use strict; ############################################################################################################# #Telnet ftp and http with client authentication partily automatic #The authentication methods are: RADIUS (Levingston), FW-1, TACACS, TACACS plus, Secure ID, IAS, OS. #first try to open with client authentication and then without. ############################################################################################################# my $FW_POLICY="clau001.W"; #[STANDALONE_BLACKBOX] ############################################################################### ### ### ### QTL "Black Box" that configure standalone environment ### ### ### ############################################################################### #$Header: /qa_cvs/qtls/scripts/auth/Attic/clau001.auth,v 1.1.2.1 2003/03/18 12:06:40 obdavid Exp $ #This QTL script describes the process of working with standalone topologies #Included machines - #fw_machine_1 - Vancouver stanalone machine #------------ Configuration part ------------------------------------- #The CPMI Client version vc8 and above #The CPMI Client script name, saved under /usr/local/aig/common/db/fwconf/5.0/standalone/ my $CPMI_SCRIPT = "standalone_setup.cpmi"; #The FireWall-1 CPMI administrator user and password #This is an administrator defined separately for CPMI client operation. my $ADMIN_USERNAME = "cpmi-user"; my $ADMIN_PASSWORD = "cpmi-passwd"; my $CPMI_SUFFIX=".cpmi"; #Get the FireBall-1 3.0 master IP for future use as a CPMI/GUI client my $get_master_ip_1 = $master->shell("ifconfig -a"); QTL::force ((($get_master_ip_1->exitcode eq "0")), "Failed to get the master\'s ip via \'ifconfig -a\' commnad!"); my $get_master_ip_2 = $master->find_str("-reg (/inet addr\\:(.*)\\s+Bcast/) " . $get_master_ip_1->outfile); QTL::force ((($get_master_ip_2->result eq "success")), "Failed to find the master\'s ip in the \'if config -a\' output!"); my $MASTER_IP = $get_master_ip_2->dollar1; #Configure utility variables my $STANDALONE_DIR = $master->fb_db . "\\fwconf\\5.0\\standalone"; #Variables for the clean configuration files my $CONF_DIR = $fw_machine_1->fw_dir . "\\conf"; my $CLEAR_DIR = $master->fw_db . "\\" . $fw_machine_1->fw_build; #cpstart sleep time according to the platform my $print_all_time_machines = $master->print("NT=40 SUN=40 LINUX=40 NOKIA=120 AIX=40 HP=40"); QTL::force ($print_all_time_machines->result eq "success"); my $find_the_platform_time = $master->find_str("-reg (/" . $fw_machine_1->platform . "=(\\d+)/) " . $print_all_time_machines->outfile); QTL::force (($find_the_platform_time->result eq "success"), "Failed to get CPSTART SLEEP TIME value!"); my $CPSTART_SLEEP_TIME = $find_the_platform_time->dollar1; my $PACKAGE_SUFFIX = ".package"; my $PACKAGE_FILE = $fw_machine_1->fw_build . "$PACKAGE_SUFFIX"; #----------- End of configuration part #-------- Step 1 - Connect to the FireWall-1 management ----- #Connect to the FireWall-1 management #Stop the FireWall-1. Do not force it - it might be down already my $stop_fw = $fw_machine_1->cpstop(); #-------- Step 1.1 - Clean up the FWDIR\conf dir of the fw_machine_1 --------- #Create the conf package my $create_package = $master->shell("perl " . $master->aig_dir . "\\common\\scripts\\pack_conf.pl -v " . $fw_machine_1->fw_ver . " -b " . $fw_machine_1->fw_build . " -d " . $fw_machine_1->fw_dir); QTL::force ((($create_package->exitcode eq "0")), "Failed to create the package for the \'conf\' directory!"); #Overwrite/remove database files on the FireWall-1 machine my $delete_conf = $fw_machine_1->rm_rf("-r $CONF_DIR\\*"); QTL::force ((($delete_conf->result eq "success")), "Failed to remove the conf directory from the Firewall management!"); #Transfer the clean objects files my $transfer_conf = $fw_machine_1->put_file("-o $CLEAR_DIR $PACKAGE_FILE to " . $fw_machine_1->work_dir); my $transfer_aiginstaller = $fw_machine_1->put_file("-o " . $master->aig_dir . "\\common\\scripts aiginstaller.pl to " . $fw_machine_1->work_dir); QTL::force ((($transfer_conf->result eq "success") and ($transfer_aiginstaller->result eq "success")), "May fail to pass either the \'conf\' package file or the installation file to Fw machine managemet!"); #Extract the conf package my $extract_conf = $fw_machine_1->shell("perl " . $fw_machine_1->work_dir . "\\aiginstaller.pl -y " . $fw_machine_1->work_dir . "\\$PACKAGE_FILE"); QTL::force ((($extract_conf->exitcode eq "0")), "Failed to create the package for the \'conf\' directory!"); #------------------- End of Step 1.1 ------------------------------------ #-------- Step 1.2 - Reset the internal CA on the FW machine --------- my $reset_ca = $fw_machine_1->shell($fw_machine_1->fw_dir . "\\bin\\fwm sic_reset -yes"); my $reset_ca_2 = $fw_machine_1->shell($fw_machine_1->fw_dir . "\\bin\\fwm sic_reset -yes"); QTL::force (($reset_ca->exitcode eq "0") or ($reset_ca_2->exitcode eq "0")); $master->shell("sleep 5"); #Recreate the internal CA on the management my $recreate_ca = $fw_machine_1->shell("\"" . $fw_machine_1->cpshared_path . "\\bin\\cp_conf\" ca init"); QTL::force ((($recreate_ca->exitcode eq "0")), "Failed to reset the internal CA!"); #NEW in ANC - FQDN configuration in the Internal CA my $fqdn_1 = $fw_machine_1->shell("\"" . $fw_machine_1->cpshared_path . "\\bin\\cp_conf\" ca dns " . $fw_machine_1->hostname_1); my $fqdn_2 = $fw_machine_1->shell("\"" . $fw_machine_1->cpshared_path . "\\bin\\cp_conf\" ca fqdn " . $fw_machine_1->hostname_1); QTL::force ((((($fqdn_1->exitcode eq "0") and ($fw_machine_1->fw_build < "52097")) or (($fqdn_2->exitcode eq "0") and ($fw_machine_1->fw_build >= "52097")) or ($fw_machine_1->fw_build < "52000"))), "Failed to configure the FQDN for the interenal CA!"); #Get the new DN of the FW from the registry my $get_dn_1 = $fw_machine_1->shell("\"" . $fw_machine_1->cpshared_path . "\\bin\\ckp_regedit\" -p software\\checkpoint\\sic"); QTL::force ((($get_dn_1->exitcode eq "0")), "Failed to perform \'ckp_regedit\' command on the Firewall management\'s registry!"); $master->shell("sleep 2"); my $get_dn_2 = $fw_machine_1->find_str("-reg (/(cn=\\S+)\\s+/) " . $get_dn_1->outfile); QTL::force ((($get_dn_2->dollar1 =~ $fw_machine_1->hostname_1)), "Failed to get the new DN of the Firewall management from the registry!"); #Assign a variable for easier use of the DN my $DN = $get_dn_2->dollar1; #------------------- End of Step 1.2 ------------------------------------ #------------------- End of Step 1 -------------------------------------- $master->shell("sleep 5"); #--- Step 2 - Configure administrator and Gui Client for the CPMI Client --- #Create an administrator for the future CPMI Client work my $create_admin_1 = $fw_machine_1->shell("\"" . $fw_machine_1->cpshared_path . "\\bin\\cp_conf\" admin add $ADMIN_USERNAME $ADMIN_PASSWORD w"); my $create_admin_2 = $fw_machine_1->find_str("-l \"successfully or already\" " . $create_admin_1->outfile); QTL::force ((($create_admin_2->result eq "success")), "Failed to add the administrator for the CPMI!"); #Add the master as a Gui_Client for enable connectivity between CPMI client and FireWall-1 management. my $add_gui_cli_1 = $fw_machine_1->shell("\"" . $fw_machine_1->cpshared_path . "\\bin\\cp_conf\" client add $MASTER_IP"); my $add_gui_cli_2 = $fw_machine_1->find_str("-l \"successfully or already\" " . $add_gui_cli_1->outfile); my $add_gui_cli_3 = $fw_machine_1->find_str("-l \"successfully or already\" " . $add_gui_cli_1->errfile); QTL::force ((($add_gui_cli_2->result eq "success") or ($add_gui_cli_3->result eq "success")), "Failed to add the GUI client for the CPMI!"); #-------------- End of Step 2 ------------------------------------------ #------------------- Step 3 - Configure Default Filter that accept port 12321 ----------- #Transfer the new default filter that includes accept for port 12321 my $establsh_conn_1 = $fw_machine_1->put_file("-o $STANDALONE_DIR defaultfilter.pf to " . $fw_machine_1->fw_dir . "\\conf"); QTL::force ((($establsh_conn_1->result eq "success")), "Failed to pass $STANDALONE_DIR\\defaultfilter.pf to fw_machine_1!"); #Remove all information about an old state of the module. Do not force (it - it might not be available my $establsh_conn_2 = $fw_machine_1->rm_rf("-r " . $fw_machine_1->fw_dir . "\\state\\local"); #Compile the new default filter my $establish_conn_3 = $fw_machine_1->shell($fw_machine_1->fw_dir . "\\bin\\comp_init_policy"); my $establish_conn_4 = $fw_machine_1->find_str("-l \"Compiled OK\" " . $establish_conn_3->errfile); QTL::force ((($establish_conn_4->result eq "success")), "Failed to compile the Fireball\'s defaultfilter!"); #------------------- End of Step 3 -------------------------------------- #amos add my $transfer_msg_cnt = $fw_machine_1->put_file("-o $CLEAR_DIR\\conf\\cpsc msg_cnt.C to $CONF_DIR\\cpsc msg_cnt.C"); QTL::force ((($transfer_msg_cnt->result eq "success")), "Failed to pass msg_cnt.C to Fw conf/cpsc directory!"); $master->shell("sleep 5"); #-------------- Step 4 - Start the FireWall-1 machine -------------- my $start_fw_1 = $fw_machine_1->shell("-exec_mode async \"" . $fw_machine_1->cpshared_path . "\\bin\\cpstart\""); $fw_machine_1->shell("sleep 1"); QTL::force ((($start_fw_1->state eq "running")), "Failed to start the Firewall!"); $master->shell("sleep $CPSTART_SLEEP_TIME"); my $start_fw_4 = $fw_machine_1->shell("cpridstart"); QTL::force ((($start_fw_4->exitcode eq "0")), "Failed to strat cprid daemon on fw_machine_1!"); #------------ End of Step 4 ------------------------------------ my $core_collector_module = $fw_machine_1->shell("perl " . $fw_machine_1->aig_dir . "\\prod\\sysinfo\\scripts\\core_collector.pl -space 500"); #Execute sysinfo to collect general information and saves cores if found my $collect_module_cores = $fw_machine_1->sysinfo("-exec_mode async -n -1 -sys=all -freq 30 -core=" . $fw_machine_1->work_dir . "/ -trace-role=fw -trace-name=cpd -trace-name=vpnd -exec=\"perl " . $fw_machine_1->aig_dir . "\\prod\\sysinfo\\scripts\\core_collector.pl \'-space 500\'\""); #-------------- Step 5 - Configure the CPMI Client script on the master -------------- #Copy the CPMI client script to a the working dir for further modifications. my $mod_cpmi_script_1 = $master->shell("cp -vf $STANDALONE_DIR\\$CPMI_SCRIPT " . $master->work_dir . "\\$CPMI_SCRIPT"); QTL::force ((($mod_cpmi_script_1->exitcode eq "0")), "Failed to pass $CPMI_SCRIPT script to the master\'s workdir!"); #Change all requested parameters in the cpmi_script.(e.g. the Administrator username and IP etc ) my $mod_cpmi_script_2 = $master->transform("-v ADMIN_USERNAME -d $ADMIN_USERNAME " . $master->work_dir . "\\$CPMI_SCRIPT"); my $mod_cpmi_script_3 = $master->transform("-v ADMIN_PASSWORD -d $ADMIN_PASSWORD " . $master->work_dir . "\\$CPMI_SCRIPT"); my $mod_cpmi_script_4 = $master->transform("-v FW_MACHINE_1_HOSTNAME_1 -d " . $fw_machine_1->hostname_1 . " " . $master->work_dir . "\\$CPMI_SCRIPT"); my $mod_cpmi_script_5 = $master->transform("-v FW_MACHINE_1_IP_1 -d " . $fw_machine_1->ip_1 . " " . $master->work_dir . "\\$CPMI_SCRIPT"); my $mod_cpmi_script_6 = $master->transform("-v FW_MACHINE_1_IF_1 -d " . $fw_machine_1->if_1 . " " . $master->work_dir . "\\$CPMI_SCRIPT"); my $mod_cpmi_script_7 = $master->transform("-v FW_MACHINE_1_MASK_1 -d " . $fw_machine_1->mask_1 . " " . $master->work_dir . "\\$CPMI_SCRIPT"); my $mod_cpmi_script_8 = $master->transform("-v FW_MACHINE_1_IP_2 -d " . $fw_machine_1->ip_2 . " " . $master->work_dir . "\\$CPMI_SCRIPT"); my $mod_cpmi_script_9 = $master->transform("-v FW_MACHINE_1_IF_2 -d " . $fw_machine_1->if_2 . " " . $master->work_dir . "\\$CPMI_SCRIPT"); my $mod_cpmi_script_10 = $master->transform("-v FW_MACHINE_1_MASK_2 -d " . $fw_machine_1->mask_2 . " " . $master->work_dir . "\\$CPMI_SCRIPT"); my $mod_cpmi_script_11 = $master->transform("-v SIC_NAME -d $DN " . $master->work_dir . "\\$CPMI_SCRIPT"); QTL::force ((($mod_cpmi_script_2->number_of_transform eq "1") and ($mod_cpmi_script_3->number_of_transform eq "1") and ($mod_cpmi_script_4->number_of_transform eq "2") and ($mod_cpmi_script_5->number_of_transform eq "2") and ($mod_cpmi_script_6->number_of_transform eq "1") and ($mod_cpmi_script_7->number_of_transform eq "1") and ($mod_cpmi_script_8->number_of_transform eq "1") and ($mod_cpmi_script_9->number_of_transform eq "1") and ($mod_cpmi_script_10->number_of_transform eq "1") and ($mod_cpmi_script_11->number_of_transform eq "1")), "Failed to edit $CPMI_SCRIPT CPMI script!"); #---------------------------------- End of Step 5 ------------------------------------ $master->shell("sleep 5"); #------------------- Step 6 - Execute the CPMI Client ------------- #Execute the CPMI Client my $exec_cpmi_1 = $master->shell($master->aig_dir . "\\common\\bin\\CpmiUI -o 1 " . $master->work_dir . "\\$CPMI_SCRIPT"); QTL::force ((($exec_cpmi_1->exitcode eq "0")), "Failed to run the CpmiUI with $CPMI_SCRIPT!"); #Check for a success my $exec_cpmi_2 = $master->find_str("-l \"Update and object and " . $fw_machine_1->hostname_1 . " and succeeded\" " . $exec_cpmi_1->outfile); QTL::force ((($exec_cpmi_2->result eq "success")), "Failed to create fw_machine_1 via the CPMI!"); #----------------------------------- End of Step 6 ---------------------------------- #amos add #--------------------------------------------------------configure the main cpmi scripts---------------------------------------------------------------------- #copy the main cpmi files to work directory my $main1 = $master->shell("cp " . $master->fb_db . "/fwconf/5.0/cpmi_scripts/main1.cpmi " . $master->work_dir . "/main1.cpmi"); QTL::force ((($main1->exitcode eq "0")), "Failed to copy main1->cpmi file to master\'s work directory"); my $main2 = $master->shell("cp " . $master->fb_db . "/fwconf/5.0/cpmi_scripts/main2.cpmi " . $master->work_dir . "/main2.cpmi"); QTL::force ((($main2->exitcode eq "0")), "Failed to copy main2->cpmi file to master\'s work directory"); my $main3 = $master->shell("cp " . $master->fb_db . "/fwconf/5.0/cpmi_scripts/main3.cpmi " . $master->work_dir . "/main3.cpmi"); QTL::force ((($main3->exitcode eq "0")), "Failed to copy main3->cpmi file to master\'s work directory"); #configure the ip of internal network my $to_network1 = $master->shell("cp " . $master->fb_db . "/fwconf/5.0/files/to_network.pl " . $master->work_dir . "/to_network.pl"); QTL::force ((($to_network1->exitcode eq "0")), "Failed to copy to_network.pl file to master\'s work directory"); my $to_network2 = $master->shell("perl " . $master->work_dir . "/to_network.pl " . $fw_machine_1->ip_2); QTL::force ((($to_network2->exitcode eq "0")), "Failed to run to_network.pl script"); my $to_network3 = $master->find_str("-reg (/(\\d+\\.\\d+\\.\\d+\\.\\d+)/) " . $to_network2->outfile); QTL::force ((($to_network3->result eq "success")), "Failed to get the network ip!"); my $network_ip=$to_network3->dollar1; #-----start with transforms-------- my $to_network4 = $master->transform("-v NETWORK_IP -d $network_ip " . $master->work_dir . "\\main1.cpmi"); QTL::force ((($to_network4->number_of_transform eq "1")), "Failed to update the network ip in main1->cpmi script!"); my $main4 = $master->transform("-v FW_MACHINE_1_HOSTNAME_1 -d " . $fw_machine_1->hostname_1 . " " . $master->work_dir . "\\main1.cpmi"); QTL::force ((($main4->result eq "success")), "Failed to update the fw_maachine_1 name in main1->cpmi script!"); my $main5 = $master->transform("-v FW_MACHINE_1_IP_1 -d " . $fw_machine_1->ip_1 . " " . $master->work_dir . "\\main1.cpmi"); QTL::force ((($main5->result eq "success")), "Failed to update the Firewall management ip in main1->cpmi script!"); my $main6 = $master->transform("-v FW_MACHINE_1_IP_1 -d " . $fw_machine_1->ip_1 . " " . $master->work_dir . "\\main2.cpmi"); QTL::force ((($main6->result eq "success")), "Failed to update the Firewall management ip in main2->cpmi script!"); my $main7 = $master->transform("-v FW_MACHINE_1_IP_1 -d " . $fw_machine_1->ip_1 . " " . $master->work_dir . "\\main3.cpmi"); QTL::force ((($main7->result eq "success")), "Failed to update the Firewall management ip in main3->cpmi script!"); my $main8 = $master->transform("-v FW_HOST_1_HOSTNAME_1 -d " . $fw_host_1->hostname_1 . " " . $master->work_dir . "\\main1.cpmi"); QTL::force ((($main8->result eq "success")), "Failed to update the fw_host_1 name in main1->cpmi script!"); my $main24 = $master->transform("-v FW_HOST_1_HOSTNAME_1 -d " . $fw_host_1->hostname_1 . " " . $master->work_dir . "\\main2.cpmi"); QTL::force ((($main24->result eq "success")), "Failed to update the fw_host_1 name in main2->cpmi script!"); my $main9 = $master->transform("-v FW_HOST_1_IP_1 -d " . $fw_host_1->ip_1 . " " . $master->work_dir . "\\main1.cpmi"); QTL::force ((($main9->result eq "success")), "Failed to update the fw_host_1 ip in main1->cpmi script!"); my $main10 = $master->transform("-v FW_HOST_1_IP_1 -d " . $fw_host_1->ip_1 . " " . $master->work_dir . "\\main2.cpmi"); QTL::force ((($main10->result eq "success")), "Failed to update the fw_host_1 ip in main2->cpmi script!"); my $main11 = $master->transform("-v FW_HOST_1_IP_1 -d " . $fw_host_1->ip_1 . " " . $master->work_dir . "\\main3.cpmi"); QTL::force ((($main11->result eq "success")), "Failed to update the fw_host_1 ip in main3->cpmi script!"); my $main12 = $master->transform("-v HOST_1_HOSTNAME_1 -d " . $host_1->hostname_1 . " " . $master->work_dir . "\\main1.cpmi"); QTL::force ((($main12->result eq "success")), "Failed to update the host_1 name in main1->cpmi script!"); my $main13 = $master->transform("-v HOST_1_HOSTNAME_1 -d " . $host_1->hostname_1 . " " . $master->work_dir . "\\main2.cpmi"); QTL::force ((($main13->result eq "success")), "Failed to update the host_1 name in main2->cpmi script!"); my $main14 = $master->transform("-v HOST_1_HOSTNAME_1 -d " . $host_1->hostname_1 . " " . $master->work_dir . "\\main3.cpmi"); QTL::force ((($main14->result eq "success")), "Failed to update the host_1 name in main3->cpmi script!"); my $main15 = $master->transform("-v HOST_1_IP_1 -d " . $host_1->ip_1 . " " . $master->work_dir . "\\main1.cpmi"); QTL::force ((($main15->result eq "success")), "Failed to update the host_1 ip in main1->cpmi script!"); my $main16 = $master->transform("-v HOST_1_IP_1 -d " . $host_1->ip_1 . " " . $master->work_dir . "\\main2.cpmi"); QTL::force ((($main16->result eq "success")), "Failed to update the host_1 name in main2->cpmi