2020-03-09 10:11:07 +01:00
|
|
|
#!/usr/bin/python
|
2021-08-08 10:40:22 +02:00
|
|
|
# -*- coding: utf-8 -*-
|
2020-03-09 10:11:07 +01:00
|
|
|
|
2022-08-05 13:17:19 +02:00
|
|
|
# Copyright (c) 2018, Sebastian Schenzel <sebastian.schenzel@mailbox.org>
|
|
|
|
# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
|
|
|
|
# SPDX-License-Identifier: GPL-3.0-or-later
|
2020-03-09 10:11:07 +01:00
|
|
|
|
|
|
|
from __future__ import absolute_import, division, print_function
|
|
|
|
|
|
|
|
__metaclass__ = type
|
|
|
|
|
|
|
|
DOCUMENTATION = '''
|
|
|
|
---
|
|
|
|
module: utm_proxy_exception
|
|
|
|
|
|
|
|
author:
|
|
|
|
- Sebastian Schenzel (@RickS-C137)
|
|
|
|
|
|
|
|
short_description: Create, update or destroy reverse_proxy exception entry in Sophos UTM
|
|
|
|
|
|
|
|
description:
|
|
|
|
- Create, update or destroy a reverse_proxy exception entry in SOPHOS UTM.
|
|
|
|
- This module needs to have the REST Ability of the UTM to be activated.
|
|
|
|
|
|
|
|
|
|
|
|
options:
|
|
|
|
name:
|
|
|
|
description:
|
|
|
|
- The name of the object. Will be used to identify the entry
|
2022-09-06 21:07:46 +02:00
|
|
|
required: true
|
2020-03-09 10:11:07 +01:00
|
|
|
type: str
|
|
|
|
op:
|
|
|
|
description:
|
|
|
|
- The operand to be used with the entries of the path parameter
|
|
|
|
default: 'AND'
|
|
|
|
choices:
|
|
|
|
- 'AND'
|
|
|
|
- 'OR'
|
2022-09-06 21:07:46 +02:00
|
|
|
required: false
|
2020-03-09 10:11:07 +01:00
|
|
|
type: str
|
|
|
|
path:
|
|
|
|
description:
|
|
|
|
- The paths the exception in the reverse proxy is defined for
|
|
|
|
type: list
|
2020-11-22 12:17:46 +01:00
|
|
|
elements: str
|
2020-03-09 10:11:07 +01:00
|
|
|
default: []
|
2022-09-06 21:07:46 +02:00
|
|
|
required: false
|
2020-03-09 10:11:07 +01:00
|
|
|
skip_custom_threats_filters:
|
|
|
|
description:
|
|
|
|
- A list of threats to be skipped
|
|
|
|
type: list
|
2020-11-22 12:17:46 +01:00
|
|
|
elements: str
|
2020-03-09 10:11:07 +01:00
|
|
|
default: []
|
2022-09-06 21:07:46 +02:00
|
|
|
required: false
|
2020-03-09 10:11:07 +01:00
|
|
|
skip_threats_filter_categories:
|
|
|
|
description:
|
|
|
|
- Define which categories of threats are skipped
|
|
|
|
type: list
|
2020-11-22 12:17:46 +01:00
|
|
|
elements: str
|
2020-03-09 10:11:07 +01:00
|
|
|
default: []
|
2022-09-06 21:07:46 +02:00
|
|
|
required: false
|
2020-03-09 10:11:07 +01:00
|
|
|
skipav:
|
|
|
|
description:
|
|
|
|
- Skip the Antivirus Scanning
|
2022-09-06 21:07:46 +02:00
|
|
|
default: false
|
2020-03-09 10:11:07 +01:00
|
|
|
type: bool
|
2022-09-06 21:07:46 +02:00
|
|
|
required: false
|
2020-03-09 10:11:07 +01:00
|
|
|
skipbadclients:
|
|
|
|
description:
|
|
|
|
- Block clients with bad reputation
|
2022-09-06 21:07:46 +02:00
|
|
|
default: false
|
2020-03-09 10:11:07 +01:00
|
|
|
type: bool
|
2022-09-06 21:07:46 +02:00
|
|
|
required: false
|
2020-03-09 10:11:07 +01:00
|
|
|
skipcookie:
|
|
|
|
description:
|
|
|
|
- Skip the Cookie Signing check
|
2022-09-06 21:07:46 +02:00
|
|
|
default: false
|
2020-03-09 10:11:07 +01:00
|
|
|
type: bool
|
2022-09-06 21:07:46 +02:00
|
|
|
required: false
|
2020-03-09 10:11:07 +01:00
|
|
|
skipform:
|
|
|
|
description:
|
|
|
|
- Enable form hardening
|
2022-09-06 21:07:46 +02:00
|
|
|
default: false
