+        "expect_timeout": 30,
+        "strip_top": 1,
+        "strip_down": 0,
+        "cleanup_patterns": ["/\\r/g","", "/ --More-- [\\\\x8]+ +[\\\\x8]+/g","", "/.*(Ambiguous command|Invalid input detected at|Invalid command at).*/g","", "/(?m)^\\s*\\^\\s*$/g",""]
+      },
+      {
+        "name": "vlan",
+        "storage": "vlan.cfg",
+        "send": ["show vlan"],
+        "expect": ["\\r\\n.*#\\s*$",".*#\\s*$"],
+        "expect_timeout": 60,
+        "strip_top": 1,
+        "strip_down": 0,
+        "cleanup_patterns": ["/\\r/g","", "/ --More-- [\\\\x8]+ +[\\\\x8]+/g","", "/.*(Ambiguous command|Invalid input detected at|Invalid command at).*/g","", "/(?m)^\\s*\\^\\s*$/g",""]
+      },
+      {
+        "name": "vlan-switch",
+        "storage": "vlan-switch.cfg",
+        "send": ["show vlan-switch"],
+        "expect": ["\\r\\n.*#\\s*$",".*#\\s*$"],
+        "expect_timeout": 30,
+        "strip_top": 1,
+        "strip_down": 0,
+        "cleanup_patterns": ["/\\r/g","", "/ --More-- [\\\\x8]+ +[\\\\x8]+/g","", "/.*(Ambiguous command|Invalid input detected at|Invalid command at).*/g","", "/(?m)^\\s*\\^\\s*$/g",""]
+      },
+      {
+        "name": "vtp",
+        "storage": "vtp.cfg",
+        "send": ["show vtp status"],
+        "expect": ["\\r\\n.*#\\s*$",".*#\\s*$"],
+        "expect_timeout": 30,
+        "strip_top": 1,
+        "strip_down": 0,
+        "cleanup_patterns": ["/\\r/g","", "/ --More-- [\\\\x8]+ +[\\\\x8]+/g","", "/.*(Ambiguous command|Invalid input detected at|Invalid command at).*/g","", "/(?m)^\\s*\\^\\s*$/g",""]
+      }
+    ]
+}