script!"); my $main17 = $master->transform("-v HOST_1_IP_1 -d " . $host_1->ip_1 . " " . $master->work_dir . "\\main3.cpmi"); QTL::force ((($main17->result eq "success")), "Failed to update the host_1 ip in main3->cpmi script!"); my $main18 = $master->transform("-v HOST_2_HOSTNAME_1 -d " . $host_2->hostname_1 . " " . $master->work_dir . "\\main1.cpmi"); QTL::force ((($main18->result eq "success")), "Failed to update the host_1 name in main1->cpmi script!"); my $main19 = $master->transform("-v HOST_2_IP_1 -d " . $host_2->ip_1 . " " . $master->work_dir . "\\main1.cpmi"); QTL::force ((($main19->result eq "success")), "Failed to update the host_1 ip in main1->cpmi script!"); my $main20 = $master->transform("-v SIC_NAME -d $DN " . $master->work_dir . "\\main1.cpmi"); QTL::force (($main20->number_of_transform eq "1"), "Failed to update the DN in main1->cpmi script!"); my $main21 = $master->transform("-v SIC_NAME -d $DN " . $master->work_dir . "\\main2.cpmi"); QTL::force (($main21->number_of_transform eq "1"), "Failed to update the DN in main2->cpmi script!"); my $main22 = $master->transform("-v SIC_NAME -d $DN " . $master->work_dir . "\\main3.cpmi"); QTL::force (($main22->number_of_transform eq "1"), "Failed to update the DN in main3->cpmi script!"); my $main23 = $master->transform("-v mxname -d mail" . $host_1->hostname_1 . " " . $master->work_dir . "\\main2.cpmi"); QTL::force (($main23->number_of_transform eq "1"), "Failed to update the host_1 mail name in main2->cpmi script!"); #------------------------------------------Execute the main cpmi scripts--------------------------------- my $cpmi_exec_main1 = $master->shell($master->aig_dir . "\\common\\bin\\CpmiUI -o 1 " . $master->work_dir . "\\main1.cpmi"); QTL::force (($cpmi_exec_main1->exitcode eq "0"), "Failed to run CpmiUI with main1->cpmi script!"); my $look_for_success = $master->find_str("-l \"Update and object and succeeded\" " . $cpmi_exec_main1->outfile); QTL::warn ((($look_for_success->number_of_lines_matched eq "43") or ($look_for_success->number_of_lines_matched eq "42")), "At least one object was not created successfully via CPMI with main1->cpmi!"); my $look_for_fail = $master->find_str("-l \"fail or Fail\" " . $cpmi_exec_main1->outfile); QTL::warn ((($look_for_fail->result eq "failure") or ($look_for_success->number_of_lines_matched eq "42")), "At least one object was not created successfully via CPMI with main1->cpmi!"); my $cpmi_exec_main2 = $master->shell($master->aig_dir . "\\common\\bin\\CpmiUI -o 1 " . $master->work_dir . "\\main2.cpmi"); QTL::force (($cpmi_exec_main2->exitcode eq "0"), "Failed to run CpmiUI with main2->cpmi script!"); my $look_for_success2 = $master->find_str("-l \"Update and object and succeeded\" " . $cpmi_exec_main2->outfile); QTL::warn (($look_for_success2->number_of_lines_matched eq "19"), "At least one object was not created successfully via CPMI with main2->cpmi!"); my $look_for_fail2 = $master->find_str("-l \"fail or Fail\" " . $cpmi_exec_main2->outfile); QTL::warn (($look_for_fail2->result eq "failure"), "At least one object was not created successfully via CPMI with main2->cpmi!"); my $cpmi_exec_main3 = $master->shell($master->aig_dir . "\\common\\bin\\CpmiUI -o 1 " . $master->work_dir . "\\main3.cpmi"); QTL::force (($cpmi_exec_main3->exitcode eq "0"), "Failed to run CpmiUI with main3->cpmi script!"); my $look_for_success3 = $master->find_str("-l \"Update and object and succeeded\" " . $cpmi_exec_main3->outfile); QTL::warn (($look_for_success3->number_of_lines_matched eq "22"), "At least one object was not created successfully via CPMI with main3->cpmi!"); my $look_for_fail3 = $master->find_str("-l \"fail or Fail\" " . $cpmi_exec_main3->outfile); QTL::warn (($look_for_fail3->result eq "failure"), "At least one object was not created successfully via CPMI with main3->cpmi!"); #-------------------------------End of main cpmi scripts execution-------------------------------------------- #[POLICIES_CREATION] #Copy the policies CPMI files to work directory my $FW_POLICY_CPMI_FILE = "$FW_POLICY$CPMI_SUFFIX"; my $copy_policy = $master->shell("cp " . $master->fb_db . "\\fwconf\\5.0\\enfdb\\$FW_POLICY_CPMI_FILE " . $master->work_dir . "\\."); QTL::force ((($copy_policy->exitcode eq "0")), "Failed to pass $FW_POLICY_CPMI_FILE to master\'s work directory!"); my $transform_policy_1 = $master->transform("-v ADMIN_USERNAME -d $ADMIN_USERNAME " . $master->work_dir . "\\$FW_POLICY_CPMI_FILE"); my $transform_policy_2 = $master->transform("-v ADMIN_PASSWORD -d $ADMIN_PASSWORD " . $master->work_dir . "\\$FW_POLICY_CPMI_FILE"); my $transform_policy_3 = $master->transform("-v FW_MACHINE_1_IP_1 -d " . $fw_machine_1->ip_1 . " " . $master->work_dir . "\\$FW_POLICY_CPMI_FILE"); my $transform_policy_4 = $master->transform("-v SIC_NAME -d $DN " . $master->work_dir . "\\$FW_POLICY_CPMI_FILE"); my $transform_policy_5 = $master->transform("-v \"step 24 0\" -d \"step 24 1\" " . $master->work_dir . "\\$FW_POLICY_CPMI_FILE"); QTL::force (((($transform_policy_5->number_of_transform eq "1") and ($transform_policy_1->number_of_transform eq "1") and ($transform_policy_2->number_of_transform eq "1") and ($transform_policy_3->number_of_transform eq "1") and ($transform_policy_4->number_of_transform eq "1"))), "Failed to update $FW_POLICY_CPMI_FILE properly!"); my $cpmi_exec_policies = $master->shell($master->aig_dir . "\\common\\bin\\CpmiUI -o 1 " . $master->work_dir . "\\$FW_POLICY_CPMI_FILE"); QTL::force ((($cpmi_exec_policies->exitcode eq "0")), "Failed to run CpmiUI with $FW_POLICY_CPMI_FILE script!"); #[\POLICIES_CREATION] #----------------------------------- Step 7 - clean up ----------------------- #Remove the CPMI administrator my $remove_admin_1 = $fw_machine_1->shell("\"" . $fw_machine_1->cpshared_path . "\\bin\\cp_conf\" admin del $ADMIN_USERNAME"); QTL::warn (($remove_admin_1->exitcode eq "0"), "Failed to remove the CPMI administrator!"); my $remove_admin_2 = $fw_machine_1->find_str("-l \"successfully\" " . $remove_admin_1->outfile); QTL::warn (($remove_admin_2->result eq "success"), "CPMI administrator may not be removed successfully!"); #Remove