Beefy Boxes and Bandwidth Generously Provided by pair Networks
Keep It Simple, Stupid
 
PerlMonks  

Comment on

( #3333=superdoc: print w/ replies, xml ) Need Help??
second file
use strict; ###################################################################### +####################################### #Telnet ftp and http with client authentication partily automatic #The authentication methods are: RADIUS (Levingston), FW-1, TACACS, TA +CACS plus, Secure ID, IAS, OS. #first try to open with client authentication and then without. ###################################################################### +####################################### my $FW_POLICY="clau001.W"; #[STANDALONE_BLACKBOX] ###################################################################### +######### ### + ### ### QTL "Black Box" that configure standalone environment + ### ### + ### ###################################################################### +######### #$Header: /qa_cvs/qtls/scripts/auth/Attic/clau001.auth,v 1.1.2.1 2003/ +03/18 12:06:40 obdavid Exp $ #This QTL script describes the process of working with standalone topo +logies #Included machines - #fw_machine_1 - Vancouver stanalone machine #------------ Configuration part ------------------------------------- #The CPMI Client version vc8 and above #The CPMI Client script name, saved under /usr/local/aig/common/db/fwc +onf/5.0/standalone/ my $CPMI_SCRIPT = "standalone_setup.cpmi"; #The FireWall-1 CPMI administrator user and password #This is an administrator defined separately for CPMI client operation +. my $ADMIN_USERNAME = "cpmi-user"; my $ADMIN_PASSWORD = "cpmi-passwd"; my $CPMI_SUFFIX=".cpmi"; #Get the FireBall-1 3.0 master IP for future use as a CPMI/GUI client my $get_master_ip_1 = $master->shell("ifconfig -a"); QTL::force ((($get_master_ip_1->exitcode eq "0")), "Failed to get the +master\'s ip via \'ifconfig -a\' commnad!"); my $get_master_ip_2 = $master->find_str("-reg (/inet addr\\:(.*)\\s+Bc +ast/) " . $get_master_ip_1->outfile); QTL::force ((($get_master_ip_2->result eq "success")), "Failed to find + the master\'s ip in the \'if config -a\' output!"); my $MASTER_IP = $get_master_ip_2->dollar1; #Configure utility variables my $STANDALONE_DIR = $master->fb_db . "\\fwconf\\5.0\\standalone"; #Variables for the clean configuration files my $CONF_DIR = $fw_machine_1->fw_dir . "\\conf"; my $CLEAR_DIR = $master->fw_db . "\\" . $fw_machine_1->fw_build; #cpstart sleep time according to the platform my $print_all_time_machines = $master->print("NT=40 SUN=40 LINUX=40 NO +KIA=120 AIX=40 HP=40"); QTL::force ($print_all_time_machines->result eq "success"); my $find_the_platform_time = $master->find_str("-reg (/" . $fw_machine +_1->platform . "=(\\d+)/) " . $print_all_time_machines->outfile); QTL::force (($find_the_platform_time->result eq "success"), "Failed to + get CPSTART SLEEP TIME value!"); my $CPSTART_SLEEP_TIME = $find_the_platform_time->dollar1; my $PACKAGE_SUFFIX = ".package"; my $PACKAGE_FILE = $fw_machine_1->fw_build . "$PACKAGE_SUFFIX"; #----------- End of configuration part #-------- Step 1 - Connect to the FireWall-1 management ----- #Connect to the FireWall-1 management #Stop the FireWall-1. Do not force it - it might be down already my $stop_fw = $fw_machine_1->cpstop(); #-------- Step 1.1 - Clean up the FWDIR\conf dir of the fw_machine_1 +--------- #Create the conf package my $create_package = $master->shell("perl " . $master->aig_dir . "\\co +mmon\\scripts\\pack_conf.pl -v " . $fw_machine_1->fw_ver . " -b " . $ +fw_machine_1->fw_build . " -d " . $fw_machine_1->fw_dir); QTL::force ((($create_package->exitcode eq "0")), "Failed to create th +e package for the \'conf\' directory!"); #Overwrite/remove database files on the FireWall-1 machine my $delete_conf = $fw_machine_1->rm_rf("-r $CONF_DIR\\*"); QTL::force ((($delete_conf->result eq "success")), "Failed to remove t +he conf directory from the Firewall management!"); #Transfer the clean objects files my $transfer_conf = $fw_machine_1->put_file("-o $CLEAR_DIR $PACKAGE_FI +LE to " . $fw_machine_1->work_dir); my $transfer_aiginstaller = $fw_machine_1->put_file("-o " . $master->a +ig_dir . "\\common\\scripts aiginstaller.pl to " . $fw_machine_1->wor +k_dir); QTL::force ((($transfer_conf->result eq "success") and ($transfer_aigi +nstaller->result eq "success")), "May fail to pass either the \'conf\ +' package file or the installation file to Fw machine managemet!"); #Extract the conf package my $extract_conf = $fw_machine_1->shell("perl " . $fw_machine_1->work_ +dir . "\\aiginstaller.pl -y " . $fw_machine_1->work_dir . "\\$PACKAGE +_FILE"); QTL::force ((($extract_conf->exitcode eq "0")), "Failed to create the +package for the \'conf\' directory!"); #------------------- End of Step 1.1 --------------------------------- +--- #-------- Step 1.2 - Reset the internal CA on the FW machine -------- +- my $reset_ca = $fw_machine_1->shell($fw_machine_1->fw_dir . "\\bin\\fw +m sic_reset -yes"); my $reset_ca_2 = $fw_machine_1->shell($fw_machine_1->fw_dir . "\\bin\\ +fwm sic_reset -yes"); QTL::force (($reset_ca->exitcode eq "0") or ($reset_ca_2->exitcode eq +"0")); $master->shell("sleep 5"); #Recreate the internal CA on the management my $recreate_ca = $fw_machine_1->shell("\"" . $fw_machine_1->cpshared_ +path . "\\bin\\cp_conf\" ca init"); QTL::force ((($recreate_ca->exitcode eq "0")), "Failed to reset the in +ternal CA!"); #NEW in ANC - FQDN configuration in the Internal CA my $fqdn_1 = $fw_machine_1->shell("\"" . $fw_machine_1->cpshared_path +. "\\bin\\cp_conf\" ca dns " . $fw_machine_1->hostname_1); my $fqdn_2 = $fw_machine_1->shell("\"" . $fw_machine_1->cpshared_path +. "\\bin\\cp_conf\" ca fqdn " . $fw_machine_1->hostname_1); QTL::force ((((($fqdn_1->exitcode eq "0") and ($fw_machine_1->fw_build + < "52097")) or (($fqdn_2->exitcode eq "0") and ($fw_machine_1->fw_bu +ild >= "52097")) or ($fw_machine_1->fw_build < "52000"))), "Failed to + configure the FQDN for the interenal CA!"); #Get the new DN of the FW from the registry my $get_dn_1 = $fw_machine_1->shell("\"" . $fw_machine_1->cpshared_pat +h . "\\bin\\ckp_regedit\" -p software\\checkpoint\\sic"); QTL::force ((($get_dn_1->exitcode eq "0")), "Failed to perform \'ckp_r +egedit\' command on the Firewall management\'s registry!"); $master->shell("sleep 2"); my $get_dn_2 = $fw_machine_1->find_str("-reg (/(cn=\\S+)\\s+/) " . $ge +t_dn_1->outfile); QTL::force ((($get_dn_2->dollar1 =~ $fw_machine_1->hostname_1)), "Fail +ed to get the new DN of the Firewall management from the registry!"); #Assign a variable for easier use of the DN my $DN = $get_dn_2->dollar1; #------------------- End of Step 1.2 --------------------------------- +--- #------------------- End of Step 1 ----------------------------------- +--- $master->shell("sleep 5"); #--- Step 2 - Configure administrator and Gui Client for the CPMI Cli +ent --- #Create an administrator for the future CPMI Client work my $create_admin_1 = $fw_machine_1->shell("\"" . $fw_machine_1->cpshar +ed_path . "\\bin\\cp_conf\" admin add $ADMIN_USERNAME $ADMIN_PASSWORD + w"); my $create_admin_2 = $fw_machine_1->find_str("-l \"successfully or alr +eady\" " . $create_admin_1->outfile); QTL::force ((($create_admin_2->result eq "success")), "Failed to add t +he administrator for the CPMI!"); #Add the master as a Gui_Client for enable connectivity between CPMI c +lient and FireWall-1 management. my $add_gui_cli_1 = $fw_machine_1->shell("\"" . $fw_machine_1->cpshare +d_path . "\\bin\\cp_conf\" client add $MASTER_IP"); my $add_gui_cli_2 = $fw_machine_1->find_str("-l \"successfully or alre +ady\" " . $add_gui_cli_1->outfile); my $add_gui_cli_3 = $fw_machine_1->find_str("-l \"successfully or alre +ady\" " . $add_gui_cli_1->errfile); QTL::force ((($add_gui_cli_2->result eq "success") or ($add_gui_cli_3- +>result eq "success")), "Failed to add the GUI client for the CPMI!") +; #-------------- End of Step 2 ---------------------------------------- +-- #------------------- Step 3 - Configure Default Filter that accept por +t 12321 ----------- #Transfer the new default filter that includes accept for port 12321 my $establsh_conn_1 = $fw_machine_1->put_file("-o $STANDALONE_DIR defa +ultfilter.pf to " . $fw_machine_1->fw_dir . "\\conf"); QTL::force ((($establsh_conn_1->result eq "success")), "Failed to pass + $STANDALONE_DIR\\defaultfilter.pf to fw_machine_1!"); #Remove all information about an old state of the module. Do not force + (it - it might not be available my $establsh_conn_2 = $fw_machine_1->rm_rf("-r " . $fw_machine_1->fw_d +ir . "\\state\\local"); #Compile the new default filter my $establish_conn_3 = $fw_machine_1->shell($fw_machine_1->fw_dir . "\ +\bin\\comp_init_policy"); my $establish_conn_4 = $fw_machine_1->find_str("-l \"Compiled OK\" " . + $establish_conn_3->errfile); QTL::force ((($establish_conn_4->result eq "success")), "Failed to com +pile the Fireball\'s defaultfilter!"); #------------------- End of Step 3 ----------------------------------- +--- #amos add my $transfer_msg_cnt = $fw_machine_1->put_file("-o $CLEAR_DIR\\conf\\c +psc msg_cnt.C to $CONF_DIR\\cpsc msg_cnt.C"); QTL::force ((($transfer_msg_cnt->result eq "success")), "Failed to pas +s msg_cnt.C to Fw conf/cpsc directory!"); $master->shell("sleep 5"); #-------------- Step 4 - Start the FireWall-1 machine -------------- my $start_fw_1 = $fw_machine_1->shell("-exec_mode async \"" . $fw_mach +ine_1->cpshared_path . "\\bin\\cpstart\""); $fw_machine_1->shell("sleep 1"); QTL::force ((($start_fw_1->state eq "running")), "Failed to start the +Firewall!"); $master->shell("sleep $CPSTART_SLEEP_TIME"); my $start_fw_4 = $fw_machine_1->shell("cpridstart"); QTL::force ((($start_fw_4->exitcode eq "0")), "Failed to strat cprid d +aemon on fw_machine_1!"); #------------ End of Step 4 ------------------------------------ my $core_collector_module = $fw_machine_1->shell("perl " . $fw_machine +_1->aig_dir . "\\prod\\sysinfo\\scripts\\core_collector.pl -space 500 +"); #Execute sysinfo to collect general information and saves cores if fou +nd my $collect_module_cores = $fw_machine_1->sysinfo("-exec_mode async -n + -1 -sys=all -freq 30 -core=" . $fw_machine_1->work_dir . "/ -trace-r +ole=fw -trace-name=cpd -trace-name=vpnd -exec=\"perl " . $fw_machine_ +1->aig_dir . "\\prod\\sysinfo\\scripts\\core_collector.pl \'-space 50 +0\'\""); #-------------- Step 5 - Configure the CPMI Client script on the maste +r -------------- #Copy the CPMI client script to a the working dir for further modifi +cations. my $mod_cpmi_script_1 = $master->shell("cp -vf $STANDALONE_DIR\\$CPMI_ +SCRIPT " . $master->work_dir . "\\$CPMI_SCRIPT"); QTL::force ((($mod_cpmi_script_1->exitcode eq "0")), "Failed to pass $ +CPMI_SCRIPT script to the master\'s workdir!"); #Change all requested parameters in the cpmi_script.(e.g. the Administ +rator username and IP etc ) my $mod_cpmi_script_2 = $master->transform("-v ADMIN_USERNAME -d $ADMI +N_USERNAME " . $master->work_dir . "\\$CPMI_SCRIPT"); my $mod_cpmi_script_3 = $master->transform("-v ADMIN_PASSWORD -d $ADMI +N_PASSWORD " . $master->work_dir . "\\$CPMI_SCRIPT"); my $mod_cpmi_script_4 = $master->transform("-v FW_MACHINE_1_HOSTNAME_1 + -d " . $fw_machine_1->hostname_1 . " " . $master->work_dir . "\\$CPM +I_SCRIPT"); my $mod_cpmi_script_5 = $master->transform("-v FW_MACHINE_1_IP_1 -d " +. $fw_machine_1->ip_1 . " " . $master->work_dir . "\\$CPMI_SCRIPT"); my $mod_cpmi_script_6 = $master->transform("-v FW_MACHINE_1_IF_1 -d " +. $fw_machine_1->if_1 . " " . $master->work_dir . "\\$CPMI_SCRIPT"); my $mod_cpmi_script_7 = $master->transform("-v FW_MACHINE_1_MASK_1 -d +" . $fw_machine_1->mask_1 . " " . $master->work_dir . "\\$CPMI_SCRIPT +"); my $mod_cpmi_script_8 = $master->transform("-v FW_MACHINE_1_IP_2 -d " +. $fw_machine_1->ip_2 . " " . $master->work_dir . "\\$CPMI_SCRIPT"); my $mod_cpmi_script_9 = $master->transform("-v FW_MACHINE_1_IF_2 -d " +. $fw_machine_1->if_2 . " " . $master->work_dir . "\\$CPMI_SCRIPT"); my $mod_cpmi_script_10 = $master->transform("-v FW_MACHINE_1_MASK_2 -d + " . $fw_machine_1->mask_2 . " " . $master->work_dir . "\\$CPMI_SCRIP +T"); my $mod_cpmi_script_11 = $master->transform("-v SIC_NAME -d $DN " . $m +aster->work_dir . "\\$CPMI_SCRIPT"); QTL::force ((($mod_cpmi_script_2->number_of_transform eq "1") and ($mo +d_cpmi_script_3->number_of_transform eq "1") and ($mod_cpmi_script_4- +>number_of_transform eq "2") and ($mod_cpmi_script_5->number_of_trans +form eq "2") and ($mod_cpmi_script_6->number_of_transform eq "1") and + ($mod_cpmi_script_7->number_of_transform eq "1") and ($mod_cpmi_scri +pt_8->number_of_transform eq "1") and ($mod_cpmi_script_9->number_of_ +transform eq "1") and ($mod_cpmi_script_10->number_of_transform eq "1 +") and ($mod_cpmi_script_11->number_of_transform eq "1")), "Failed to + edit $CPMI_SCRIPT CPMI script!"); #---------------------------------- End of Step 5 -------------------- +---------------- $master->shell("sleep 5"); #------------------- Step 6 - Execute the CPMI Client ------------- #Execute the CPMI Client my $exec_cpmi_1 = $master->shell($master->aig_dir . "\\common\\bin\\Cp +miUI -o 1 " . $master->work_dir . "\\$CPMI_SCRIPT"); QTL::force ((($exec_cpmi_1->exitcode eq "0")), "Failed to run the Cpmi +UI with $CPMI_SCRIPT!"); #Check for a success my $exec_cpmi_2 = $master->find_str("-l \"Update and object and " . $f +w_machine_1->hostname_1 . " and succeeded\" " . $exec_cpmi_1->outfile +); QTL::force ((($exec_cpmi_2->result eq "success")), "Failed to create f +w_machine_1 via the CPMI!"); #----------------------------------- End of Step 6 ------------------- +--------------- #amos add #--------------------------------------------------------configure the + main cpmi scripts--------------------------------------------------- +------------------- #copy the main cpmi files to work directory my $main1 = $master->shell("cp " . $master->fb_db . "/fwconf/5.0/cpmi_ +scripts/main1.cpmi " . $master->work_dir . "/main1.cpmi"); QTL::force ((($main1->exitcode eq "0")), "Failed to copy main1->cpmi f +ile to master\'s work directory"); my $main2 = $master->shell("cp " . $master->fb_db . "/fwconf/5.0/cpmi_ +scripts/main2.cpmi " . $master->work_dir . "/main2.cpmi"); QTL::force ((($main2->exitcode eq "0")), "Failed to copy main2->cpmi f +ile to master\'s work directory"); my $main3 = $master->shell("cp " . $master->fb_db . "/fwconf/5.0/cpmi_ +scripts/main3.cpmi " . $master->work_dir . "/main3.cpmi"); QTL::force ((($main3->exitcode eq "0")), "Failed to copy main3->cpmi f +ile to master\'s work directory"); #configure the ip of internal network my $to_network1 = $master->shell("cp " . $master->fb_db . "/fwconf/5.0 +/files/to_network.pl " . $master->work_dir . "/to_network.pl"); QTL::force ((($to_network1->exitcode eq "0")), "Failed to copy to_netw +ork.pl file to master\'s work directory"); my $to_network2 = $master->shell("perl " . $master->work_dir . "/to_ne +twork.pl " . $fw_machine_1->ip_2); QTL::force ((($to_network2->exitcode eq "0")), "Failed to run to_netwo +rk.pl script"); my $to_network3 = $master->find_str("-reg (/(\\d+\\.\\d+\\.\\d+\\.\\d+ +)/) " . $to_network2->outfile); QTL::force ((($to_network3->result eq "success")), "Failed to get the +network ip!"); my $network_ip=$to_network3->dollar1; #-----start with transforms-------- my $to_network4 = $master->transform("-v NETWORK_IP -d $network_ip " . + $master->work_dir . "\\main1.cpmi"); QTL::force ((($to_network4->number_of_transform eq "1")), "Failed to u +pdate the network ip in main1->cpmi script!"); my $main4 = $master->transform("-v FW_MACHINE_1_HOSTNAME_1 -d " . $fw_ +machine_1->hostname_1 . " " . $master->work_dir . "\\main1.cpmi"); QTL::force ((($main4->result eq "success")), "Failed to update the fw_ +maachine_1 name in main1->cpmi script!"); my $main5 = $master->transform("-v FW_MACHINE_1_IP_1 -d " . $fw_machin +e_1->ip_1 . " " . $master->work_dir . "\\main1.cpmi"); QTL::force ((($main5->result eq "success")), "Failed to update the Fir +ewall management ip in main1->cpmi script!"); my $main6 = $master->transform("-v FW_MACHINE_1_IP_1 -d " . $fw_machin +e_1->ip_1 . " " . $master->work_dir . "\\main2.cpmi"); QTL::force ((($main6->result eq "success")), "Failed to update the Fir +ewall management ip in main2->cpmi script!"); my $main7 = $master->transform("-v FW_MACHINE_1_IP_1 -d " . $fw_machin +e_1->ip_1 . " " . $master->work_dir . "\\main3.cpmi"); QTL::force ((($main7->result eq "success")), "Failed to update the Fir +ewall management ip in main3->cpmi script!"); my $main8 = $master->transform("-v FW_HOST_1_HOSTNAME_1 -d " . $fw_hos +t_1->hostname_1 . " " . $master->work_dir . "\\main1.cpmi"); QTL::force ((($main8->result eq "success")), "Failed to update the fw_ +host_1 name in main1->cpmi script!"); my $main24 = $master->transform("-v FW_HOST_1_HOSTNAME_1 -d " . $fw_ho +st_1->hostname_1 . " " . $master->work_dir . "\\main2.cpmi"); QTL::force ((($main24->result eq "success")), "Failed to update the fw +_host_1 name in main2->cpmi script!"); my $main9 = $master->transform("-v FW_HOST_1_IP_1 -d " . $fw_host_1->i +p_1 . " " . $master->work_dir . "\\main1.cpmi"); QTL::force ((($main9->result eq "success")), "Failed to update the fw_ +host_1 ip in main1->cpmi script!"); my $main10 = $master->transform("-v FW_HOST_1_IP_1 -d " . $fw_host_1-> +ip_1 . " " . $master->work_dir . "\\main2.cpmi"); QTL::force ((($main10->result eq "success")), "Failed to update the fw +_host_1 ip in main2->cpmi script!"); my $main11 = $master->transform("-v FW_HOST_1_IP_1 -d " . $fw_host_1-> +ip_1 . " " . $master->work_dir . "\\main3.cpmi"); QTL::force ((($main11->result eq "success")), "Failed to update the fw +_host_1 ip in main3->cpmi script!"); my $main12 = $master->transform("-v HOST_1_HOSTNAME_1 -d " . $host_1-> +hostname_1 . " " . $master->work_dir . "\\main1.cpmi"); QTL::force ((($main12->result eq "success")), "Failed to update the ho +st_1 name in main1->cpmi script!"); my $main13 = $master->transform("-v HOST_1_HOSTNAME_1 -d " . $host_1-> +hostname_1 . " " . $master->work_dir . "\\main2.cpmi"); QTL::force ((($main13->result eq "success")), "Failed to update the ho +st_1 name in main2->cpmi script!"); my $main14 = $master->transform("-v HOST_1_HOSTNAME_1 -d " . $host_1-> +hostname_1 . " " . $master->work_dir . "\\main3.cpmi"); QTL::force ((($main14->result eq "success")), "Failed to update the ho +st_1 name in main3->cpmi script!"); my $main15 = $master->transform("-v HOST_1_IP_1 -d " . $host_1->ip_1 . + " " . $master->work_dir . "\\main1.cpmi"); QTL::force ((($main15->result eq "success")), "Failed to update the ho +st_1 ip in main1->cpmi script!"); my $main16 = $master->transform("-v HOST_1_IP_1 -d " . $host_1->ip_1 . + " " . $master->work_dir . "\\main2.cpmi"); QTL::force ((($main16->result eq "success")), "Failed to update the ho +st_1 name in main2->cpmi script!"); my $main17 = $master->transform("-v HOST_1_IP_1 -d " . $host_1->ip_1 . + " " . $master->work_dir . "\\main3.cpmi"); QTL::force ((($main17->result eq "success")), "Failed to update