|
2020-03-09 10:11:07 +01:00
|
|
|
type: bool
|
2022-09-06 21:07:46 +02:00
|
|
|
required: false
|
2020-03-09 10:11:07 +01:00
|
|
|
skipform_missingtoken:
|
|
|
|
description:
|
|
|
|
- Enable form hardening with missing tokens
|
2022-09-06 21:07:46 +02:00
|
|
|
default: false
|
2020-03-09 10:11:07 +01:00
|
|
|
type: bool
|
2022-09-06 21:07:46 +02:00
|
|
|
required: false
|
2020-03-09 10:11:07 +01:00
|
|
|
skiphtmlrewrite:
|
|
|
|
description:
|
|
|
|
- Protection against SQL
|
2022-09-06 21:07:46 +02:00
|
|
|
default: false
|
2020-03-09 10:11:07 +01:00
|
|
|
type: bool
|
2022-09-06 21:07:46 +02:00
|
|
|
required: false
|
2020-03-09 10:11:07 +01:00
|
|
|
skiptft:
|
|
|
|
description:
|
|
|
|
- Enable true file type control
|
2022-09-06 21:07:46 +02:00
|
|
|
default: false
|
2020-03-09 10:11:07 +01:00
|
|
|
type: bool
|
2022-09-06 21:07:46 +02:00
|
|
|
required: false
|
2020-03-09 10:11:07 +01:00
|
|
|
skipurl:
|
|
|
|
description:
|
|
|
|
- Enable static URL hardening
|
2022-09-06 21:07:46 +02:00
|
|
|
default: false
|
2020-03-09 10:11:07 +01:00
|
|
|
type: bool
|
2022-09-06 21:07:46 +02:00
|
|
|
required: false
|
2020-03-09 10:11:07 +01:00
|
|
|
source:
|
|
|
|
description:
|
|
|
|
- Define which categories of threats are skipped
|
|
|
|
type: list
|
2020-11-22 12:17:46 +01:00
|
|
|
elements: str
|
2020-03-09 10:11:07 +01:00
|
|
|
default: []
|
2022-09-06 21:07:46 +02:00
|
|
|
required: false
|
2020-03-09 10:11:07 +01:00
|
|
|
status:
|
|
|
|
description:
|
|
|
|
- Status of the exception rule set
|
2022-09-06 21:07:46 +02:00
|
|
|
default: true
|
2020-03-09 10:11:07 +01:00
|
|
|
type: bool
|
2022-09-06 21:07:46 +02:00
|
|
|
required: false
|
2020-03-09 10:11:07 +01:00
|
|
|
|
|
|
|
extends_documentation_fragment:
|
|
|
|
- community.general.utm
|
|
|
|
|
|
|
|
'''
|
|
|
|
|
|
|
|
EXAMPLES = """
|
|
|
|
- name: Create UTM proxy_exception
|
2020-07-13 21:50:31 +02:00
|
|
|
community.general.utm_proxy_exception:
|
2020-03-09 10:11:07 +01:00
|
|
|
utm_host: sophos.host.name
|
|
|
|
utm_token: abcdefghijklmno1234
|
|
|
|
name: TestExceptionEntry
|
|
|
|
backend: REF_OBJECT_STRING
|
|
|
|
state: present
|
|
|
|
|
|
|
|
- name: Remove UTM proxy_exception
|
2020-07-13 21:50:31 +02:00
|
|
|
community.general.utm_proxy_exception:
|
2020-03-09 10:11:07 +01:00
|
|
|
utm_host: sophos.host.name
|
|
|
|
utm_token: abcdefghijklmno1234
|
|
|
|
name: TestExceptionEntry
|
|
|
|
state: absent
|
|
|
|
"""
|
|
|
|
|
|
|
|
RETURN = """
|
|
|
|
result:
|
|
|
|
description: The utm object that was created
|
|
|
|
returned: success
|
|
|
|
type: complex
|
|
|
|
contains:
|
|
|
|
_ref:
|
|
|
|
description: The reference name of the object
|
|
|
|
type: str
|
|
|
|
_locked:
|
|
|
|
description: Whether or not the object is currently locked
|
|
|
|
type: bool
|
|
|
|
_type:
|
|
|
|
description: The type of the object
|
|
|
|
type: str
|
|
|
|
name:
|
|
|
|
description: The name of the object
|
|
|
|
type: str
|
|
|
|
comment:
|
|
|
|
description: The optional comment string
|
2020-11-22 12:17:46 +01:00
|
|
|
type: str
|
2020-03-09 10:11:07 +01:00
|
|
|
op:
|
|
|
|
description: The operand to be used with the entries of the path parameter
|
|
|
|
type: str
|
|
|
|
path:
|
|
|
|
