############################################################################################################# #Telnet ftp and http with client authentication partily automatic #The authentication methods are: FW-1 #first try to open with client authentication and then without. ############################################################################################################# #[BLACKBOX_SECTION] #----------------------------------------- START BLACKBOX SECTION -----------------------------------------# # use strict; use TOP_005_BLACKBOX; # &BlackBox::BlackBox (arguments) # # first arg is mandatory and it should be a string with TOPOLOGY_NAME (e.g. "TOP_05_BLACKBOX") # second argument config_mode is mandatory and is a string with the value "create" or "restore" # this second value dictates if the BlackBox will "create" the configuration from scratch # or will use "restore" database feature if a suitable database is found on the primary management machine # the default value for this argument is use "restore" if available # for more details on create/restore configuration # see documentation at $DOCUMENTATION_PATH # # we should pass all the machines required by the topology to the BlackBox sub-routine # usually machines are passed in order fw_machines first then fw_hosts and then external hosts, etc. # within each group order is by the name fw_machine_1, 2, ... # # &BlackBox::BlackBox returns a reference to a hash ($blackbox_rethash) # this hash contains information later required by the QTL script # for example the management DN, master_ip, admin_user, admin passwd, etc. # my $config_mode = $BlackBox::DEFAULT_CONFIG_MODE; # my $blackbox_rethash = &TOP_005_BLACKBOX::BlackBox($config_mode); # # variables from BlackBox that are required locally # my $ADMIN_USERNAME = $blackbox_rethash->{'admin_user'}; my $ADMIN_PASSWORD = $blackbox_rethash->{'admin_passwd'}; my $MASTER_IP = $blackbox_rethash->{'master_ip'}; my $topology = $blackbox_rethash->{'topology_name'}; my $entity_name = $blackbox_rethash->{'entity_name'}; my $actual_config_mode = $blackbox_rethash->{'config_mode'}; my $management_1 = $blackbox_rethash->{'management_1'}; my $module_1 = $blackbox_rethash->{'module_1'}; my $DN_fw_machine_2 = $blackbox_rethash->{'dn'}; # #------------------------------------------ END BLACKBOX SECTION ------------------------------------------# #[/BLACKBOX_SECTION_END] my $FW_POLICY = "clau001.W"; my $DN = $DN_fw_machine_2; my $CPMI_SUFFIX = ".cpmi"; if ($actual_config_mode eq "create") { $master->print("The actual config mode was $actual_config_mode "); #amos add #--------------------------------------------------------configure the main cpmi scripts---------------------------------------------------------------------- #copy the main cpmi files to work directory my $main1 = $master->shell("cp " . $master->fb_db . "/fwconf/5.0/cpmi_scripts/main1.cpmi " . $master->work_dir . "\\main1.cpmi"); QTL::force((($main1->exitcode eq "0")), "Failed to copy main1->cpmi file to master's work directory"); my $main2 = $master->shell("cp " . $master->fb_db . "/fwconf/5.0/cpmi_scripts/main2.cpmi " . $master->work_dir . "\\main2.cpmi"); QTL::force((($main2->exitcode eq "0")), "Failed to copy main2->cpmi file to master's work directory"); my $main3 = $master->shell("cp " . $master->fb_db . "/fwconf/5.0/cpmi_scripts/main3.cpmi " . $master->work_dir . "\\main3.cpmi"); QTL::force((($main3->exitcode eq "0")), "Failed to copy main3->cpmi file to master's work directory"); #configure the ip of internal network my $to_network1 = $master->shell("cp " . $master->fb_db . "/fwconf/5.0/files/to_network.pl " . $master->work_dir . "\\to_network.pl"); QTL::force((($to_network1->exitcode eq "0")), "Failed to copy to_network.pl file to master's work directory"); my $to_network2 = $master->shell("perl " . $master->work_dir . "/to_network.pl " . $fw_machine_1->ip_2); QTL::force((($to_network2->exitcode eq "0")), "Failed to run to_network.pl file"); my $to_network3 = $master->find_str("-reg (/(\\d+\\.\\d+\\.\\d+\\.\\d+)/) " . $to_network2->outfile); QTL::force((($to_network3->result eq "success")), "Failed to get the network ip!"); my $network_ip = $to_network3->dollar1; #-----start with transforms-------- my $to_network4 = $master->transform("-v NETWORK_IP -d $network_ip " . $master->work_dir . "\\main1.cpmi"); QTL::force((($to_network4->number_of_transform eq "1")), "Failed to update the network ip in main1->cpmi script!"); my $main4 = $master->transform("-v FW_MACHINE_1_HOSTNAME_1 -d " . $fw_machine_1->hostname_1 . " " . $master->work_dir . "\\main1.cpmi"); QTL::force((($main4->result eq "success")), "Failed to update fw_machine_1 name in main1->cpmi script!"); #achtung its because the script was for standalone my $main5 = $master->transform("-v FW_MACHINE_1_IP_1 -d " . $fw_machine_2->ip_1 . " " . $master->work_dir . "\\main1.cpmi"); QTL::force((($main5->result eq "success")), "Failed to update fw_machine_1 IP in main1->cpmi script!"); my $main6 = $master->transform("-v FW_MACHINE_1_IP_1 -d " . $fw_machine_2->ip_1 . " " . $master->work_dir . "\\main2.cpmi"); QTL::force((($main6->result eq "success")), "Failed to update fw_machine_2 IP in main2->cpmi script!"); my $main7 = $master->transform("-v FW_MACHINE_1_IP_1 -d " . $fw_machine_2->ip_1 . " " . $master->work_dir . "\\main3.cpmi"); QTL::force((($main7->result eq "success")), "Failed to update fw_machine_2 IP in main3->cpmi script!"); my $main8 = $master->transform("-v FW_HOST_1_HOSTNAME_1 -d " . $fw_host_1->hostname_1 . " " . $master->work_dir . "\\main1.cpmi"); QTL::force((($main8->result eq "success")), "Failed to update fw_host_1 name in main1->cpmi script!"); my $main24 = $master->transform("-v FW_HOST_1_HOSTNAME_1 -d " . $fw_host_1->hostname_1 . " " . $master->work_dir . "\\main2.cpmi"); QTL::force((($main24->result eq "success")), "Failed to update fw_host_1 name in main2->cpmi script!"); my $main9 = $master->transform("-v FW_HOST_1_IP_1 -d " . $fw_host_1->ip_1 . " " . $master->work_dir . "\\main1.cpmi"); QTL::force((($main9->result eq "success")), "Failed to update fw_machine_1 IP in main1->cpmi script!"); my $main10 = $master->transform("-v FW_HOST_1_IP_1 -d " . $fw_host_1->ip_1 . " " . $master->work_dir . "\\main2.cpmi"); QTL::force((($main10->result eq "success")), "Failed to update the fw_host_1 name in main2->cpmi script!"); my $main11 = $master->transform("-v FW_HOST_1_IP_1 -d " . $fw_host_1->ip_1 . " " . $master->work_dir . "\\main3.cpmi"); QTL::force((($main11->result eq "success")), "Failed to update the fw_host_1 IP in main3->cpmi script!"); my $main12 = $master->transform("-v HOST_1_HOSTNAME_1 -d " . $host_1->hostname_1 . " " . $master->work_dir . "\\main1.cpmi"); QTL::force((($main12->result eq "success")), "Failed to update the host_1 name in main1->cpmi script!"); my $main13 = $master->transform("-v HOST_1_HOSTNAME_1 -d " . $host_1->hostname_1 . " " . $master->work_dir . "\\main2.cpmi"); QTL::force((($main13->result eq "success")), "Failed to update the host_1 name in main2->cpmi script!"); my $main14 = $master->transform("-v HOST_1_HOSTNAME_1 -d " . $host_1->hostname_1 . " " . $master->work_dir . "\\main3.cpmi"); QTL::force((($main14->result eq "success")), "Failed to update the host_1 name in main3->cpmi script!"); my $main15 = $master->transform("-v HOST_1_IP_1 -d " . $host_1->ip_1 . " " . $master->work_dir . "\\main1.cpmi"); QTL::force((($main15->result eq "success")), "Failed to update the host_1 IP in main1->cpmi script!"); my $main16 = $master->transform("-v HOST_1_IP_1 -d " . $host_1->ip_1 . " " . $master->work_dir . "\\main2.cpmi"); QTL::force((($main16->result eq "success")), "Failed to update the host_1 IP in main2->cpmi script!"); my $main17 = $master->transform("-v HOST_1_IP_1 -d " . $host_1->ip_1 . " " . $master->work_dir . "\\main3.cpmi"); QTL::force((($main17->result eq "success")), "Failed to update the host_1 IP in main3->cpmi script!"); my $main18 = $master->transform("-v HOST_2_HOSTNAME_1 -d " . $host_2->hostname_1 . " " . $master->work_dir . "\\main1.cpmi"); QTL::force((($main18->result eq "success")), "Failed to update the host_2 name in main1->cpmi script!"); my $main19 = $master->transform("-v HOST_2_IP_1 -d " . $host_2->ip_1 . " " . $master->work_dir . "\\main1.cpmi"); QTL::force((($main19->result eq "success")), "Failed to update the host_2 IP in main1->cpmi script!"); my $main20 = $master->transform("-v SIC_NAME -d $DN " . $master->work_dir . "\\main1.cpmi"); QTL::force(($main20->number_of_transform eq "1"), "Failed to update the DN in main1->cpmi script!"); my $main21 = $master->transform("-v SIC_NAME -d $DN " . $master->work_dir . "\\main2.cpmi"); QTL::force(($main21->number_of_transform eq "1"), "Failed to update the DN in main2->cpmi script!"); my $main22 = $master->transform("-v SIC_NAME -d $DN " . $master->work_dir . "\\main3.cpmi"); QTL::force(($main22->number_of_transform eq "1"), "Failed to update the DN in main3->cpmi script!"); my $main23 = $master->transform("-v mxname -d mail" . $host_1->hostname_1 . " " . $master->work_dir . "\\main2.cpmi"); QTL::force(($main23->number_of_transform eq "1"), "Failed to update the host_1 mail name in main2->cpmi script!"); #------------------------------------------Execute the main cpmi scripts--------------------------------- my $cpmi_exec_main1 = $master->shell($master->aig_dir . "\\common\\bin\\CpmiUI -o 1 " . $master->work_dir . "\\main1.cpmi"); QTL::force(($cpmi_exec_main1->exitcode eq "0"), "Failed to run CpmiUI with main1->cpmi script!"); my $look_for_success = $master->find_str("-l \"Update and object and succeeded\" " . $cpmi_exec_main1->outfile); QTL::warn((($look_for_success->number_of_lines_matched eq "44") or ($look_for_success->number_of_lines_matched eq "42")), "Mismatch found in the number of updated objects expected from main1->cpmi script!"); my $look_for_fail = $master->find_str("-l \"fail or Fail\" " . $cpmi_exec_main1->outfile); QTL::warn((($look_for_fail->result eq "failure") or ($look_for_success->number_of_lines_matched eq "42")), "Some of the objects update via main1->cpmi script may have failed!"); my $cpmi_exec_main2 = $master->shell($master->aig_dir . "\\common\\bin\\CpmiUI -o 1 " . $master->work_dir . "\\main2.cpmi"); QTL::force(($cpmi_exec_main2->exitcode eq "0"), "Failed to run CpmiUI with main2->cpmi script!"); my $look_for_success2 = $master->find_str("-l \"Update and object and succeeded\" " . $cpmi_exec_main2->outfile); QTL::warn(($look_for_success2->number_of_lines_matched eq "19"), "Mismatch found in the number of updated objects expected from main2->cpmi script!"); my $look_for_fail2 = $master->find_str("-l \"fail or Fail\" " . $cpmi_exec_main2->outfile); QTL::warn(($look_for_fail2->result eq "failure"), "Some of the objects updates via main2->cpmi script may have failed!"); my $cpmi_exec_main3 = $master->shell($master->aig_dir . "\\common\\bin\\CpmiUI -o 1 " . $master->work_dir . "\\main3.cpmi"); QTL::force(($cpmi_exec_main3->exitcode eq "0"), "Failed to run CpmiUI with main3->cpmi script!"); my $look_for_success3 = $master->find_str("-l \"Update and object and succeeded\" " . $cpmi_exec_main3->outfile); QTL::warn(($look_for_success3->number_of_lines_matched eq "22"), "Mismatch found in the number of updated objects expected from main3->cpmi script!"); my $look_for_fail3 = $master->find_str("-l \"fail or Fail\" " . $cpmi_exec_main3->outfile); QTL::warn(($look_for_fail3->result eq "failure"), "Some of the objects update via main1->cpmi script may have failed!"); #-------------------------------End of main cpmi scripts execution-------------------------------------------- # # create the Revision Control data for this topology &BlackBox::Create_DB($management_1, $topology); # } ## end if ($actual_config_mode... #[POLICIES_CREATION] #Copy the policies CPMI files to work directory my $FW_POLICY_CPMI_FILE = "$FW_POLICY$CPMI_SUFFIX"; my $copy_policy = $master->shell("cp " . $master->fb_db . "\\fwconf\\5.0\\enfdb\\$FW_POLICY_CPMI_FILE " . $master->work_dir . "\\."); QTL::force(($copy_policy->exitcode eq "0")); my $transform_policy_1 = $master->transform("-v ADMIN_USERNAME -d $ADMIN_USERNAME " . $master->work_dir . "\\$FW_POLICY_CPMI_FILE"); my $transform_policy_2 = $master->transform("-v ADMIN_PASSWORD -d $ADMIN_PASSWORD " . $master->work_dir . "\\$FW_POLICY_CPMI_FILE"); #achtung my $transform_policy_3 = $master->transform("-v FW_MACHINE_1_IP_1 -d " . $fw_machine_2->ip_1 . " " . $master->work_dir . "\\$FW_POLICY_CPMI_FILE"); my $transform_policy_4 = $master->transform("-v SIC_NAME -d $DN " . $master->work_dir . "\\$FW_POLICY_CPMI_FILE"); QTL::force(((($transform_policy_1->number_of_transform eq "1") and ($transform_policy_2->number_of_transform eq "1") and ($transform_policy_3->number_of_transform eq "1") and ($transform_policy_4->number_of_transform eq "1"))), "Failed to update $FW_POLICY_CPMI_FILE properly!"); my $cpmi_exec_policies = $master->shell($master->aig_dir . "\\common\\bin\\CpmiUI -o 1 " . $master->work_dir . "\\$FW_POLICY_CPMI_FILE"); QTL::force((($cpmi_exec_policies->exitcode eq "0")), "Failed to run CPMI with $FW_POLICY_CPMI_FILE script!"); #[\POLICIES_CREATION] #put configuration files my $put2 = $fw_host_1->put_file("-o " . $master->fb_db . "/fwconf/5.0/files NetAPS_Template.conf.opsec to " . $fw_host_1->aig_dir . "/prod/fireball-1/conf NetAPS_Template.conf.opsec"); QTL::force((($put2->result eq "success")), "Failed to pass file " . $master->fb_db . "/fwconf/5.0/files/NetAPS_Template.conf.opsec to fw_host_1!"); my $put3 = $host_1->put_file("-o " . $master->fb_db . "/fwconf/5.0/files NetAPS_Template.conf.opsec to " . $host_1->aig_dir . "/prod/fireball-1/conf NetAPS_Template.conf.opsec"); QTL::force((($put3->result eq "success")), "Failed to pass file " . $master->fb_db . "/fwconf/5.0/files/NetAPS_Template.conf.opsec to host_1!"); my $put4 = $fw_host_1->put_file("-o " . $master->fb_db . "/fwconf/5.0/files NetAPS_Template.conf.smtp to " . $fw_host_1->aig_dir . "/prod/fireball-1/conf NetAPS_Template.conf.smtp"); QTL::force((($put4->result eq "success")), "Failed to pass file " . $master->fb_db . "/fwconf/5.0/files/NetAPS_Template.conf.smtp to fw_host_1!"); my $put5 = $host_1->put_file("-o " . $master->fb_db . "/fwconf/5.0/files NetAPS_Template.conf.smtp to " . $host_1->aig_dir . "/prod/fireball-1/conf NetAPS_Template.conf.smtp"); QTL::force((($put5->result eq "success")), "Failed to pass file " . $master->fb_db . "/fwconf/5.0/files/NetAPS_Template.conf.smtp to host_1!"); my $put6 = $fw_host_1->put_file("-o " . $master->fb_db . "/fwconf/5.0/files gfile to /tmp gfile"); QTL::force((($put6->result eq "success")), "Failed to pass file " . $master->fb_db . "/fwconf/5.0/files/NetAPS_Template.conf.smtp to host_1!"); my $put7 = $host_1->put_file("-o " . $master->fb_db . "/fwconf/5.0/files gfile to /tmp gfile"); QTL::force((($put7->result eq "success")), "Failed to pass file " . $master->fb_db . "/fwconf/5.0/files/gfile to /tmp directory on host_1!"); my $put10 = $host_1->put_file("-o " . $master->fb_db . "/fwconf/5.0/files virustest.exe to /tmp virustest.exe"); QTL::force((($put10->result eq "success")), $master->fb_db . "/fwconf/5.0/files/virustest.exe to /tmp directory on host_1!"); my $put11 = $fw_host_1->put_file("-o " . $master->fb_db . "/fwconf/5.0/files virustest.exe to /tmp virustest.exe"); QTL::force((($put11->result eq "success")), $master->fb_db . "/fwconf/5.0/files/virustest.exe to /tmp directory on fw_host_1!"); my $put12 = $fw_host_1->put_file("-o " . $master->fb_db . "/fwconf/5.0/files SessionAgent to /tmp SessionAgent"); QTL::force((($put12->result eq "success")), $master->fb_db . "/fwconf/5.0/files/SessionAgent to /tmp directory on fw_host_1!"); my $chmod_sa = $fw_host_1->shell("chmod 777 /tmp/SessionAgent"); QTL::force((($chmod_sa->exitcode eq "0")), "Failed to change the permissions of /tmp/SessionAgent directory of fw_host_1 to 777!"); my $load = $fw_machine_2->fwload("$FW_POLICY " . $fw_machine_1->hostname_1); QTL::force((($load->result eq "success")), "Failed to load $FW_POLICY policy on Fw module!"); $master->shell("sleep 2"); my $logswitch = $fw_machine_2->fwlogswitch(); QTL::warn((($logswitch->result eq "success")), "fw logswitch command on the Fw management Failed!"); #-------------------------------------------------------------end of StandardInit macro--------------------------------------------------------------------------------- #label_host_2::init host_2 #force ($label_host_2.result==success) ################################################### #fw-1 Auth telnet ################################################### my $mca11 = $fw_machine_2->fwload("$FW_POLICY " . $fw_machine_1->hostname_1); QTL::force(($mca11->result eq "success")); $master->shell("sleep 10"); my $mca21 = $fw_machine_2->fwlogswitch(); QTL::force(($mca21->result eq "success")); my $mca31 = $host_1->shell("-exec_mode async tcpdump -c 3 port 23 and host " . $fw_host_1->ip_1); QTL::force((($mca31->state eq "running")), "failed to start tcpdump on host_1"); my $mca41 = $fw_host_1->open_conn("-exec_timeout 60 -context opsec -cat -s " . $fw_machine_1->ip_1 . " -fu aa -fp aaaa -st 1"); QTL::force((($mca41->result eq "success")), "failed to open connection with user aa and auth server FireWall-1"); $master->shell("sleep 2"); my $mca51 = $fw_host_1->open_conn("-exec_timeout 60 -context opsec -c telnet -s " . $host_1->ip_1 . " -su root -sp zubur"); QTL::force((($mca51->result eq "success")), "failed to open connection with user aa and auth server FireWall-1"); $master->shell("sleep 5"); my $mca61 = $fw_machine_2->checklog("-resolve -n 1 -query (action =~ authorize and src =~ " . $fw_host_1->ip_1 . " and service =~ telnet and user =~ aa and reason =~ FireWall-1 )"); QTL::warn((($mca61->result eq "success")), "checklog failed to find a log with user aa"); QTL::force((($mca31->state eq "finished")), "tcpdump should be finished on host_1 and it is not"); ################################################### #fw-1 Auth http ################################################### my $mca_http11 = $fw_machine_2->fwload("$FW_POLICY " . $fw_machine_1->hostname_1); QTL::force(($mca_http11->result eq "success")); $master->shell("sleep 10"); my $mca_http21 = $fw_machine_2->fwlogswitch(); QTL::force(($mca_http21->result eq "success")); my $mca_http31 = $host_1->shell("-exec_mode async tcpdump -c 3 port 80 and host " . $fw_host_1->ip_1); QTL::force((($mca_http31->state eq "running")), "failed to start tcpdump on host_1"); my $mca_http41 = $fw_host_1->open_conn("-exec_timeout 60 -context opsec -cat -s " . $fw_machine_1->ip_1 . " -fu aa -fp aaaa -st 1"); QTL::force((($mca_http41->result eq "success")), "failed to open connection with user aa and auth server FireWall-1"); $master->shell("sleep 2"); my $mca_http51 = $fw_host_1->open_conn("-exec_timeout 60 -context opsec -c http -s " . $host_1->ip_1 . " -p /index.html"); QTL::force((($mca_http51->result eq "success")), "failed to open connection with user aa and auth server FireWall-1"); $master->shell("sleep 5"); my $mca_http61 = $fw_machine_2->checklog("-resolve -n 1 -query (action =~ accept and src =~ " . $fw_host_1->ip_1 . " and service =~ http and user =~ aa)"); QTL::warn((($mca_http61->result eq "success")), "checklog failed to find a log with user aa"); QTL::force((($mca_http31->state eq "finished")), "tcpdump should be finished on host_1 and it is not"); ################################################### #fw-1 Auth ftp ################################################### my $mca_ftp11 = $fw_machine_2->fwload("$FW_POLICY " . $fw_machine_1->hostname_1); QTL::force(($mca_ftp11->result eq "success")); $master->shell("sleep 10"); my $mca_ftp21 = $fw_machine_2->fwlogswitch(); QTL::force(($mca_ftp21->result eq "success")); my $mca_ftp31 = $host_1->shell("-exec_mode async tcpdump -c 3 port 21 and host " . $fw_host_1->ip_1); QTL::force((($mca_ftp31->state eq "running")), "failed to start tcpdump on host_1"); my $mca_ftp41 = $fw_host_1->open_conn("-exec_timeout 