the ho +st_1 ip in main3->cpmi script!"); my $main18 = $master->transform("-v HOST_2_HOSTNAME_1 -d " . $host_2-> +hostname_1 . " " . $master->work_dir . "\\main1.cpmi"); QTL::force ((($main18->result eq "success")), "Failed to update the ho +st_1 name in main1->cpmi script!"); my $main19 = $master->transform("-v HOST_2_IP_1 -d " . $host_2->ip_1 . + " " . $master->work_dir . "\\main1.cpmi"); QTL::force ((($main19->result eq "success")), "Failed to update the ho +st_1 ip in main1->cpmi script!"); my $main20 = $master->transform("-v SIC_NAME -d $DN " . $master->work_ +dir . "\\main1.cpmi"); QTL::force (($main20->number_of_transform eq "1"), "Failed to update t +he DN in main1->cpmi script!"); my $main21 = $master->transform("-v SIC_NAME -d $DN " . $master->work_ +dir . "\\main2.cpmi"); QTL::force (($main21->number_of_transform eq "1"), "Failed to update t +he DN in main2->cpmi script!"); my $main22 = $master->transform("-v SIC_NAME -d $DN " . $master->work_ +dir . "\\main3.cpmi"); QTL::force (($main22->number_of_transform eq "1"), "Failed to update t +he DN in main3->cpmi script!"); my $main23 = $master->transform("-v mxname -d mail" . $host_1->hostnam +e_1 . " " . $master->work_dir . "\\main2.cpmi"); QTL::force (($main23->number_of_transform eq "1"), "Failed to update t +he host_1 mail name in main2->cpmi script!"); #------------------------------------------Execute the main cpmi scrip +ts--------------------------------- my $cpmi_exec_main1 = $master->shell($master->aig_dir . "\\common\\bin +\\CpmiUI -o 1 " . $master->work_dir . "\\main1.cpmi"); QTL::force (($cpmi_exec_main1->exitcode eq "0"), "Failed to run CpmiUI + with main1->cpmi script!"); my $look_for_success = $master->find_str("-l \"Update and object and s +ucceeded\" " . $cpmi_exec_main1->outfile); QTL::warn ((($look_for_success->number_of_lines_matched eq "43") or ($ +look_for_success->number_of_lines_matched eq "42")), "At least one ob +ject was not created successfully via CPMI with main1->cpmi!"); my $look_for_fail = $master->find_str("-l \"fail or Fail\" " . $cpmi_e +xec_main1->outfile); QTL::warn ((($look_for_fail->result eq "failure") or ($look_for_succes +s->number_of_lines_matched eq "42")), "At least one object was not cr +eated successfully via CPMI with main1->cpmi!"); my $cpmi_exec_main2 = $master->shell($master->aig_dir . "\\common\\bin +\\CpmiUI -o 1 " . $master->work_dir . "\\main2.cpmi"); QTL::force (($cpmi_exec_main2->exitcode eq "0"), "Failed to run CpmiUI + with main2->cpmi script!"); my $look_for_success2 = $master->find_str("-l \"Update and object and +succeeded\" " . $cpmi_exec_main2->outfile); QTL::warn (($look_for_success2->number_of_lines_matched eq "19"), "At +least one object was not created successfully via CPMI with main2->cp +mi!"); my $look_for_fail2 = $master->find_str("-l \"fail or Fail\" " . $cpmi_ +exec_main2->outfile); QTL::warn (($look_for_fail2->result eq "failure"), "At least one objec +t was not created successfully via CPMI with main2->cpmi!"); my $cpmi_exec_main3 = $master->shell($master->aig_dir . "\\common\\bin +\\CpmiUI -o 1 " . $master->work_dir . "\\main3.cpmi"); QTL::force (($cpmi_exec_main3->exitcode eq "0"), "Failed to run CpmiUI + with main3->cpmi script!"); my $look_for_success3 = $master->find_str("-l \"Update and object and +succeeded\" " . $cpmi_exec_main3->outfile); QTL::warn (($look_for_success3->number_of_lines_matched eq "22"), "At +least one object was not created successfully via CPMI with main3->cp +mi!"); my $look_for_fail3 = $master->find_str("-l \"fail or Fail\" " . $cpmi_ +exec_main3->outfile); QTL::warn (($look_for_fail3->result eq "failure"), "At least one objec +t was not created successfully via CPMI with main3->cpmi!"); #-------------------------------End of main cpmi scripts execution---- +---------------------------------------- #[POLICIES_CREATION] #Copy the policies CPMI files to work directory my $FW_POLICY_CPMI_FILE = "$FW_POLICY$CPMI_SUFFIX"; my $copy_policy = $master->shell("cp " . $master->fb_db . "\\fwconf\\5 +.0\\enfdb\\$FW_POLICY_CPMI_FILE " . $master->work_dir . "\\."); QTL::force ((($copy_policy->exitcode eq "0")), "Failed to pass $FW_POL +ICY_CPMI_FILE to master\'s work directory!"); my $transform_policy_1 = $master->transform("-v ADMIN_USERNAME -d $ADM +IN_USERNAME " . $master->work_dir . "\\$FW_POLICY_CPMI_FILE"); my $transform_policy_2 = $master->transform("-v ADMIN_PASSWORD -d $ADM +IN_PASSWORD " . $master->work_dir . "\\$FW_POLICY_CPMI_FILE"); my $transform_policy_3 = $master->transform("-v FW_MACHINE_1_IP_1 -d " + . $fw_machine_1->ip_1 . " " . $master->work_dir . "\\$FW_POLICY_CPMI +_FILE"); my $transform_policy_4 = $master->transform("-v SIC_NAME -d $DN " . $m +aster->work_dir . "\\$FW_POLICY_CPMI_FILE"); my $transform_policy_5 = $master->transform("-v \"step 24 0\" -d \"ste +p 24 1\" " . $master->work_dir . "\\$FW_POLICY_CPMI_FILE"); QTL::force (((($transform_policy_5->number_of_transform eq "1") and ($ +transform_policy_1->number_of_transform eq "1") and ($transform_polic +y_2->number_of_transform eq "1") and ($transform_policy_3->number_of_ +transform eq "1") and ($transform_policy_4->number_of_transform eq "1 +"))), "Failed to update $FW_POLICY_CPMI_FILE properly!"); my $cpmi_exec_policies = $master->shell($master->aig_dir . "\\common\\ +bin\\CpmiUI -o 1 " . $master->work_dir . "\\$FW_POLICY_CPMI_FILE"); QTL::force ((($cpmi_exec_policies->exitcode eq "0")), "Failed to run C +pmiUI with $FW_POLICY_CPMI_FILE script!"); #[\POLICIES_CREATION] #----------------------------------- Step 7 - clean up --------------- +-------- #Remove the CPMI administrator my $remove_admin_1 = $fw_machine_1->shell("\"" . $fw_machine_1->cpshar +ed_path . "\\bin\\cp_conf\" admin del $ADMIN_USERNAME"); QTL::warn (($remove_admin_1->exitcode eq "0"), "Failed to remove the C +PMI administrator!"); my $remove_admin_2 = $fw_machine_1->find_str("-l \"successfully\" " . +$remove_admin_1->outfile); QTL::warn (($remove_admin_2->result eq "success"), "CPMI administrator + may not be removed successfully!"); #Remove the GUI client my $remove_gui_cli_1 = $fw_machine_1->shell("cp_conf client del $MASTE +R_IP"); QTL::warn (($remove_gui_cli_1->exitcode eq "0"), "Failed to remove the + master\'s GUI client!"); my $remove_gui_cli_2 = $fw_machine_1->find_str("-l \"successfully\" " +. $remove_gui_cli_1->outfile); QTL::warn (($remove_gui_cli_2->result eq "success"), "Master\'s GUI cl +ient may not be removed successfully!"); #----------------------------------- End of Step 7 ------------------- +--------- ###################################################################### +######### ### + ### ### End of "Black Box" for configure standalone environment + ### ### + ### ###################################################################### +######### #[\STANDALOE_BLACKBOX] #put configuration files my $put2 = $fw_host_1->put_file("-o " . $master->fb_db . "/fwconf/5.0/ +files NetAPS_Template.conf.opsec to " . $fw_host_1->aig_dir . "/prod/ +fireball-1/conf NetAPS_Template.conf.opsec"); QTL::force ((($put2->result eq "success")), "Failed to pass file " . $ +master->fb_db . "/fwconf/5.0/files/NetAPS_Template.conf.opsec to fw_h +ost_1!"); my $put3 = $host_1->put_file("-o " . $master->fb_db . "/fwconf/5.0/fil +es NetAPS_Template.conf.opsec to " . $host_1->aig_dir . "/prod/fireba +ll-1/conf NetAPS_Template.conf.opsec"); QTL::force ((($put3->result eq "success")), "Failed to pass file " . $ +master->fb_db . "/fwconf/5.0/files/NetAPS_Template.conf.opsec to host +_1!"); my $put4 = $fw_host_1->put_file("-o " . $master->fb_db . "/fwconf/5.0/ +files NetAPS_Template.conf.smtp to " . $fw_host_1->aig_dir . "/prod/f +ireball-1/conf NetAPS_Template.conf.smtp"); QTL::force ((($put4->result eq "success")), "Failed to pass file " . $ +master->fb_db . "/fwconf/5.0/files/NetAPS_Template.conf.smtp to fw_ho +st_1!"); my $put5 = $host_1->put_file("-o " . $master->fb_db . "/fwconf/5.0/fil +es NetAPS_Template.conf.smtp to " . $host_1->aig_dir . "/prod/firebal +l-1/conf NetAPS_Template.conf.smtp"); QTL::force ((($put5->result eq "success")), "Failed to pass file " . $ +master->fb_db . "/fwconf/5.0/files/NetAPS_Template.conf.smtp to host_ +1!"); my $put6 = $fw_host_1->put_file("-o " . $master->fb_db . "/fwconf/5.0/ +files gfile to /tmp gfile"); QTL::force ((($put6->result eq "success")), "Failed to pass file " . $ +master->fb_db . "/fwconf/5.0/files/NetAPS_Template.conf.smtp to host_ +1!"); my $put7 = $host_1->put_file("-o " . $master->fb_db . "/fwconf/5.0/fil +es gfile to /tmp gfile"); QTL::force ((($put7->result eq "success")), "Failed to pass file " . $ +master->fb_db . "/fwconf/5.0/files/gfile to /tmp directory on host_1! +"); my $put10 = $host_1->put_file("-o " . $master->fb_db . "/fwconf/5.0/fi +les virustest.exe to /tmp virustest.exe"); QTL::force ((($put10->result eq "success")), $master->fb_db . "/fwconf +/5.0/files/virustest.exe to /tmp directory on host_1!"); my $put11 = $fw_host_1->put_file("-o " . $master->fb_db . "/fwconf/5.0 +/files virustest.exe to /tmp virustest.exe"); QTL::force ((($put11->result eq "success")), $master->fb_db . "/fwconf +/5.0/files/virustest.exe to /tmp directory on fw_host_1!"); my $put12 = $fw_host_1->put_file("-o " . $master->fb_db . "/fwconf/5.0 +/files SessionAgent to /tmp SessionAgent"); QTL::force ((($put12->result eq "success")), $master->fb_db . "/fwconf +/5.0/files/SessionAgent to /tmp directory on fw_host_1!"); my $chmod_sa = $fw_host_1->shell("chmod 777 /tmp/SessionAgent"); QTL::force ((($chmod_sa->exitcode eq "0")), "Failed to change the perm +issions of /tmp/SessionAgent directory of fw_host_1 to 777!"); my $load = $fw_machine_1->fwload("$FW_POLICY"); QTL::force ((($load->result eq "success")), "Failed to load $FW_POLICY + policy on the Fw module!"); $master->shell("sleep 2"); my $logswitch = $fw_machine_1->fwlogswitch(); QTL::warn ((($logswitch->result eq "success")), "fw logswitch command +on the Fw management Failed!"); #-------------------------------------------------------------end of S +tandardInit macro---------------------------------------------------- +----------------------------- ################################################### #fw-1 Auth ################################################### my $mca11 = $fw_machine_1->fwload("$FW_POLICY " . $fw_machine_1->hostn +ame_1); QTL::force (($mca11->result eq "success")); $master->shell("sleep 1"); my $mca21 = $fw_machine_1->fwlogswitch(); QTL::force (($mca21->result eq "success")); my $mca31 = $host_1->shell("-exec_mode async tcpdump -c 3 port 23 and +host " . $fw_host_1->ip_1); QTL::force ((($mca31->state eq "running")), "failed to start tcpdump o +n host_1"); my $mca41 = $fw_host_1->open_conn("-exec_timeout 60 -context opsec -ca +t -s " . $fw_machine_1->ip_1 . " -fu aa -fp aaaa -st 1"); QTL::force ((($mca41->result eq "success")), "failed to open connectio +n with user aa and auth server FireWall-1"); $master->shell("sleep 2"); my $mca51 = $fw_host_1->open_conn("-exec_timeout 60 -context opsec -c +telnet -s " . $host_1->ip_1 . " -su root -sp zubur"); QTL::force ((($mca51->result eq "success")), "failed to open connectio +n with user aa and auth server FireWall-1"); $master->shell("sleep 5"); my $mca61 = $fw_machine_1->checklog("-resolve -n 1 -query (action =~ a +uthorize and src =~ " . $fw_host_1->ip_1 . " and service =~ FW1_clnta +uth_telnet and user =~ aa and reason =~ FireWall-1 )"); QTL::warn ((($mca61->result eq "success")), "checklog failed to find a + log with user aa"); QTL::force ((($mca31->state eq "finished")), "tcpdump should be finish +ed on host_1 and it is not"); ##################################################### #Radius - Levingston auth ##################################################### $host_2->shell("ka radius"); $master->shell("sleep 2"); $host_2->shell("/etc/init.d/radius start"); $master->shell("sleep 2"); my $mca12 = $fw_machine_1->fwload("$FW_POLICY " . $fw_machine_1->hostn +ame_1); QTL::force (($mca12->result eq "success")); $master->shell("sleep 1"); my $mca22 = $fw_machine_1->fwlogswitch(); QTL::force (($mca22->result eq "success")); my $mca32 = $host_1->shell("-exec_mode async tcpdump -c 3 port 23 and +host " . $fw_host_1->ip_1); QTL::force ((($mca32->state eq "running")), "failed to start tcpdump o +n host_1"); my $mca42 = $fw_host_1->open_conn("-exec_timeout 60 -context opsec -ca +t -s " . $fw_machine_1->ip_1 . " -fu raa -fp aa -st 1"); QTL::force ((($mca42->result eq "success")), "failed to open connectio +n with user raa and auth server RADIUS"); $master->shell("sleep 2"); my $mca52 = $fw_host_1->open_conn("-exec_timeout 60 -context opsec -c +telnet -s " . $host_1->ip_1 . " -su root -sp zubur"); QTL::force ((($mca52->result