cosimo/cloudpassage_zone_update.py

## cloudpassage_zone_update.py
#!/usr/bin/env python
# encoding: utf-8

"""
Update an existing Cloudpassage FirewallZone from an external list of IPs
Wanted to use this to block abusive IPs, then I made this work and
realized it only accepts max 6000 characters, which in practice translates
to ~400 IP addresses, so it's probably not worth using in any case.

Usage:

    cloudpassage_zone_update.py <ip_list_filename>
"""

import sys

import cloudpassage
from pprint import pprint

#
# Cloudpassage settings
#
api_key = "<API_KEY>"
api_secret = "<API_SECRET>"

# Check firewall zones at https://portal.cloudpassage.com/firewall_zones
# It's nearly impossible to find in the UI
autoban_zone_id = "<FIREWALL_ZONE_ID>"

# Load an external list of IP addressed from a file
# This would typically be fed by fail2ban or similar mechanism
try:
    ip_list_file = sys.argv[1]
except IndexError:
    print("Usage " + sys.argv[0] + " <list-file>")
    sys.exit(1)


with open(ip_list_file, 'r') as ip_list_fh:
    ip_list = map(lambda s: s.replace("\n", ""), ip_list_fh.readlines())

    # IP address list can't be longer than 6000 characters for cloudpassage ...
    ip_list = ip_list[:300]


print("Loaded ip list of " + str(len(ip_list)) + " elements")
#print(",".join(ip_list))

session = cloudpassage.HaloSession(api_key, api_secret)
zone = cloudpassage.FirewallZone(session)

"""
Example of FirewallZone object:
    {u'description': u'',
     u'group_id': u'xxx',
     u'group_name': u'xxx',
     u'id': u'<zone-id-to-be-used-as-object-key>',
     u'ip_address': u'1.2.3.4,5.6.7.8,...',
     u'name': u'Automatic IP ban zone',
     u'shared': False,
     u'system': False,
     u'url': u'https://api.cloudpassage.com/v1/firewall_zones/xxx',
     u'used_by': [{u'id': u'xxx',
                   u'name': u'Name'}]}
"""
#autoban_zone = zone.describe(autoban_zone_id)

autoban_zone_update = {
    'firewall_zone': {
        'id': autoban_zone_id,
        'ip_address': ','.join(ip_list),
    }
}

# No result comes back from the update if successful
zone.update(autoban_zone_update)
	#!/usr/bin/env python
	# encoding: utf-8

	"""
	Update an existing Cloudpassage FirewallZone from an external list of IPs
	Wanted to use this to block abusive IPs, then I made this work and
	realized it only accepts max 6000 characters, which in practice translates
	to ~400 IP addresses, so it's probably not worth using in any case.

	Usage:

	cloudpassage_zone_update.py <ip_list_filename>
	"""

	import sys

	import cloudpassage
	from pprint import pprint

	#
	# Cloudpassage settings
	#
	api_key = "<API_KEY>"
	api_secret = "<API_SECRET>"

	# Check firewall zones at https://portal.cloudpassage.com/firewall_zones
	# It's nearly impossible to find in the UI
	autoban_zone_id = "<FIREWALL_ZONE_ID>"

	# Load an external list of IP addressed from a file
	# This would typically be fed by fail2ban or similar mechanism
	try:
	ip_list_file = sys.argv[1]
	except IndexError:
	print("Usage " + sys.argv[0] + " <list-file>")
	sys.exit(1)


	with open(ip_list_file, 'r') as ip_list_fh:
	ip_list = map(lambda s: s.replace("\n", ""), ip_list_fh.readlines())

	# IP address list can't be longer than 6000 characters for cloudpassage ...
	ip_list = ip_list[:300]


	print("Loaded ip list of " + str(len(ip_list)) + " elements")
	#print(",".join(ip_list))

	session = cloudpassage.HaloSession(api_key, api_secret)
	zone = cloudpassage.FirewallZone(session)

	"""
	Example of FirewallZone object:
	{u'description': u'',
	u'group_id': u'xxx',
	u'group_name': u'xxx',
	u'id': u'<zone-id-to-be-used-as-object-key>',
	u'ip_address': u'1.2.3.4,5.6.7.8,...',
	u'name': u'Automatic IP ban zone',
	u'shared': False,
	u'system': False,
	u'url': u'https://api.cloudpassage.com/v1/firewall_zones/xxx',
	u'used_by': [{u'id': u'xxx',
	u'name': u'Name'}]}
	"""
	#autoban_zone = zone.describe(autoban_zone_id)

	autoban_zone_update = {
	'firewall_zone': {
	'id': autoban_zone_id,
	'ip_address': ','.join(ip_list),
	}
	}

	# No result comes back from the update if successful
	zone.update(autoban_zone_update)