description: The paths the exception in the reverse proxy is defined for
|
|
|
|
type: list
|
|
|
|
skip_custom_threats_filters:
|
|
|
|
description: A list of threats to be skipped
|
|
|
|
type: list
|
|
|
|
skip_threats_filter_categories:
|
|
|
|
description: Define which categories of threats are skipped
|
|
|
|
type: list
|
|
|
|
skipav:
|
|
|
|
description: Skip the Antivirus Scanning
|
|
|
|
type: bool
|
|
|
|
skipbadclients:
|
|
|
|
description: Block clients with bad reputation
|
|
|
|
type: bool
|
|
|
|
skipcookie:
|
|
|
|
description: Skip the Cookie Signing check
|
|
|
|
type: bool
|
|
|
|
skipform:
|
|
|
|
description: Enable form hardening
|
|
|
|
type: bool
|
|
|
|
skipform_missingtoken:
|
|
|
|
description: Enable form hardening with missing tokens
|
|
|
|
type: bool
|
|
|
|
skiphtmlrewrite:
|
|
|
|
description: Protection against SQL
|
|
|
|
type: bool
|
|
|
|
skiptft:
|
|
|
|
description: Enable true file type control
|
|
|
|
type: bool
|
|
|
|
skipurl:
|
|
|
|
description: Enable static URL hardening
|
|
|
|
type: bool
|
|
|
|
source:
|
|
|
|
description: Define which categories of threats are skipped
|
|
|
|
type: list
|
|
|
|
"""
|
|
|
|
|
|
|
|
from ansible_collections.community.general.plugins.module_utils.utm_utils import UTM, UTMModule
|
2021-06-26 23:59:11 +02:00
|
|
|
from ansible.module_utils.common.text.converters import to_native
|
2020-03-09 10:11:07 +01:00
|
|
|
|
|
|
|
|
|
|
|
def main():
|
|
|
|
endpoint = "reverse_proxy/exception"
|
|
|
|
key_to_check_for_changes = ["op", "path", "skip_custom_threats_filters", "skip_threats_filter_categories", "skipav",
|
|
|
|
"comment", "skipbadclients", "skipcookie", "skipform", "status", "skipform_missingtoken",
|
|
|
|
"skiphtmlrewrite", "skiptft", "skipurl", "source"]
|
|
|
|
module = UTMModule(
|
|
|
|
argument_spec=dict(
|
|
|
|
name=dict(type='str', required=True),
|
|
|
|
op=dict(type='str', required=False, default='AND', choices=['AND', 'OR']),
|
2020-11-27 08:01:02 +01:00
|
|
|
path=dict(type='list', elements='str', required=False, default=[]),
|
|
|
|
skip_custom_threats_filters=dict(type='list', elements='str', required=False, default=[]),
|
|
|
|
skip_threats_filter_categories=dict(type='list', elements='str', required=False, default=[]),
|
2020-03-09 10:11:07 +01:00
|
|
|
skipav=dict(type='bool', required=False, default=False),
|
|
|
|
skipbadclients=dict(type='bool', required=False, default=False),
|
|
|
|
skipcookie=dict(type='bool', required=False, default=False),
|
|
|
|
skipform=dict(type='bool', required=False, default=False),
|
|
|
|
skipform_missingtoken=dict(type='bool', required=False, default=False),
|
|
|
|
skiphtmlrewrite=dict(type='bool', required=False, default=False),
|
|
|
|
skiptft=dict(type='bool', required=False, default=False),
|
|
|
|
skipurl=dict(type='bool', required=False, default=False),
|
2020-11-27 08:01:02 +01:00
|
|
|
source=dict(type='list', elements='str', required=False, default=[]),
|
2020-03-09 10:11:07 +01:00
|
|
|
status=dict(type='bool', required=False, default=True),
|
|
|
|
)
|
|
|
|
)
|
|
|
|
try:
|
|
|
|
UTM(module, endpoint, key_to_check_for_changes).execute()
|
|
|
|
except Exception as e:
|
|
|
|
module.fail_json(msg=to_native(e))
|
|
|
|
|
|
|
|
|
|
|
|
if __name__ == '__main__':
|
|
|
|
main()
|