eq "success")), "failed to open connectio +n with user raa and auth server RADIUS"); $master->shell("sleep 5"); my $mca62 = $fw_machine_1->checklog("-resolve -n 1 -query (action =~ a +uthorize and src =~ " . $fw_host_1->ip_1 . " and service =~ FW1_clnta +uth_telnet and user =~ raa and reason =~ RADIUS )"); QTL::warn ((($mca62->result eq "success")), "checklog failed to find a + log with user raa"); QTL::force ((($mca32->state eq "finished")), "tcpdump should be finish +ed on host_1 and it is not"); ############################################################## #Radius - Funk telnet ############################################################## $host_2->shell("/etc/init.d/radius stop"); $master->shell("sleep 2"); $host_2->shell("/etc/rc2.d/S90radius start"); $master->shell("sleep 4"); my $mca13 = $fw_machine_1->fwload("$FW_POLICY " . $fw_machine_1->hostn +ame_1); QTL::force (($mca13->result eq "success")); $master->shell("sleep 1"); my $mca23 = $fw_machine_1->fwlogswitch(); QTL::force (($mca23->result eq "success")); my $mca33 = $host_1->shell("-exec_mode async tcpdump -c 3 port 80 and +host " . $fw_host_1->ip_1); QTL::force ((($mca33->state eq "running")), "failed to start tcpdump o +n host_1"); my $mca43 = $fw_host_1->open_conn("-exec_timeout 60 -context opsec -ca +h -s " . $fw_machine_1->ip_1 . " -fu funkyfish -fp aa -st 1"); QTL::force ((($mca43->result eq "success")), "failed to open connectio +n with user funkyfish and auth server RADIUS"); $master->shell("sleep 2"); my $mca53 = $fw_host_1->open_conn("-exec_timeout 60 -context opsec -c +httpstress -s " . $host_1->ip_1 . " -p /index.html -su root -sp zubur +"); QTL::force ((($mca53->result eq "success")), "failed to open connectio +n with user funkyfish and auth server RADIUS"); $master->shell("sleep 5"); my $mca63 = $fw_machine_1->checklog("-resolve -n 1 -query (action =~ a +uthorize and src =~ " . $fw_host_1->ip_1 . " and service =~ FW1_clnta +uth_http and user =~ funkyfish and reason =~ RADIUS )"); QTL::warn ((($mca63->result eq "success")), "checklog failed to find a + log with user funkyfish"); QTL::force ((($mca33->state eq "finished")), "tcpdump should be finish +ed on host_1 and it is not"); $host_2->shell("/etc/init.d/radius stop"); ####################################################### #IAS (MS-RADIUS) ####################################################### my $mca14 = $fw_machine_1->fwload("$FW_POLICY " . $fw_machine_1->hostn +ame_1); QTL::force (($mca14->result eq "success")); $master->shell("sleep 1"); my $mca24 = $fw_machine_1->fwlogswitch(); QTL::force (($mca24->result eq "success")); my $mca34 = $host_1->shell("-exec_mode async tcpdump -c 3 port 80 and +host " . $fw_host_1->ip_1); QTL::force ((($mca34->state eq "running")), "failed to start tcpdump o +n host_1"); my $mca44 = $fw_host_1->open_conn("-exec_timeout 60 -context opsec -ca +h -s " . $fw_machine_1->ip_1 . " -fu bill -fp gates -st 1"); QTL::force ((($mca44->result eq "success")), "failed to open connectio +n with user bill and auth server RADIUS"); $master->shell("sleep 2"); my $mca54 = $fw_host_1->open_conn("-exec_timeout 60 -context opsec -c +httpstress -s " . $host_1->ip_1 . " -p /index.html -su root -sp zubur +"); QTL::force ((($mca54->result eq "success")), "failed to open connectio +n with user bill and auth server RADIUS"); $master->shell("sleep 5"); my $mca64 = $fw_machine_1->checklog("-resolve -n 1 -query (action =~ a +uthorize and src =~ " . $fw_host_1->ip_1 . " and service =~ FW1_clnta +uth_http and user =~ bill and reason =~ RADIUS )"); QTL::warn ((($mca64->result eq "success")), "checklog failed to find a + log with user bill"); QTL::force ((($mca34->state eq "finished")), "tcpdump should be finish +ed on host_1 and it is not"); ############################################################# #TACACS UDP auth ############################################################# my $mca15 = $fw_machine_1->fwload("$FW_POLICY " . $fw_machine_1->hostn +ame_1); QTL::force (($mca15->result eq "success")); $master->shell("sleep 1"); my $mca25 = $fw_machine_1->fwlogswitch(); QTL::force (($mca25->result eq "success")); my $mca35 = $host_1->shell("-exec_mode async tcpdump -c 3 port 21 and +host " . $fw_host_1->ip_1); QTL::force ((($mca35->state eq "running")), "failed to start tcpdump o +n host_1"); my $mca45 = $fw_host_1->open_conn("-exec_timeout 60 -context opsec -ca +h -s " . $fw_machine_1->ip_1 . " -fu taca -fp taca -st 1"); QTL::force ((($mca45->result eq "success")), "failed to open connectio +n with user taca and auth server TACACS"); $master->shell("sleep 2"); my $mca55 = $fw_host_1->open_conn("-exec_timeout 60 -context opsec -c +ftp -s " . $host_1->ip_1 . " -remote_file /etc/hosts -su root -sp zub +ur"); QTL::force ((($mca55->result eq "success")), "failed to open connectio +n with user taca and auth server TACACS"); $master->shell("sleep 5"); my $mca75 = $fw_machine_1->checklog("-resolve -n 1 -query (action =~ a +uthorize and src =~ " . $fw_host_1->ip_1 . " and service =~ FW1_clnta +uth_http and user =~ taca and reason =~ TACACS)"); QTL::warn ((($mca75->result eq "success")), "checklog failed to find a + log with user taca"); QTL::force ((($mca35->state eq "finished")), "tcpdump should be finish +ed on host_1 and it is not"); ############################################################ #TACACS PLUS auth ############################################################ my $mca16 = $fw_machine_1->fwload("$FW_POLICY " . $fw_machine_1->hostn +ame_1); QTL::force (($mca16->result eq "success")); $master->shell("sleep 1"); my $mca26 = $fw_machine_1->fwlogswitch(); QTL::force (($mca26->result eq "success")); my $mca36 = $host_1->shell("-exec_mode async tcpdump -c 3 port 21 and +host " . $fw_host_1->ip_1); QTL::force ((($mca36->state eq "running")), "failed to start tcpdump o +n host_1"); my $mca46 = $fw_host_1->open_conn("-exec_timeout 60 -context opsec -ca +h -s " . $fw_machine_1->ip_1 . " -fu tacap -fp tacap -st 1"); QTL::force ((($mca46->result eq "success")), "failed to open connectio +n with user tacap and auth server TACACS"); $master->shell("sleep 2"); my $mca56 = $fw_host_1->open_conn("-exec_timeout 60 -context opsec -c +ftp -s " . $host_1->ip_1 . " -remote_file /etc/hosts -su root -sp zub +ur"); QTL::force ((($mca56->result eq "success")), "failed to open connectio +n with user tacap