security

package
v0.11.3 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 31, 2024 License: ISC Imports: 7 Imported by: 0

Documentation

Overview

Package security is the client.Policies.Security namespace.

Normalized object: Entry

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func RulesMatch 

func RulesMatch(a, b Entry) bool

Types

type Entry 

type Entry struct {
	Name                            string
	Type                            string
	Description                     string
	Tags                            []string // ordered
	SourceZones                     []string // unordered
	SourceAddresses                 []string // unordered
	NegateSource                    bool
	SourceUsers                     []string // unordered
	HipProfiles                     []string // unordered
	DestinationZones                []string // unordered
	DestinationAddresses            []string // unordered
	NegateDestination               bool
	Applications                    []string // unordered
	Services                        []string // unordered
	Categories                      []string // unordered
	Action                          string
	LogSetting                      string
	LogStart                        bool
	LogEnd                          bool
	Disabled                        bool
	Schedule                        string
	IcmpUnreachable                 bool
	DisableServerResponseInspection bool
	Group                           string
	Targets                         map[string][]string
	NegateTarget                    bool
	Virus                           string
	Spyware                         string
	Vulnerability                   string
	UrlFiltering                    string
	FileBlocking                    string
	WildFireAnalysis                string
	DataFiltering                   string
	GroupTag                        string   // PAN-OS 9.0+
	Uuid                            string   // PAN-OS 9.0+
	SourceDevices                   []string // PAN-OS 10.0+
	DestinationDevices              []string // PAN-OS 10.0+
}

Entry is a normalized, version independent representation of a security rule.

Targets is a map where the key is the serial number of the target device and the value is a list of specific vsys on that device. The list of vsys is nil if all vsys on that device should be included or if the device is a virtual firewall (and thus only has vsys1).

func (*Entry) Copy 

func (o *Entry) Copy(s Entry)

Copy copies the information from source Entry `s` to this object. As the Name and Uuid fields relate to the identify of this object, they are not copied.

func (*Entry) Defaults 

func (o *Entry) Defaults()

Defaults sets params with uninitialized values to their GUI default setting.

The defaults are as follows:

  • Type: "universal"
  • SourceZones: ["any"]
  • SourceAddresses: ["any"]
  • SourceUsers: ["any"]
  • DestinationZones: ["any"]
  • DestinationAddresses: ["any"]
  • Applications: ["any"]
  • Services: ["application-default"]
  • Categories: ["any"]
  • Action: "allow"
  • LogEnd: true

func (Entry) Specify 

func (o Entry) Specify(v version.Number) (string, interface{})

type Firewall 

type Firewall struct {
	// contains filtered or unexported fields
}

Firewall is the client.Policies.PolicyBasedForwarding namespace.

func FirewallNamespace 

func FirewallNamespace(client util.XapiClient) *Firewall

FirewallNamespace returns an initialized namespace.

func (*Firewall) AllFromPanosConfig 

func (c *Firewall) AllFromPanosConfig(vsys string) ([]Entry, error)

AllFromPanosConfig retrieves all objects stored in the retrieved config.

func (*Firewall) AuditCommentHistory 

func (c *Firewall) AuditCommentHistory(vsys, rule, direction string, nlogs, skip int) ([]audit.Comment, error)

AuditCommentHistory returns a chunk of historical audit comment logs.

func (*Firewall) ConfigureRules 

func (c *Firewall) ConfigureRules(vsys string, rules []Entry, auditComments map[string]string, isPolicy bool, move int, oRule string, prevNames []string) error

ConfigureRules configures the given rules on PAN-OS.

It does a mass SET if it can, but will EDIT any rules that are present but differ from what is given.

Audit comments are applied only for rules which are either SET or EDIT'ed.

If isPolicy is true, then any rules not explicitly present in the rules param will be deleted.

Params move and oRule are for moving the group into place after configuration.

Any rule name that appears in prevRules but not in the rules param will be deleted.

func (*Firewall) CurrentAuditComment 

func (c *Firewall) CurrentAuditComment(vsys, rule string) (string, error)

CurrentAuditComment returns the current audit comment.

func (*Firewall) Delete 

func (c *Firewall) Delete(vsys string, e ...interface{}) error

Delete performs DELETE to remove the specified objects.

