-
Notifications
You must be signed in to change notification settings - Fork 0
/
fiantoduri.sh
266 lines (227 loc) · 5.98 KB
/
fiantoduri.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
#!/bin/bash
########## Info ##########
# Backup Fortinet Router Config
# This script allow you to create Fortinet configs backups,download,rotate, cipher and
# upload them to github or artifactory repository. Using a HOPPER to connect to the Frotinet Server.
#Code by: jjavieralv
# Version: 0.1v
######### GLOBAL VARIABLES #########
#Dependencies
DEPENDENCIES=(ssh expect netcat zip openssl)
######### INDIVIDUAL FUNCTIONS #########
##### DECLARE CONFIG VARIABLES #####
function variables_github(){
# GitHub variables
GITHUB_REPO=
GITHUB_USER=
GITHUB_MAIL=
GITHUB_KEY_ROUTE=
GITHUB_KEY_PASS=
}
function variables_cipher(){
# Cipher config
## use symetric(0) or asymetric(with pass(default))(1)
CIPHER_TYPE=0
CYPHER_SYMETRIC_PASS=
## if you want to use an asymetric pass
CIPHER_ASYMETRIC_KEY_ROUTE=
CIPHER_ASYMETRIC_KEY_PASS=
}
function variables_fortinet(){
#Fortinet values
FORTINET_USER=
## use pass(0) or use private key(with pass)(1)
FORTINET_ACCESS_METHOD=0
FORTINET_PASS=
FORTINET_KEY_ROUTE=
FORTINET_KEY_PASS=
FORTINET_IP=
FORTINET_PORT=
FORTINET_CONFIG_ROUTE=
}
function variables_hopper(){
#HOPPER credentials
HOPPER_IP=
HOPPER_SSH_PORT=
HOPPER_LOCAL_PORT=
HOPPER_USER=
HOPPER_PASS=
HOPPER_KEY_ROUTE=
HOPPER_KEY_PASS=
}
function variables_general(){
LOCAL_CONFIG_FORTI_ROUTE=
}
##### GRAPHICAL FUNCTIONS #####
function red_messages() {
#crittical and error messages
echo -e "\033[31m$1\e[0m"
}
function green_messages() {
#starting functions and OK messages
echo -e "\033[32m$1\e[0m"
}
function magenta_messages(){
#what part which is executting
echo -e "\e[45m$1\e[0m"
}
#### CONNECTIVITY FUNCTIONS #####
function install_dependencies(){
echo -e "Installing $1"
sudo apt install "$1" -y
if [[ $? -eq 0 ]];then
green_messages "$1 installed correctly"
else
red_messages "Not able to install $1. Exiting"
exit 20
fi
}
function check_dependencies(){
echo -e "\n"
magenta_messages "### Checking dependencies ###"
for i in ${DEPENDENCIES[@]}; do
which $i >/dev/null
if [[ $? -eq 0 ]];then
green_messages " $i is installed "
else
red_messages "$i is not installed"
install_dependencies "$i"
fi
done
}
function create_ssh_tunel(){
# $1 localport to be redirected
# $2 fortinet IP
# $3 fortinet ssh PORT
# $4 HOPPER USER
# $5 HOPPER IP
# $6 HOPPER PORT
# FIRST YOU MUST ADD YOUR SSHCERT
echo -e "\n"
magenta_messages "### Starting SSH tunel ###"
# starting the tunnel (if no other process uses the tunel in 10s,
# closes automatically)
ssh -o "StrictHostKeyChecking no" -L $1:$2:$3 -f $4@$5 -p $6 sleep 10
echo aaaa
}
function add_ssh_key(){
# $1 SSH key route
# $2 SSH key pass
echo -e "\n"
magenta_messages "### Add private ssh key ###"
echo "ROUTE: $1"
eval `ssh-agent -s`
expect << EOF
spawn ssh-add $1
expect "Enter passphrase"
send "$2\r"
expect eof
EOF
}
function check_connectivity(){