the GUI client my $remove_gui_cli_1 = $fw_machine_1->shell("cp_conf client del $MASTER_IP"); QTL::warn (($remove_gui_cli_1->exitcode eq "0"), "Failed to remove the master\'s GUI client!"); my $remove_gui_cli_2 = $fw_machine_1->find_str("-l \"successfully\" " . $remove_gui_cli_1->outfile); QTL::warn (($remove_gui_cli_2->result eq "success"), "Master\'s GUI client may not be removed successfully!"); #----------------------------------- End of Step 7 ---------------------------- ############################################################################### ### ### ### End of "Black Box" for configure standalone environment ### ### ### ############################################################################### #[\STANDALOE_BLACKBOX] #put configuration files my $put2 = $fw_host_1->put_file("-o " . $master->fb_db . "/fwconf/5.0/files NetAPS_Template.conf.opsec to " . $fw_host_1->aig_dir . "/prod/fireball-1/conf NetAPS_Template.conf.opsec"); QTL::force ((($put2->result eq "success")), "Failed to pass file " . $master->fb_db . "/fwconf/5.0/files/NetAPS_Template.conf.opsec to fw_host_1!"); my $put3 = $host_1->put_file("-o " . $master->fb_db . "/fwconf/5.0/files NetAPS_Template.conf.opsec to " . $host_1->aig_dir . "/prod/fireball-1/conf NetAPS_Template.conf.opsec"); QTL::force ((($put3->result eq "success")), "Failed to pass file " . $master->fb_db . "/fwconf/5.0/files/NetAPS_Template.conf.opsec to host_1!"); my $put4 = $fw_host_1->put_file("-o " . $master->fb_db . "/fwconf/5.0/files NetAPS_Template.conf.smtp to " . $fw_host_1->aig_dir . "/prod/fireball-1/conf NetAPS_Template.conf.smtp"); QTL::force ((($put4->result eq "success")), "Failed to pass file " . $master->fb_db . "/fwconf/5.0/files/NetAPS_Template.conf.smtp to fw_host_1!"); my $put5 = $host_1->put_file("-o " . $master->fb_db . "/fwconf/5.0/files NetAPS_Template.conf.smtp to " . $host_1->aig_dir . "/prod/fireball-1/conf NetAPS_Template.conf.smtp"); QTL::force ((($put5->result eq "success")), "Failed to pass file " . $master->fb_db . "/fwconf/5.0/files/NetAPS_Template.conf.smtp to host_1!"); my $put6 = $fw_host_1->put_file("-o " . $master->fb_db . "/fwconf/5.0/files gfile to /tmp gfile"); QTL::force ((($put6->result eq "success")), "Failed to pass file " . $master->fb_db . "/fwconf/5.0/files/NetAPS_Template.conf.smtp to host_1!"); my $put7 = $host_1->put_file("-o " . $master->fb_db . "/fwconf/5.0/files gfile to /tmp gfile"); QTL::force ((($put7->result eq "success")), "Failed to pass file " . $master->fb_db . "/fwconf/5.0/files/gfile to /tmp directory on host_1!"); my $put10 = $host_1->put_file("-o " . $master->fb_db . "/fwconf/5.0/files virustest.exe to /tmp virustest.exe"); QTL::force ((($put10->result eq "success")), $master->fb_db . "/fwconf/5.0/files/virustest.exe to /tmp directory on host_1!"); my $put11 = $fw_host_1->put_file("-o " . $master->fb_db . "/fwconf/5.0/files virustest.exe to /tmp virustest.exe"); QTL::force ((($put11->result eq "success")), $master->fb_db . "/fwconf/5.0/files/virustest.exe to /tmp directory on fw_host_1!"); my $put12 = $fw_host_1->put_file("-o " . $master->fb_db . "/fwconf/5.0/files SessionAgent to /tmp SessionAgent"); QTL::force ((($put12->result eq "success")), $master->fb_db . "/fwconf/5.0/files/SessionAgent to /tmp directory on fw_host_1!"); my $chmod_sa = $fw_host_1->shell("chmod 777 /tmp/SessionAgent"); QTL::force ((($chmod_sa->exitcode eq "0")), "Failed to change the permissions of /tmp/SessionAgent directory of fw_host_1 to 777!"); my $load = $fw_machine_1->fwload("$FW_POLICY"); QTL::force ((($load->result eq "success")), "Failed to load $FW_POLICY policy on the Fw module!"); $master->shell("sleep 2"); my $logswitch = $fw_machine_1->fwlogswitch(); QTL::warn ((($logswitch->result eq "success")), "fw logswitch command on the Fw management Failed!"); #-------------------------------------------------------------end of StandardInit macro--------------------------------------------------------------------------------- ################################################### #fw-1 Auth ################################################### my $mca11 = $fw_machine_1->fwload("$FW_POLICY " . $fw_machine_1->hostname_1); QTL::force (($mca11->result eq "success")); $master->shell("sleep 1"); my $mca21 = $fw_machine_1->fwlogswitch(); QTL::force (($mca21->result eq "success")); my $mca31 = $host_1->shell("-exec_mode async tcpdump -c 3 port 23 and host " . $fw_host_1->ip_1); QTL::force ((($mca31->state eq "running")), "failed to start tcpdump on host_1"); my $mca41 = $fw_host_1->open_conn("-exec_timeout 60 -context opsec -cat -s " . $fw_machine_1->ip_1 . " -fu aa -fp aaaa -st 1"); QTL::force ((($mca41->result eq "success")), "failed to open connection with user aa and auth server FireWall-1"); $master->shell("sleep 2"); my $mca51 = $fw_host_1->open_conn("-exec_timeout 60 -context opsec -c telnet -s " . $host_1->ip_1 . " -su root -sp zubur"); QTL::force ((($mca51->result eq "success")), "failed to open connection with user aa and auth server FireWall-1"); $master->shell("sleep 5"); my $mca61 = $fw_machine_1->checklog("-resolve -n 1 -query (action =~ authorize and src =~ " . $fw_host_1->ip_1 . " and service =~ FW1_clntauth_telnet and user =~ aa and reason =~ FireWall-1 )"); QTL::warn ((($mca61->result eq "success")), "checklog failed to find a log with user aa"); QTL::force ((($mca31->state eq "finished")), "tcpdump should be finished on host_1 and it is not"); ##################################################### #Radius - Levingston auth ##################################################### $host_2->shell("ka radius"); $master->shell("sleep 2"); $host_2->shell("/etc/init.d/radius start"); $master->shell("sleep 2"); my $mca12 = $fw_machine_1->fwload("$FW_POLICY " . $fw_machine_1->hostname_1); QTL::force (($mca12->result eq "success")); $master->shell("sleep 1"); my $mca22 = $fw_machine_1->fwlogswitch(); QTL::force (($mca22->result eq "success")); my $mca32 = $host_1->shell("-exec_mode async tcpdump -c 3 port 23 and host " . $fw_host_1->ip_1); QTL::force ((($mca32->state eq "running")), "failed to start tcpdump on host_1"); my $mca42 = $fw_host_1->open_conn("-exec_timeout 60 -context opsec -cat -s " . $fw_machine_1->ip_1 . " -fu raa -fp aa -st 1"); QTL::force ((($mca42->result eq "success")), "failed to open connection with user raa and auth server RADIUS"); $master->shell("sleep 2"); my $mca52 = $fw_host_1->open_conn("-exec_timeout 60 -context opsec -c telnet -s " . $host_1->ip_1 . " -su root -sp zubur"); QTL::force ((($mca52->result eq "success")), "failed to open connection with user raa and auth server RADIUS"); $master->shell("sleep 5"); my $mca62 = $fw_machine_1->checklog("-resolve -n 1 -query (action =~ authorize and src =~ " . $fw_host_1->ip_1 . " and service =~ FW1_clntauth_telnet and user =~ raa and reason =~ RADIUS )"); QTL::warn ((($mca62->result eq "success")), "checklog failed to find a log with user raa"); QTL::force ((($mca32->state eq "finished")), "tcpdump should be finished on host_1 and it is not"); ############################################################## #Radius - Funk telnet ############################################################## $host_2->shell("/etc/init.d/radius stop"); $master->shell("sleep 2"); $host_2->shell("/etc/rc2.d/S90radius start"); $master->shell("sleep 4"); my $mca13 = $fw_machine_1->fwload("$FW_POLICY " . $fw_machine_1->hostname_1); QTL::force (($mca13->result eq "success")); $master->shell("sleep 1"); my $mca23 = $fw_machine_1->fwlogswitch(); QTL::force (($mca23->result eq "success")); my $mca33 = $host_1->shell("-exec_mode async tcpdump -c 3 port 80 and host " . $fw_host_1->ip_1); QTL::force ((($mca33->state eq "running")), "failed to start tcpdump on host_1"); my $mca43 = $fw_host_1->open_conn("-exec_timeout 60 -context opsec -cah -s " . $fw_machine_1->ip_1 . " -fu funkyfish -fp aa -st 1"); QTL::force ((($mca43->result eq "success")), "failed to open connection with user funkyfish and auth server RADIUS"); $master->shell("sleep 2"); my $mca53 = $fw_host_1->open_conn("-exec_timeout 60 -context opsec -c httpstress -s " . $host_1->ip_1 . " -p /index.html -su root -sp zubur"); QTL::force ((($mca53->result eq "success")), "failed to open connection with user funkyfish and auth server RADIUS"); $master->shell("sleep 5"); my $mca63 = $fw_machine_1->checklog("-resolve -n 1 -query (action =~ authorize and src =~ " . $fw_host_1->ip_1 . " and service =~ FW1_clntauth_http and user =~ funkyfish and reason =~ RADIUS )"); QTL::warn ((($mca63->result eq "success")), "checklog failed to find a log with user funkyfish"); QTL::force ((($mca33->state eq "finished")), "tcpdump should be finished on host_1 and it is not"); $host_2->shell("/etc/init.d/radius stop"); ####################################################### #IAS (MS-RADIUS) ####################################################### my $mca14 = $fw_machine_1->fwload("$FW_POLICY " . $fw_machine_1->hostname_1); QTL::force (($mca14->result eq "success")); $master->shell("sleep 1"); my $mca24 = $fw_machine_1->fwlogswitch(); QTL::force (($mca24->result eq "success")); my $mca34 = $host_1->shell("-exec_mode async tcpdump -c 3 port 80 and host " . $fw_host_1->ip_1); QTL::force ((($mca34->state eq "running")), "failed to start tcpdump on host_1"); my $mca44 = $fw_host_1->open_conn("-exec_timeout 60 -context opsec -cah -s " . $fw_machine_1->ip_1 . " -fu bill -fp gates -st 1"); QTL::force ((($mca44->result eq "success")), "failed to open connection with user bill and auth server RADIUS"); $master->shell("sleep 2"); my $mca54 = $fw_host_1->open_conn("-exec_timeout 60 -context opsec -c httpstress -s " . $host_1->ip_1 . " -p /index.html -su root -sp zubur"); QTL::force ((($mca54->result eq "success")), "failed to open connection with user bill and auth server RADIUS"); $master->shell("sleep 5"); my $mca64 = $fw_machine_1->checklog("-resolve -n 1 -query (action =~ authorize and src =~ " . $fw_host_1->ip_1 . " and service =~ FW1_clntauth_http and user =~ bill and reason =~ RADIUS )"); QTL::warn ((($mca64->result eq "success")), "checklog failed to find a log with user bill"); QTL::force ((($mca34->state eq "finished")), "tcpdump should be finished on host_1 and it is not"); ############################################################# #TACACS UDP auth ############################################################# my $mca15 = $fw_machine_1->fwload("$FW_POLICY " . $fw_machine_1->hostname_1); QTL::force (($mca15->result eq "success")); $master->shell("sleep 1"); my $mca25 = $fw_machine_1->fwlogswitch(); QTL::force (($mca25->result eq "success")); my $mca35 = $host_1->shell("-exec_mode async tcpdump -c 3 port 21 and host " . $fw_host_1->ip_1); QTL::force ((($mca35->state eq "running")), "failed to start tcpdump on host_1"); my $mca45 = $fw_host_1->open_conn("-exec_timeout 60 -context opsec -cah -s " . $fw_machine_1->ip_1 . " -fu taca -fp taca -st 1"); QTL::force ((($mca45->result eq "success")), "failed to open connection with user taca and auth server TACACS"); $master->shell("sleep 2"); my $mca55 = $fw_host_1->open_conn("-exec_timeout 60 -context opsec -c ftp -s " . $host_1->ip_1 . " -remote_file /etc/hosts -su root -sp zubur"); QTL::force ((($mca55->result eq "success")), "failed to open connection with user taca and auth server TACACS"); $master->shell("sleep 5"); my $mca75 = $fw_machine_1->checklog("-resolve -n 1 -query (action =~ authorize and src =~ " . $fw_host_1->ip_1 . " and service =~ FW1_clntauth_http and user =~ taca and reason =~ TACACS)"); QTL::warn ((($mca75->result eq "success")), "checklog failed to find a log with user taca"); QTL::force ((($mca35->state eq "finished")), "tcpdump should be finished on host_1 and it is not"); ############################################################ #TACACS PLUS auth ############################################################ my $mca16 = $fw_machine_1->fwload("$FW_POLICY " . $fw_machine_1->hostname_1); QTL::force (($mca16->result eq "success")); $master->shell("sleep 1"); my $mca26 = $fw_machine_1->fwlogswitch(); QTL::force (($mca26->result eq "success")); my $mca36 = $host_1->shell("-exec_mode async tcpdump -c 3 port 21 and host " . $fw_host_1->ip_1); QTL::force ((($mca36->state eq "running")), "failed