Objects can be either a string or an Entry object.

func (*Firewall) DeleteAll 

func (c *Firewall) DeleteAll(vsys string) error

DeleteAll removes all security policies from the specified vsys.

func (*Firewall) Edit 

func (c *Firewall) Edit(vsys string, e Entry) error

Edit performs EDIT to configure the specified object.

func (*Firewall) FromPanosConfig 

func (c *Firewall) FromPanosConfig(vsys, name string) (Entry, error)

FromPanosConfig retrieves the object stored in the retrieved config.

func (*Firewall) Get 

func (c *Firewall) Get(vsys, name string) (Entry, error)

Get performs GET to retrieve information for the given object.

func (*Firewall) GetAll 

func (c *Firewall) GetAll(vsys string) ([]Entry, error)

GetAll performs GET to retrieve all objects configured.

func (*Firewall) GetList 

func (c *Firewall) GetList(vsys string) ([]string, error)

GetList performs GET to retrieve a list of all objects.

func (*Firewall) HitCount 

func (c *Firewall) HitCount(vsys string, rules []string) ([]util.HitCount, error)

HitCount gets the rule hit count for the given rules.

If the rules param is nil, then the hit count for all rules is returned.

func (*Firewall) MoveGroup 

func (c *Firewall) MoveGroup(vsys string, movement int, rule string, e ...Entry) error

MoveGroup moves a logical group of security rules somewhere in relation to another security policy.

The `movement` param should be one of the Move constants in the util package.

The `rule` param is the other rule the `movement` param is referencing. If this is an empty string, then the first policy in the group isn't moved anywhere, but all other policies will still be moved to be grouped with the first one.

func (*Firewall) Set 

func (c *Firewall) Set(vsys string, e ...Entry) error

Set performs SET to configure the specified objects.

func (*Firewall) SetAuditComment 

func (c *Firewall) SetAuditComment(vsys, rule, comment string) error

SetAuditComment sets the audit comment for the given rule.

func (*Firewall) Show 

func (c *Firewall) Show(vsys, name string) (Entry, error)

Show performs SHOW to retrieve information for the given object.

func (*Firewall) ShowAll 

func (c *Firewall) ShowAll(vsys string) ([]Entry, error)

ShowAll performs SHOW to retrieve information for all objects.

func (*Firewall) ShowList 

func (c *Firewall) ShowList(vsys string) ([]string, error)

ShowList performs SHOW to retrieve a list of all objects.

func (*Firewall) VerifiableEdit 

func (c *Firewall) VerifiableEdit(vsys string, e ...Entry) error

VerifiableEdit behaves like Edit(), except policies with LogEnd as true will first be created with LogEnd as false, and then a second Set() is performed which will do LogEnd as true.

NOTE: Custom XML unmarshaling is now implemented, making this function unnecessary.

This is due to the unique combination of being a boolean value that is true by default, the XML returned from querying the rule details will omit the LogEnd setting, which will be interpreted as false, when in fact it is true. We can get around this by setting the value to a non-standard value, then back again, in which case it will properly show up in the returned XML.

func (*Firewall) VerifiableSet 

func (c *Firewall) VerifiableSet(vsys string, e ...Entry) error

VerifiableSet behaves like Set(), except policies with LogEnd as true will first be created with LogEnd as false, and then a second Set() is performed which will do LogEnd as true.

NOTE: Custom XML unmarshaling is now implemented, making this function unnecessary.

This is due to the unique combination of being a boolean value that is true by default, the XML returned from querying the rule details will omit the LogEnd setting, which will be interpreted as false, when in fact it is true. We can get around this by setting the value to a non-standard value, then back again, in which case it will properly show up in the returned XML.

type Panorama 

type Panorama struct {
	// contains filtered or unexported fields
}

Panorama is the client.Policies.Security namespace.

The "dg" param in these functions is the device group.

The "base" param in these functions should be one of the rulebase constants in the "util" package.

func PanoramaNamespace 

func PanoramaNamespace(client util.XapiClient) *Panorama

PanoramaNamespace returns an initialized namespace.

func (*Panorama) AllFromPanosConfig 

func (c *Panorama) AllFromPanosConfig(dg, base string) ([]Entry, error)

AllFromPanosConfig retrieves all objects stored in the retrieved config.

func (*Panorama) AuditCommentHistory 

func (c *Panorama) AuditCommentHistory(dg, base, rule, direction string, nlogs, skip int) ([]audit.Comment, error)

AuditCommentHistory returns a chunk of historical audit comment logs.

func (*Panorama) ConfigureRules 

func (c *Panorama) ConfigureRules(dg, base string, rules []Entry, auditComments map[string]string, isPolicy bool, move int, oRule string, prevNames []string) error

ConfigureRules configures the given rules on PAN-OS.