and auth server TACACS"); $master->shell("sleep 5"); my $mca76 = $fw_machine_1->checklog("-resolve -n 1 -query (action =~ a +uthorize and src =~ " . $fw_host_1->ip_1 . " and service =~ FW1_clnta +uth_http and user =~ tacap and reason =~ TACACS)"); QTL::warn ((($mca76->result eq "success")), "checklog failed to find a + log with user tacap"); QTL::force ((($mca36->state eq "finished")), "tcpdump should be finish +ed on host_1 and it is not"); ########################################################### #Secure ID auth ########################################################### #TELNET_OPEN_CONN_MANUAL_CLIENT_AUTH(7,amos,1111,SecurID,finished,succ +ess,accept) ###################################################################### +############################################################### #NOW TRY TO CONNECT WITH WRONG PASSWORD. ###################################################################### +############################################################### ################################################### #fw-1 Auth ################################################### my $mca18 = $fw_machine_1->fwload("$FW_POLICY " . $fw_machine_1->hostn +ame_1); QTL::force (($mca18->result eq "success")); $master->shell("sleep 1"); my $mca28 = $fw_machine_1->fwlogswitch(); QTL::force (($mca28->result eq "success")); my $mca38 = $host_1->shell("-exec_mode async tcpdump -c 3 port 23 and +host " . $fw_host_1->ip_1); QTL::force ((($mca38->state eq "running")), "failed to start tcpdump o +n host_1"); my $mca48 = $fw_host_1->open_conn("-exec_timeout 60 -context opsec -ca +t -s " . $fw_machine_1->ip_1 . " -fu aa -fp abcd -st 1"); QTL::force ((($mca48->result eq "failure")), "failed to open connectio +n with user aa and auth server FireWall-1"); $master->shell("sleep 2"); my $mca58 = $fw_host_1->open_conn("-exec_timeout 60 -context opsec -c +telnet -s " . $host_1->ip_1 . " -su root -sp zubur"); QTL::force ((($mca58->result eq "failure")), "failed to open connectio +n with user aa and auth server FireWall-1"); $master->shell("sleep 5"); my $mca68 = $fw_machine_1->checklog("-resolve -n 1 -query (action =~ a +uthorize and src =~ " . $fw_host_1->ip_1 . " and service =~ FW1_clnta +uth_telnet and user =~ aa and reason =~ FireWall-1 )"); QTL::warn ((($mca68->result eq "failure")), "checklog failed to find a + log with user aa"); QTL::force ((($mca38->state eq "running")), "tcpdump should be running + on host_1 and it is not"); ##################################################### #Radius - Levingston auth ##################################################### $host_2->shell("ka radius"); $master->shell("sleep 2"); $host_2->shell("/etc/init.d/radius start"); $master->shell("sleep 2"); my $mca19 = $fw_machine_1->fwload("$FW_POLICY " . $fw_machine_1->hostn +ame_1); QTL::force (($mca19->result eq "success")); $master->shell("sleep 1"); my $mca29 = $fw_machine_1->fwlogswitch(); QTL::force (($mca29->result eq "success")); my $mca39 = $host_1->shell("-exec_mode async tcpdump -c 3 port 23 and +host " . $fw_host_1->ip_1); QTL::force ((($mca39->state eq "running")), "failed to start tcpdump o +n host_1"); my $mca49 = $fw_host_1->open_conn("-exec_timeout 60 -context opsec -ca +t -s " . $fw_machine_1->ip_1 . " -fu raa -fp abcd -st 1"); QTL::force ((($mca49->result eq "failure")), "failed to open connectio +n with user raa and auth server RADIUS"); $master->shell("sleep 2"); my $mca59 = $fw_host_1->open_conn("-exec_timeout 60 -context opsec -c +telnet -s " . $host_1->ip_1 . " -su root -sp zubur"); QTL::force ((($mca59->result eq "failure")), "failed to open connectio +n with user raa and auth server RADIUS"); $master->shell("sleep 5"); my $mca69 = $fw_machine_1->checklog("-resolve -n 1 -query (action =~ a +uthorize and src =~ " . $fw_host_1->ip_1 . " and service =~ FW1_clnta +uth_telnet and user =~ raa and reason =~ RADIUS )"); QTL::warn ((($mca69->result eq "failure")), "checklog failed to find a + log with user raa"); QTL::force ((($mca39->state eq "running")), "tcpdump should be running + on host_1 and it is not"); ############################################################## #Radius - Funk telnet ############################################################## $host_2->shell("/etc/init.d/radius stop"); $master->shell("sleep 2"); $host_2->shell("/etc/rc2.d/S90radius start"); $master->shell("sleep 4"); my $mca110 = $fw_machine_1->fwload("$FW_POLICY " . $fw_machine_1->host +name_1); QTL::force (($mca110->result eq "success")); $master->shell("sleep 1"); my $mca210 = $fw_machine_1->fwlogswitch(); QTL::force (($mca210->result eq "success")); my $mca310 = $host_1->shell("-exec_mode async tcpdump -c 3 port 80 and + host " . $fw_host_1->ip_1); QTL::force ((($mca310->state eq "running")), "failed to start tcpdump +on host_1"); my $mca410 = $fw_host_1->open_conn("-exec_timeout 60 -context opsec -c +ah -s " . $fw_machine_1->ip_1 . " -fu funkyfish -fp abcd -st 1"); QTL::force ((($mca410->result eq "failure")), "failed to open connecti +on with user funkyfish and auth server RADIUS"); $master->shell("sleep 2"); my $mca510 = $fw_host_1->open_conn("-exec_timeout 60 -context opsec -c + httpstress -s " . $host_1->ip_1 . " -p /index.html -su root -sp zubu +r"); QTL::force ((($mca510->result eq "failure")), "failed to open connecti +on with user funkyfish and auth server RADIUS"); $master->shell("sleep 5"); my $mca610 = $fw_machine_1->checklog("-resolve -n 1 -query (action =~ +authorize and src =~ " . $fw_host_1->ip_1 . " and service =~ FW1_clnt +auth_http and user =~ funkyfish and reason =~ RADIUS )"); QTL::warn ((($mca610->result eq "failure")), "checklog failed to find +a log with user funkyfish"); QTL::force ((($mca310->state eq "running")), "tcpdump should be runnin +g on host_1 and it is not"); $host_2->shell("/etc/init.d/radius stop"); ####################################################### #IAS (MS-RADIUS) ####################################################### my $mca111 = $fw_machine_1->fwload("$FW_POLICY " . $fw_machine_1->host +name_1); QTL::force (($mca111->result eq "success")); $master->shell("sleep 1"); my $mca211 = $fw_machine_1->fwlogswitch(); QTL::force (($mca211->result eq "success")); my $mca311 = $host_1->shell("-exec_mode async tcpdump -c 3 port 80 and + host " . $fw_host_1->ip_1); QTL::force ((($mca311->state eq "running")), "failed to start tcpdump +on host_1"); my $mca411 = $fw_host_1->open_conn("-exec_timeout 60 -context opsec -c +ah -s " . $fw_machine_1->ip_1 . " -fu bill -fp abcd -st 1"); QTL::force ((($mca411->result eq "failure")), "failed to open connecti +on with user bill and auth server RADIUS"); $master->shell("sleep 2"); my $mca511 = $fw_host_1->open_conn("-exec_timeout 60 -context opsec -c + httpstress -s " . $host_1->ip_1 . " -p /index.html -su root -sp zubu +r"); QTL::force ((($mca511->result eq "failure")), "failed to open connecti +on with user bill and auth server RADIUS"); $master->shell("sleep 5"); my $mca611 = $fw_machine_1->checklog("-resolve -n 1 -query (action =~ +authorize and src =~ " . $fw_host_1->ip_1 . " and service =~ FW1_clnt +auth_http and user =~ bill and reason =~ RADIUS )"); QTL::warn ((($mca611->result eq "failure")), "checklog failed to find +a log with user bill"); QTL::force ((($mca311->state eq "running")), "tcpdump should be runnin +g on host_1 and it is not"); ############################################################# #TACACS UDP auth ############################################################# my $mca112 = $fw_machine_1->fwload("$FW_POLICY " . $fw_machine_1->host +name_1); QTL::force (($mca112->result eq "success")); $master->shell("sleep 1"); my $mca212 = $fw_machine_1->fwlogswitch(); QTL::force (($mca212->result eq "success")); my $mca312 = $host_1->shell("-exec_mode async tcpdump -c 3 port 21 and + host " . $fw_host_1->ip_1); QTL::force ((($mca312->state eq "running")), "failed to start tcpdump +on host_1"); my $mca412 = $fw_host_1->open_conn("-exec_timeout 60 -context opsec -c +ah -s " . $fw_machine_1->ip_1 . " -fu taca -fp abcd -st 1"); QTL::force ((($mca412->result eq "failure")), "failed to open connecti +on with user taca and auth server TACACS"); $master->shell("sleep 2"); my $mca512 = $fw_host_1->open_conn("-exec_timeout 60 -context opsec -c + ftp -s " . $host_1->ip_1 . " -remote_file /etc/hosts -su root -sp zu +bur"); QTL::force ((($mca512->result eq "failure")), "failed to open connecti +on with user taca and auth server TACACS"); $master->shell("sleep 5"); my $mca712 = $fw_machine_1->checklog("-resolve -n 1 -query (action =~ +authorize and src =~ " . $fw_host_1->ip_1 . " and service =~ FW1_clnt +auth_http and user =~ taca and reason =~ TACACS)"); QTL::warn ((($mca712->result eq "failure")), "checklog failed to find +a log with user taca"); QTL::force ((($mca312->state eq "running")), "tcpdump should be runnin +g on host_1 and it is not"); ############################################################ #TACACS PLUS auth ############################################################ my $mca113 = $fw_machine_1->fwload("$FW_POLICY " . $fw_machine_1->host +name_1); QTL::force (($mca113->result eq "success")); $master->shell("sleep 1"); my $mca213 = $fw_machine_1->fwlogswitch(); QTL::force (($mca213->result eq "success")); my $mca313 = $host_1->shell("-exec_mode async tcpdump -c 3 port 21 and + host " . $fw_host_1->ip_1); QTL::force ((($mca313->state eq "running")), "failed to start tcpdump +on host_1"); my $mca413 = $fw_host_1->open_conn("-exec_timeout 60 -context opsec -c +ah -s " . $fw_machine_1->ip_1 . " -fu tacap -fp abcd -st 1"); QTL::force ((($mca413->result eq "failure")), "failed to open connecti +on with user tacap and auth server TACACS"); $master->shell("sleep 2"); my $mca513 = $fw_host_1->open_conn("-exec_timeout 60 -context opsec -c + ftp -s " . $host_1->ip_1 . " -remote_file /etc/hosts -su root -sp zu +bur"); QTL::force ((($mca513->result eq "failure")), "failed to open connecti +on with user tacap and auth server TACACS"); $master->shell("sleep 5"); my $mca713 = $fw_machine_1->checklog("-resolve -n 1 -query (action =~ +authorize and src =~ " . $fw_host_1->ip_1 . " and service =~ FW1_clnt +auth_http and user =~ tacap and reason =~ TACACS)"); QTL::warn ((($mca713->result eq "failure")), "checklog failed to find +a log with user tacap"); QTL::force ((($mca313->state eq "running")), "tcpdump should be runnin +g on host_1 and it is not"); ########################################################### #Secure ID auth ########################################################### #TELNET_OPEN_CONN_MANUAL_CLIENT_AUTH(14,amos,abcd,SecurID,running,fail +ure,reject) #[CONFIGURATION_FILES] #fwconf/5.0/enfdb/clau001.W.cpmi #fwconf/5.0/enfdb/clau002.W.cpmi #fwconf/5.0/enfdb/clau003.W.cpmi #fwconf/5.0/enfdb/clau004.W.cpmi #fwconf/5.0/enfdb/clau001.W.cpmi #fwconf/5.0/enfdb/clau001.W.cpmi #fwconf/5.0/enfdb/clau008.W.cpmi #fwconf/5.0/enfdb/clau010.W.cpmi #fwconf/5.0/enfdb/doauth001.W.cpmi #fwconf/5.0/enfdb/transerv005.W.cpmi #fwconf/5.0/enfdb/transerv007.W.cpmi #fwconf/5.0/enfdb/transerv009.W.cpmi #fwconf/5.0/enfdb/transerv012.W.cpmi #fwconf/5.0/enfdb/usau001.W.cpmi #fwconf/5.0/enfdb/usau004.W.cpmi #fwconf/5.0/enfdb/usau007.W.cpmi #fwconf/5.0/enfdb/seau001.W.cpmi #fwconf/5.0/enfdb/seau002.W.cpmi #fwconf/5.0/enfdb/seau003.W.cpmi #fwconf/5.0/cpmi_scripts/authstrm002.cpmi #fwconf/5.0/standalone/standalone_setup.cpmi #fwconf/5.0/standalone/defaultfilter.pf #fwconf/5.0/cpmi_scripts/main1.cpmi #fwconf/5.0/cpmi_scripts/main2.cpmi #fwconf/5.0/cpmi_scripts/main3.cpmi #fwconf/5.0/cpmi_scripts/predefined.cpmi #fwconf/5.0/files/to_network.pl #fwconf/5.0/files/NetAPS_Template.conf.opsec #fwconf/5.0/files/NetAPS_Template.conf.smtp #fwconf/5.0/files/NetAPS_Template.conf.waitMode #fwconf/5.0/files/gfile #fwconf/5.0/files/discard #fwconf/5.0/files/virustest.exe #fwconf/5.0/files/SessionAgent #[/CONFIGURATION_FILES]

In reply to Re: Re: Finding duplicated code in Perl by shushu
in thread Finding duplicated code in Perl by shushu

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post; it's "PerlMonks-approved HTML":



  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • Outside of code tags, you may need to use entities for some characters:
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.
  • Log In?
    Username:
    Password:

    What's my password?
    Create A New User
    Chatterbox?
    and the web crawler heard nothing...

    How do I use this? | Other CB clients
    Other Users?
    Others romping around the Monastery: (3)
    As of 2014-10-25 07:19 GMT
    Sections?
    Information?
    Find Nodes?
    Leftovers?
      Voting Booth?

      For retirement, I am banking on:










      Results (142 votes), past polls