to start tcpdump on host_1"); my $mca46 = $fw_host_1->open_conn("-exec_timeout 60 -context opsec -cah -s " . $fw_machine_1->ip_1 . " -fu tacap -fp tacap -st 1"); QTL::force ((($mca46->result eq "success")), "failed to open connection with user tacap and auth server TACACS"); $master->shell("sleep 2"); my $mca56 = $fw_host_1->open_conn("-exec_timeout 60 -context opsec -c ftp -s " . $host_1->ip_1 . " -remote_file /etc/hosts -su root -sp zubur"); QTL::force ((($mca56->result eq "success")), "failed to open connection with user tacap and auth server TACACS"); $master->shell("sleep 5"); my $mca76 = $fw_machine_1->checklog("-resolve -n 1 -query (action =~ authorize and src =~ " . $fw_host_1->ip_1 . " and service =~ FW1_clntauth_http and user =~ tacap and reason =~ TACACS)"); QTL::warn ((($mca76->result eq "success")), "checklog failed to find a log with user tacap"); QTL::force ((($mca36->state eq "finished")), "tcpdump should be finished on host_1 and it is not"); ########################################################### #Secure ID auth ########################################################### #TELNET_OPEN_CONN_MANUAL_CLIENT_AUTH(7,amos,1111,SecurID,finished,success,accept) ##################################################################################################################################### #NOW TRY TO CONNECT WITH WRONG PASSWORD. ##################################################################################################################################### ################################################### #fw-1 Auth ################################################### my $mca18 = $fw_machine_1->fwload("$FW_POLICY " . $fw_machine_1->hostname_1); QTL::force (($mca18->result eq "success")); $master->shell("sleep 1"); my $mca28 = $fw_machine_1->fwlogswitch(); QTL::force (($mca28->result eq "success")); my $mca38 = $host_1->shell("-exec_mode async tcpdump -c 3 port 23 and host " . $fw_host_1->ip_1); QTL::force ((($mca38->state eq "running")), "failed to start tcpdump on host_1"); my $mca48 = $fw_host_1->open_conn("-exec_timeout 60 -context opsec -cat -s " . $fw_machine_1->ip_1 . " -fu aa -fp abcd -st 1"); QTL::force ((($mca48->result eq "failure")), "failed to open connection with user aa and auth server FireWall-1"); $master->shell("sleep 2"); my $mca58 = $fw_host_1->open_conn("-exec_timeout 60 -context opsec -c telnet -s " . $host_1->ip_1 . " -su root -sp zubur"); QTL::force ((($mca58->result eq "failure")), "failed to open connection with user aa and auth server FireWall-1"); $master->shell("sleep 5"); my $mca68 = $fw_machine_1->checklog("-resolve -n 1 -query (action =~ authorize and src =~ " . $fw_host_1->ip_1 . " and service =~ FW1_clntauth_telnet and user =~ aa and reason =~ FireWall-1 )"); QTL::warn ((($mca68->result eq "failure")), "checklog failed to find a log with user aa"); QTL::force ((($mca38->state eq "running")), "tcpdump should be running on host_1 and it is not"); ##################################################### #Radius - Levingston auth ##################################################### $host_2->shell("ka radius"); $master->shell("sleep 2"); $host_2->shell("/etc/init.d/radius start"); $master->shell("sleep 2"); my $mca19 = $fw_machine_1->fwload("$FW_POLICY " . $fw_machine_1->hostname_1); QTL::force (($mca19->result eq "success")); $master->shell("sleep 1"); my $mca29 = $fw_machine_1->fwlogswitch(); QTL::force (($mca29->result eq "success")); my $mca39 = $host_1->shell("-exec_mode async tcpdump -c 3 port 23 and host " . $fw_host_1->ip_1); QTL::force ((($mca39->state eq "running")), "failed to start tcpdump on host_1"); my $mca49 = $fw_host_1->open_conn("-exec_timeout 60 -context opsec -cat -s " . $fw_machine_1->ip_1 . " -fu raa -fp abcd -st 1"); QTL::force ((($mca49->result eq "failure")), "failed to open connection with user raa and auth server RADIUS"); $master->shell("sleep 2"); my $mca59 = $fw_host_1->open_conn("-exec_timeout 60 -context opsec -c telnet -s " . $host_1->ip_1 . " -su root -sp zubur"); QTL::force ((($mca59->result eq "failure")), "failed to open connection with user raa and auth server RADIUS"); $master->shell("sleep 5"); my $mca69 = $fw_machine_1->checklog("-resolve -n 1 -query (action =~ authorize and src =~ " . $fw_host_1->ip_1 . " and service =~ FW1_clntauth_telnet and user =~ raa and reason =~ RADIUS )"); QTL::warn ((($mca69->result eq "failure")), "checklog failed to find a log with user raa"); QTL::force ((($mca39->state eq "running")), "tcpdump should be running on host_1 and it is not"); ############################################################## #Radius - Funk telnet ############################################################## $host_2->shell("/etc/init.d/radius stop"); $master->shell("sleep 2"); $host_2->shell("/etc/rc2.d/S90radius start"); $master->shell("sleep 4"); my $mca110 = $fw_machine_1->fwload("$FW_POLICY " . $fw_machine_1->hostname_1); QTL::force (($mca110->result eq "success")); $master->shell("sleep 1"); my $mca210 = $fw_machine_1->fwlogswitch(); QTL::force (($mca210->result eq "success")); my $mca310 = $host_1->shell("-exec_mode async tcpdump -c 3 port 80 and host " . $fw_host_1->ip_1); QTL::force ((($mca310->state eq "running")), "failed to start tcpdump on host_1"); my $mca410 = $fw_host_1->open_conn("-exec_timeout 60 -context opsec -cah -s " . $fw_machine_1->ip_1 . " -fu funkyfish -fp abcd -st 1"); QTL::force ((($mca410->result eq "failure")), "failed to open connection with user funkyfish and auth server RADIUS"); $master->shell("sleep 2"); my $mca510 = $fw_host_1->open_conn("-exec_timeout 60 -context opsec -c httpstress -s " . $host_1->ip_1 . " -p /index.html -su root -sp zubur"); QTL::force ((($mca510->result eq "failure")), "failed to open connection with user funkyfish and auth server RADIUS"); $master->shell("sleep 5"); my $mca610 = $fw_machine_1->checklog("-resolve -n 1 -query (action =~ authorize and src =~ " . $fw_host_1->ip_1 . " and service =~ FW1_clntauth_http and user =~ funkyfish and reason =~ RADIUS )"); QTL::warn ((($mca610->result eq "failure")), "checklog failed to find a log with user