It does a mass SET if it can, but will EDIT any rules that are present but differ from what is given.

Audit comments are applied only for rules which are either SET or EDIT'ed.

If isPolicy is true, then any rules not explicitly present in the rules param will be deleted.

Params move and oRule are for moving the group into place after configuration.

Any rule name that appears in prevRules but not in the rules param will be deleted.

func (*Panorama) CurrentAuditComment 

func (c *Panorama) CurrentAuditComment(dg, base, rule string) (string, error)

CurrentAuditComment returns the current audit comment.

func (*Panorama) Delete 

func (c *Panorama) Delete(dg, base string, e ...interface{}) error

Delete removes the given objects.

Objects can be a string or an Entry object.

func (*Panorama) DeleteAll 

func (c *Panorama) DeleteAll(dg, base string) error

DeleteAll removes all security policies from the specified dg / rulebase.

func (*Panorama) Edit 

func (c *Panorama) Edit(dg, base string, e Entry) error

Edit performs EDIT to configure the specified object.

func (*Panorama) FromPanosConfig 

func (c *Panorama) FromPanosConfig(dg, base, name string) (Entry, error)

FromPanosConfig retrieves the object stored in the retrieved config.

func (*Panorama) Get 

func (c *Panorama) Get(dg, base, name string) (Entry, error)

Get performs GET to retrieve information for the given object.

func (*Panorama) GetAll 

func (c *Panorama) GetAll(dg, base string) ([]Entry, error)

GetAll performs GET to retrieve information for all objects.

func (*Panorama) GetList 

func (c *Panorama) GetList(dg, base string) ([]string, error)

GetList performs GET to retrieve a list of all objects.

func (*Panorama) MoveGroup 

func (c *Panorama) MoveGroup(dg, base string, movement int, rule string, e ...Entry) error

MoveGroup moves a logical group of security rules somewhere in relation to another rule.

The `movement` param should be one of the Move constants in the util package.

The `rule` param is the other rule the `movement` param is referencing. If this is an empty string, then the first policy in the group isn't moved anywhere, but all other policies will still be moved to be grouped with the first one.

func (*Panorama) Set 

func (c *Panorama) Set(dg, base string, e ...Entry) error

Set performs SET to create / update one or more objects.

func (*Panorama) SetAuditComment 

func (c *Panorama) SetAuditComment(dg, base, rule, comment string) error

SetAuditComment sets the audit comment for the given rule.

func (*Panorama) Show 

func (c *Panorama) Show(dg, base, name string) (Entry, error)

Show performs SHOW to retrieve information for the given object.

func (*Panorama) ShowAll 

func (c *Panorama) ShowAll(dg, base string) ([]Entry, error)

ShowAll performs SHOW to retrieve information for all objects.

func (*Panorama) ShowList 

func (c *Panorama) ShowList(dg, base string) ([]string, error)

ShowList performs SHOW to retrieve a list of all objects.

func (*Panorama) VerifiableEdit 

func (c *Panorama) VerifiableEdit(dg, base string, e ...Entry) error

VerifiableEdit behaves like Edit(), except policies with LogEnd as true will first be created with LogEnd as false, and then a second Set() is performed which will do LogEnd as true.

NOTE: Custom XML unmarshaling is now implemented, making this function unnecessary.

This is due to the unique combination of being a boolean value that is true by default, the XML returned from querying the rule details will omit the LogEnd setting, which will be interpreted as false, when in fact it is true. We can get around this by setting the value to a non-standard value, then back again, in which case it will properly show up in the returned XML.

func (*Panorama) VerifiableSet 

func (c *Panorama) VerifiableSet(dg, base string, e ...Entry) error

VerifiableSet behaves like Set(), except policies with LogEnd as true will first be created with LogEnd as false, and then a second Set() is performed which will do LogEnd as true.

NOTE: Custom XML unmarshaling is now implemented, making this function unnecessary.

This is due to the unique combination of being a boolean value that is true by default, the XML returned from querying the rule details will omit the LogEnd setting, which will be interpreted as false, when in fact it is true. We can get around this by setting the value to a non-standard value, then back again, in which case it will properly show up in the returned XML.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.