new way to read user parameters

This commit is contained in:
José Lopes 2018-10-24 12:36:13 -03:00
parent 96e16e30fc
commit 1de0ce0340
4 changed files with 79 additions and 54 deletions

View File

@ -20,31 +20,27 @@ Note that `netbox-scanner` will require [Nmap](https://nmap.org/) and an instanc
## Usage
`netbox-scanner` can be used both in your Python programs or as a script. To use `netbox-scanner` as a script, edit `netbox-scanner/config.py` with your setup, and run the command below:
`netbox-scanner` can be used both in your Python programs or as a script. To use `netbox-scanner` as a script, simply run `netbox-scanner/netbox-scanner.py` and it'll create its configuration file (`.netbox-scanner.conf`) in your home folder:
$ netbox-scanner.py
$ python netbox-scanner.py
After that, you'll just need to edit that file with your environment settings and run the script again.
`netbox-scanner` will do the following tasks:
1. It will scan all networks defined in `netbox-scanner/config.py` or via parameters.
1. It will scan all networks defined in the configuration file.
2. For each discovered host it will:
1. If host is in NetBox, description is different, and `tag` is equal to `netbox-scanner/config.py/TAG`, it's description will be updated.
1. If host is in NetBox, description is different, and `tag` is equal to that defined in the configuration file, it's description will be updated in NetBox.
2. If host is not in NetBox, it'll be created.
3. It will iterate through each network to find and delete any hosts registered in NetBox that did not respond to scan, and have the tag `netbox-scanner/config.py/TAG`.
3. It will iterate through each network to find and delete any hosts registered in NetBox that did not respond to scan, and have the tag defined in the configuration file.
This way, if some hosts in your monitored networks are eventually down, but you don't want `netbox-scanner` to manage them, just make sure that they don't have the tag defined in `netbox-scanner/config.py/TAG`.
To see a list of all available parameters in `netbox-scanner.py`, simple use the `-h` option --please note that all parameters are optional, because all of them can be set using `netbox-scanner/config.py` file:
$ netbox-scanner.py -h
For instance, if some hosts in your monitored networks are eventually down, but you don't want `netbox-scanner` to manage them, just make sure that they **don't** have the tag defined in the configuration file.
Of course, you can use `cron` to automatically run `netbox-scanner`.
## Configuration File
`netbox-scanner` have a configuration file (`netbox-scanner/netbox-scanner/config.py`) with all parameters needed to scan networks and synchronize them to NetBox. Before using `netbox-scanner/netbox-scannner/netbox-scanner.py` you should read that file and fill all variables according to your environment.
It is strongly recommended that you use this file instead of passing parameters via command line, because it's easier and avoid common mistakes in multiple executions. You should use command line parameters occasionally, in single scans.
`netbox-scanner` have a configuration file with all parameters needed to scan networks and synchronize them to NetBox. By default, this file is located at user's home folder and is created when `netbox-scanner.py` is executed for the first time. Before using `netbox-scanner.py` you should edit that file and fill all variables according to your environment.
## License

View File

@ -17,10 +17,11 @@ logging.getLogger('paramiko').setLevel(logging.CRITICAL) # paramiko is noisy
class NetBoxScanner(object):
def __init__(self, address, token, tls_verify, nmap_args, devs_auth, tag, unknown):
def __init__(self, address, token, tls_verify, nmap_args, tacacs, tag,
unknown):
self.netbox = api(address, token=token, ssl_verify=tls_verify)
self.nmap_args = nmap_args
self.devs = devs_auth
self.tacacs = tacacs
self.tag = tag
self.unknown = unknown
self.stats = {'created':0, 'updated':0, 'deleted':0,
@ -52,17 +53,17 @@ class NetBoxScanner(object):
return name
else:
c = CPE(cpe[0], CPE.VERSION_2_3)
vendor = c.get_vendor()[0].upper()
if vendor in self.devs:
vendor = c.get_vendor()[0]
if self.tacacs and vendor == 'cisco':
try:
client = SSHClient()
client.set_missing_host_key_policy(AutoAddPolicy())
client.connect(address, username=self.devs[vendor]['USER'],
password=self.devs[vendor]['PASSWORD'])
stdin, stdout, stderr = client.exec_command(self.devs[vendor]['COMMAND'])
client.connect(address, username=self.tacacs['user'],
password=self.tacacs['password'])
stdin,stdout,stderr = client.exec_command(self.tacacs['command'])
return '{}:{}'.format(vendor.lower(),
re.search(self.devs[vendor]['REGEX'],
str(stdout.read().decode('utf-8'))).group(self.devs[vendor]['REGROUP']))
re.search(self.tacacs['regex'],
str(stdout.read().decode('utf-8'))).group(self.tacacs['regroup']))
except (AuthenticationException, SSHException,
NoValidConnectionsError, TimeoutError,
ConnectionResetError):