#Wait an array with the ip and port whitespaced. Ej: check_connectivity "ip1 port1" "ip2 port2"
echo -e "\n"
magenta_messages "### Checking connectivity ###"
for i in "$@";do
echo "Checking connectivity with: $i"
nc -z -v "${i% *}" "${i#* }"
if [[ $? -ne 0 ]];then
red_messages "No connectivity with $i. Exiting"
exit
fi
shift
done
}
function download_file_scp(){
# $1 pass type (0 symetric 1 asymetric)
# $2 server port
# $3 server user
# $4 server ip
# $5 server file route
# $6 local route to download
echo -e "\n"
magenta_messages "### Download Forti Backup ###"
if [[ $1 -eq 0 ]];then
echo "parsing ssh user pass"
expect << EOF
spawn scp -P ${2} ${3}@${4}:${5} ${6}
expect {
"continue" { send "yes\n"; exp_continue }
"assword:" { send "${7}\n"; }
}
expect eof
EOF
if [[ $? -ne 0 ]];then
red_messages "Something went wrong with scp. Exiting"
exit 30
fi
else
echo "using asymetric pass(must be added before)"
expect << EOF
spawn scp -P ${2} ${3}@${4}:${5} ${6}
expect {
"continue" { send "yes\n"; exp_continue }
"assword:" { echo "something went wrong with asymetric authentication" }
}
expect eof
EOF
fi
if [[ $? -ne 0 ]];then
red_messages "Something went wrong with scp. Exiting"
exit 30
fi
}
function fortinet_generate_backup_name(){
# $1 Backup file
echo -e "\n"
magenta_messages "### Generate fortinet backup name ###"
CONF_FILE_NAME="$(date '+%Y/%m/%d_%H:%M')"
CONF_FILE_NAME="${CONF_FILE_NAME}_$(grep conf_file_ver ${1}|cut -d'=' -f2)"
}
function zip_file(){
# $1 File route
# $2 New file zip
echo -e "\n"
magenta_messages "### Zip file ###"
zip -9rm "${2}" "${1}"
if [[ $? -ne 0 ]];then
red_messages "Error ocurred zip file. Exiting"
exit 40
fi
}
######### AGREGATED FUNCTIONS #########
function checking_all_before_start(){
magenta_messages "\n ######### Checking all before start #########"
check_dependencies
check_connectivity "$HOPPER_IP $HOPPER_SSH_PORT"
}
function tunneling_hopper(){
magenta_messages "\n ######### Tunneling hopper #########"
add_ssh_key $HOPPER_KEY_ROUTE $HOPPER_KEY_PASS
create_ssh_tunel "$HOPPER_LOCAL_PORT" "$FORTINET_IP" "$FORTINET_PORT" "$HOPPER_USER" "$HOPPER_IP" "$HOPPER_SSH_PORT"
}
function fortinet_get_backup(){
magenta_messages "\n ######### Getting Forti Backup #########"
check_connectivity "localhost $HOPPER_LOCAL_PORT"
download_file_scp ${FORTINET_ACCESS_METHOD} ${HOPPER_LOCAL_PORT} ${FORTINET_USER} 'localhost' ${FORTINET_CONFIG_ROUTE} ${LOCAL_CONFIG_FORTI_ROUTE} ${FORTINET_PASS}
}
function fortinet_manage_backup(){
magenta_messages "\n ######### Modify backup #########"
fortinet_generate_backup_name "${LOCAL_CONFIG_FORTI_ROUTE}"
CONF_FILE_NAME_ZIP="${CONF_FILE_NAME}".zip
zip_file "${LOCAL_CONFIG_FORTI_ROUTE}" "${CONF_FILE_NAME_ZIP}"
cypher_file "${CIPHER_TYPE}" "${CONF_FILE_NAME_ZIP}" "${CIPHER_ASYMETRIC_KEY_ROUTE}"
}
######### MAIN #########
function main(){
#initialize variables
variables_hopper
variables_fortinet
variables_general
checking_all_before_start
tunneling_hopper
fortinet_get_backup
fortinet_manage_backup
echo "el estado ha sido $?"
}
main