Scripting SSH sessions with PA or XML api library for python

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Scripting SSH sessions with PA or XML api library for python

Not applicable

(  All scripts mentioned are in python with pexpect and none store passwords or creds.)

Starting this thread to gather interest level in the following....

1.  Any interest in an interactive ssh library for python with the PAs....?

2.  I have written a python library with various functionality, and most of it is with interactive ssh sessions.  I would be happy to post here, given there is enough interest of course.

The library is based on python with the pexpect module and I have used it to perform the following functions:

1.  Send a text file containing a list of commands to pa

2.  configure a base configuration to PA firewalls

3.  change passwords

4.  perform software upgrades

5.  Audit the firewalls.

6.  Gather operational stats.

7.  Test login credentials against a list of firewalls

8.  Configure 100s of panorama objects given a list.

If there is enough interest, I will post the library here with example scripts, just let me know.

Thanks,

@bteedub

UPDATE: I've added the pascripting.py lib to this post, I still need to write a help function, which I'll write and update the pascripting.py file later.  To use the functions, add "from pascripting import *" to the top of your script.  I've also included a couple of samples which use the library.  One of them is a script that will upgrade a firewall from a version of software up to a given "standard version"  another one has been used to test pa logins from a list.  NOTE that not all of these samples completely utilize the library, but they are pretty decent examples of how you can use pexpect and python to automate things if you're interested in that kind of thing.

testPaLogin.py will test logging into the PA with a given set of credentials, this is great if you have a lot of firewalls that you want to test the admin password on to make sure it has been changed.

painit.py - will be posted later, but is a completely automated script to configure a firewall from a base configuration file that has wildcards for site specific things.  This pretty much uses all of the functions in the scripting library, I need to comment it better before posting. 

generateSiteConfig.py - will be posted later, but is used in painit.py to generate a site specific paconfig that contains everything from one of the base configs.

3 REPLIES 3

Not applicable

I would be interested in taking a look at the library.

Hello reubeng,

I posted the library, and a testPaLogin script that utilizes just the connectToFirewall function.  I will be posting some other things that have more examples of what can be done with it soon, just need to clean up the scripts, and make sure they are commented to the level that they should be.

Thanks,

Brandon

L4 Transporter

I would be interested in the auditing part.

  • 4817 Views
  • 3 replies
  • 1 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!