View File

@ -1,48 +1,76 @@
#!/usr/bin/env python3
import logging
from argparse import ArgumentParser
from configparser import ConfigParser
from os import fsync
from os.path import expanduser
from getpass import getpass
from datetime import datetime
from urllib3 import disable_warnings
from urllib3.exceptions import InsecureRequestWarning
import config
from nbscan import NetBoxScanner
argp = ArgumentParser()
argp.add_argument('-l', '--log', help='logfile path', default=config.LOG)
argp.add_argument('-a', '--address', help='netbox address',
default=config.NETBOX['ADDRESS'])
argp.add_argument('-t', '--token', help='netbox access token',
default=config.NETBOX['TOKEN'])
argp.add_argument('-v', '--verify', help='tls verify',
action='store_true', default=config.NETBOX['TLS_VERIFY'])
argp.add_argument('-m', '--nmap', help='set Nmap arguments',
default=config.NMAP_ARGS)
argp.add_argument('-d', '--devices', help='device authentication crendentials',
default=config.DEVICE_AUTH)
argp.add_argument('-g', '--tag', help='netbox-scanner tag',
default=config.TAG)
argp.add_argument('-u', '--unknown', help='netbox-scanner unknown host',
default=config.UNKNOWN)
argp.add_argument('-n', '--networks', nargs='+', help='networks to be scanned',
default=config.NETWORKS)
args = argp.parse_args()
template = '''
[GENERAL]
tag = auto
unknown = unknown host
log = .
nmap_args = -T4 -O -F --host-timeout 30s
logging.basicConfig(filename='{}/netbox-scanner-{}.log'.format(args.log,
datetime.now().strftime('%Y%m%dT%H%M%SZ')),
level=logging.INFO,
[NETBOX]
address = https://
token =
tls_verify = True
[TACACS]
user = netbox
password =
command = show run | inc hostname
regex = hostname ([A-Z|a-z|0-9|\-|_]+)
regroup = 1
[SCAN]
networks = 10.1.2.3/24,10.2.3.4/24
'''
conffile = expanduser('~/.netbox-scanner.conf')
try:
config = ConfigParser()
config.read(conffile)
general_conf = config['GENERAL']
netbox_conf = config['NETBOX']
networks = config['SCAN']['networks'].split(',')
tacacs_conf = dict()
for key in config['TACACS']:
tacacs_conf[key] = config['TACACS'][key]
tacacs_conf['regroup'] = int(tacacs_conf['regroup'])
except KeyError:
with open(conffile,'w+') as f:
f.write(template)
fsync(f)
print('Config file was created at {}'.format(conffile))
print('Fill all fields before run the script again.')
exit(1)
logfile = '{}/netbox-scanner-{}.log'.format(general_conf['log'],
datetime.now().strftime('%Y%m%dT%H%M%SZ'))
logging.basicConfig(filename=logfile, level=logging.INFO,
format='%(asctime)s\tnetbox-scanner\t%(levelname)s\t%(message)s')
disable_warnings(InsecureRequestWarning)
nbs = NetBoxScanner(args.address, args.token, args.verify, args.nmap,
args.devices, args.tag, args.unknown)
logging.info('started: {} networks'.format(len(args.networks)))
nbs.sync(args.networks)
logging.info('finished: +{} ~{} -{} ?{} !{}'.format(nbs.stats['created'],
nbs.stats['updated'], nbs.stats['deleted'], nbs.stats['undiscovered'],
nbs.stats['duplicated']))
if __name__ == '__main__':
nbs = NetBoxScanner(netbox_conf['address'], netbox_conf['token'],
netbox_conf.getboolean('tls_verify'), general_conf['nmap_args'],
tacacs_conf, general_conf['tag'], general_conf['unknown'])
logging.info('started: {} networks'.format(len(networks)))
nbs.sync(networks)
logging.info('finished: +{} ~{} -{} ?{} !{}'.format(nbs.stats['created'],
nbs.stats['updated'], nbs.stats['deleted'], nbs.stats['undiscovered'],
nbs.stats['duplicated']))
exit(0)

View File

@ -7,7 +7,7 @@ with open('README.md', 'r') as fh:
setuptools.setup(
name='netbox-scanner',
version='0.5.6',
version='0.6.0',
author='José Lopes de Oliveira Jr.',
author_email='jlojunior@gmail.com',
description='A scanner util for NetBox',