funkyfish"); QTL::force ((($mca310->state eq "running")), "tcpdump should be running on host_1 and it is not"); $host_2->shell("/etc/init.d/radius stop"); ####################################################### #IAS (MS-RADIUS) ####################################################### my $mca111 = $fw_machine_1->fwload("$FW_POLICY " . $fw_machine_1->hostname_1); QTL::force (($mca111->result eq "success")); $master->shell("sleep 1"); my $mca211 = $fw_machine_1->fwlogswitch(); QTL::force (($mca211->result eq "success")); my $mca311 = $host_1->shell("-exec_mode async tcpdump -c 3 port 80 and host " . $fw_host_1->ip_1); QTL::force ((($mca311->state eq "running")), "failed to start tcpdump on host_1"); my $mca411 = $fw_host_1->open_conn("-exec_timeout 60 -context opsec -cah -s " . $fw_machine_1->ip_1 . " -fu bill -fp abcd -st 1"); QTL::force ((($mca411->result eq "failure")), "failed to open connection with user bill and auth server RADIUS"); $master->shell("sleep 2"); my $mca511 = $fw_host_1->open_conn("-exec_timeout 60 -context opsec -c httpstress -s " . $host_1->ip_1 . " -p /index.html -su root -sp zubur"); QTL::force ((($mca511->result eq "failure")), "failed to open connection with user bill and auth server RADIUS"); $master->shell("sleep 5"); my $mca611 = $fw_machine_1->checklog("-resolve -n 1 -query (action =~ authorize and src =~ " . $fw_host_1->ip_1 . " and service =~ FW1_clntauth_http and user =~ bill and reason =~ RADIUS )"); QTL::warn ((($mca611->result eq "failure")), "checklog failed to find a log with user bill"); QTL::force ((($mca311->state eq "running")), "tcpdump should be running on host_1 and it is not"); ############################################################# #TACACS UDP auth ############################################################# my $mca112 = $fw_machine_1->fwload("$FW_POLICY " . $fw_machine_1->hostname_1); QTL::force (($mca112->result eq "success")); $master->shell("sleep 1"); my $mca212 = $fw_machine_1->fwlogswitch(); QTL::force (($mca212->result eq "success")); my $mca312 = $host_1->shell("-exec_mode async tcpdump -c 3 port 21 and host " . $fw_host_1->ip_1); QTL::force ((($mca312->state eq "running")), "failed to start tcpdump on host_1"); my $mca412 = $fw_host_1->open_conn("-exec_timeout 60 -context opsec -cah -s " . $fw_machine_1->ip_1 . " -fu taca -fp abcd -st 1"); QTL::force ((($mca412->result eq "failure")), "failed to open connection with user taca and auth server TACACS"); $master->shell("sleep 2"); my $mca512 = $fw_host_1->open_conn("-exec_timeout 60 -context opsec -c ftp -s " . $host_1->ip_1 . " -remote_file /etc/hosts -su root -sp zubur"); QTL::force ((($mca512->result eq "failure")), "failed to open connection with user taca and auth server TACACS"); $master->shell("sleep 5"); my $mca712 = $fw_machine_1->checklog("-resolve -n 1 -query (action =~ authorize and src =~ " . $fw_host_1->ip_1 . " and service =~ FW1_clntauth_http and user =~ taca and reason =~ TACACS)"); QTL::warn ((($mca712->result eq "failure")), "checklog failed to find a log with user taca"); QTL::force ((($mca312->state eq "running")), "tcpdump should be running on host_1 and it is not"); ############################################################ #TACACS PLUS auth ############################################################ my $mca113 = $fw_machine_1->fwload("$FW_POLICY " . $fw_machine_1->hostname_1); QTL::force (($mca113->result eq "success")); $master->shell("sleep 1"); my $mca213 = $fw_machine_1->fwlogswitch(); QTL::force (($mca213->result eq "success")); my $mca313 = $host_1->shell("-exec_mode async tcpdump -c 3 port 21 and host " . $fw_host_1->ip_1); QTL::force ((($mca313->state eq "running")), "failed to start tcpdump on host_1"); my $mca413 = $fw_host_1->open_conn("-exec_timeout 60 -context opsec -cah -s " . $fw_machine_1->ip_1 . " -fu tacap -fp abcd -st 1"); QTL::force ((($mca413->result eq "failure")), "failed to open connection with user tacap and auth server TACACS"); $master->shell("sleep 2"); my $mca513 = $fw_host_1->open_conn("-exec_timeout 60 -context opsec -c ftp -s " . $host_1->ip_1 . " -remote_file /etc/hosts -su root -sp zubur"); QTL::force ((($mca513->result eq "failure")), "failed to open connection with user tacap and auth server TACACS"); $master->shell("sleep 5"); my $mca713 = $fw_machine_1->checklog("-resolve -n 1 -query (action =~ authorize and src =~ " . $fw_host_1->ip_1 . " and service =~ FW1_clntauth_http and user =~ tacap and reason =~ TACACS)"); QTL::warn ((($mca713->result eq "failure")), "checklog failed to find a log with user tacap"); QTL::force ((($mca313->state eq "running")), "tcpdump should be running on host_1 and it is not"); ########################################################### #Secure ID auth ########################################################### #TELNET_OPEN_CONN_MANUAL_CLIENT_AUTH(14,amos,abcd,SecurID,running,failure,reject) #[CONFIGURATION_FILES] #fwconf/5.0/enfdb/clau001.W.cpmi #fwconf/5.0/enfdb/clau002.W.cpmi #fwconf/5.0/enfdb/clau003.W.cpmi #fwconf/5.0/enfdb/clau004.W.cpmi #fwconf/5.0/enfdb/clau001.W.cpmi #fwconf/5.0/enfdb/clau001.W.cpmi #fwconf/5.0/enfdb/clau008.W.cpmi #fwconf/5.0/enfdb/clau010.W.cpmi #fwconf/5.0/enfdb/doauth001.W.cpmi #fwconf/5.0/enfdb/transerv005.W.cpmi #fwconf/5.0/enfdb/transerv007.W.cpmi #fwconf/5.0/enfdb/transerv009.W.cpmi #fwconf/5.0/enfdb/transerv012.W.cpmi #fwconf/5.0/enfdb/usau001.W.cpmi #fwconf/5.0/enfdb/usau004.W.cpmi #fwconf/5.0/enfdb/usau007.W.cpmi #fwconf/5.0/enfdb/seau001.W.cpmi #fwconf/5.0/enfdb/seau002.W.cpmi #fwconf/5.0/enfdb/seau003.W.cpmi #fwconf/5.0/cpmi_scripts/authstrm002.cpmi #fwconf/5.0/standalone/standalone_setup.cpmi #fwconf/5.0/standalone/defaultfilter.pf #fwconf/5.0/cpmi_scripts/main1.cpmi #fwconf/5.0/cpmi_scripts/main2.cpmi #fwconf/5.0/cpmi_scripts/main3.cpmi #fwconf/5.0/cpmi_scripts/predefined.cpmi #fwconf/5.0/files/to_network.pl #fwconf/5.0/files/NetAPS_Template.conf.opsec #fwconf/5.0/files/NetAPS_Template.conf.smtp #fwconf/5.0/files/NetAPS_Template.conf.waitMode #fwconf/5.0/files/gfile #fwconf/5.0/files/discard #fwconf/5.0/files/virustest.exe #fwconf/5.0/files/SessionAgent #[/CONFIGURATION_FILES]