60 -context opsec -cat -s " . $fw_machine_1->ip_1 . " -fu aa -fp aaaa -st 1"); QTL::force((($mca_ftp41->result eq "success")), "failed to open connection with user aa and auth server FireWall-1"); $master->shell("sleep 2"); my $mca_ftp51 = $fw_host_1->open_conn("-exec_timeout 60 -context opsec -c ftp -s " . $host_1->ip_1 . " -remote_file /etc/hosts -su root -sp zubur"); QTL::force((($mca_ftp51->result eq "success")), "failed to open connection with user aa and auth server FireWall-1"); $master->shell("sleep 5"); my $mca_ftp61 = $fw_machine_2->checklog("-resolve -n 1 -query (action =~ accept and src =~ " . $fw_host_1->ip_1 . " and service =~ ftp and user =~ aa)"); QTL::warn((($mca_ftp61->result eq "success")), "checklog failed to find a log with user aa"); QTL::force((($mca_ftp31->state eq "finished")), "tcpdump should be finished on host_1 and it is not"); ##################################################################################################################################### #NOW TRY TO CONNECT WITH WRONG PASSWORD. ##################################################################################################################################### ################################################### #fw-1 Auth telnet WRONG PASSWORD. ################################################### my $mca18 = $fw_machine_2->fwload("$FW_POLICY " . $fw_machine_1->hostname_1); QTL::force(($mca18->result eq "success")); $master->shell("sleep 10"); my $mca28 = $fw_machine_2->fwlogswitch(); QTL::force(($mca28->result eq "success")); my $mca38 = $host_1->shell("-exec_mode async tcpdump -c 3 port 23 and host " . $fw_host_1->ip_1); QTL::force((($mca38->state eq "running")), "failed to start tcpdump on host_1"); my $mca48 = $fw_host_1->open_conn("-exec_timeout 60 -context opsec -cat -s " . $fw_machine_1->ip_1 . " -fu aa -fp abcd -st 1"); QTL::force((($mca48->result eq "failure")), "success to open connection with user aa and auth server FireWall-1"); $master->shell("sleep 2"); my $mca58 = $fw_host_1->open_conn("-exec_timeout 60 -context opsec -c telnet -s " . $host_1->ip_1 . " -su root -sp zubur"); QTL::force((($mca58->result eq "failure")), "success to open connection with user aa and auth server FireWall-1"); $master->shell("sleep 5"); my $mca68 = $fw_machine_2->checklog("-resolve -n 1 -query (action =~ authorize and src =~ " . $fw_host_1->ip_1 . " and service =~ FW1_clntauth_telnet and user =~ aa and reason =~ FireWall-1 )"); QTL::warn((($mca68->result eq "failure")), "checklog success to find a log with user aa"); QTL::force((($mca38->state eq "running")), "tcpdump should be running on host_1 and it is not"); ################################################### #fw-1 Auth http WRONG PASSWORD. ################################################### my $mca_http18 = $fw_machine_2->fwload("$FW_POLICY " . $fw_machine_1->hostname_1); QTL::force(($mca_http18->result eq "success")); $master->shell("sleep 10"); my $mca_http28 = $fw_machine_2->fwlogswitch(); QTL::force(($mca_http28->result eq "success")); my $mca_http38 = $host_1->shell("-exec_mode async tcpdump -c 3 port 80 and host " . $fw_host_1->ip_1); QTL::force((($mca_http38->state eq "running")), "failed to start tcpdump on host_1"); my $mca_http48 = $fw_host_1->open_conn("-exec_timeout 60 -context opsec -cat -s " . $fw_machine_1->ip_1 . " -fu aa -fp abcd -st 1"); QTL::force((($mca_http48->result eq "failure")), "success to open connection with wrong password for user and auth server FireWall-1"); $master->shell("sleep 2"); my $mca_http58 = $fw_host_1->open_conn("-exec_timeout 60 -context opsec -c http -s " . $host_1->ip_1 . " -p /index.html"); QTL::force((($mca_http58->result eq "failure")), "success to open connection with wrong password for user and auth server FireWall-1"); $master->shell("sleep 5"); my $mca_http68 = $fw_machine_2->checklog("-resolve -n 1 -query (action =~ authorize and src =~ " . $fw_host_1->ip_1 . " and service =~ FW1_clntauth_telnet and user =~ aa and reason =~ FireWall-1 )"); QTL::warn((($mca_http68->result eq "failure")), "checklog success to find a log with user aa"); QTL::force((($mca_http38->state eq "running")), "tcpdump should be running on host_1 and it is not"); ################################################### #fw-1 Auth ftp WRONG PASSWORD. ################################################### my $mca_ftp18 = $fw_machine_2->fwload("$FW_POLICY " . $fw_machine_1->hostname_1); QTL::force(($mca_ftp18->result eq "success")); $master->shell("sleep 10"); my $mca_ftp28 = $fw_machine_2->fwlogswitch(); QTL::force(($mca_ftp28->result eq "success")); my $mca_ftp38 = $host_1->shell("-exec_mode async tcpdump -c 3 port 21 and host " . $fw_host_1->ip_1); QTL::force((($mca_ftp38->state eq "running")), "failed to start tcpdump on host_1"); my $mca_ftp48 = $fw_host_1->open_conn("-exec_timeout 60 -context opsec -cat -s " . $fw_machine_1->ip_1 . " -fu aa -fp abcd -st 1"); QTL::force((($mca_ftp48->result eq "failure")), "success to open connection with wrong password for user aa and auth server FireWall-1"); $master->shell("sleep 2"); my $mca_ftp58 = $fw_host_1->open_conn("-exec_timeout 60 -context opsec -c ftp -s " . $host_1->ip_1 . " -remote_file /etc/hosts -su root -sp zubur"); QTL::force((($mca_ftp58->result eq "failure")), "success to open connection with wrong password for user aa and auth server FireWall-1"); $master->shell("sleep 5"); my $mca_ftp68 = $fw_machine_2->checklog("-resolve -n 1 -query (action =~ authorize and src =~ " . $fw_host_1->ip_1 . " and service =~ FW1_clntauth_telnet and user =~ aa and reason =~ FireWall-1 )"); QTL::warn((($mca_ftp68->result eq "failure")), "checklog success to find a log with user aa"); QTL::force((($mca_ftp38->state eq "running")), "tcpdump should be running on host_1 and it is not"); #[CONFIGURATION_FILES] #/scripts/Qtl_lib/BlackBox/TOP_005_BLACKBOX.pm #/scripts/Qtl_lib/BlackBox/BlackBox.pm #fwconf/5.0/enfdb/clau001.W.cpmi #fwconf/5.0/enfdb/clau002.W.cpmi #fwconf/5.0/enfdb/clau003.W.cpmi #fwconf/5.0/enfdb/clau004.W.cpmi #fwconf/5.0/enfdb/clau001.W.cpmi #fwconf/5.0/enfdb/clau001.W.cpmi #fwconf/5.0/enfdb/clau008.W.cpmi #fwconf/5.0/enfdb/clau010.W.cpmi #fwconf/5.0/standalone/defaultfilter.pf #fwconf/5.0/cpmi_scripts/main1.cpmi #fwconf/5.0/cpmi_scripts/main2.cpmi #fwconf/5.0/cpmi_scripts/main3.cpmi #fwconf/5.0/cpmi_scripts/predefined.cpmi #fwconf/5.0/files/to_network.pl #fwconf/5.0/files/NetAPS_Template.conf.opsec #fwconf/5.0/files/NetAPS_Template.conf.smtp #fwconf/5.0/files/NetAPS_Template.conf.waitMode #fwconf/5.0/files/gfile #fwconf/5.0/files/discard #fwconf/5.0/files/virustest.exe #fwconf/5.0/files/SessionAgent #[/CONFIGURATION_FILES]