search

napalm-automation-community / napalm-fortios

Apache License 2.0
31 stars 27 forks source link

post-login-banner not accepted #49

Open tommarcoen opened 7 years ago

tommarcoen commented 7 years ago

Our company has a post-login-banner configured on the firewall for which you have to press 'a' to accept it and get a prompt. It is not accepted automatically but it's also not possible to manually accept the banner by doing a execute_command('a').

Did you follow the steps from https://github.com/napalm-automation/napalm#faq

Setup

napalm-fortios version

(Paste verbatim output from pip freeze | grep napalm-fortios between quotes below)

napalm-fortios==0.4.0

FortiOS version

(Paste verbatim output from get sys status between quotes below)

# get sys status
Version: FortiGate-600D v5.4.5,build1138,170531 (GA)
Virus-DB: 51.00610(2017-09-11 21:16)
Extended DB: 51.00610(2017-09-11 21:15)
Extreme DB: 1.00000(2012-10-17 15:47)
IPS-DB: 6.00741(2015-12-01 02:30)
IPS-ETDB: 12.00219(2017-09-08 02:04)
Serial-Number: FGT6HD3916806247
IPS Malicious URL Database: 1.00760(2017-09-11 08:47)
Botnet DB: 4.00045(2017-09-11 10:00)
BIOS version: 05000005
System Part-Number: P18736-06
Log hard disk: Available
Hostname: FWBIS001
Operation Mode: NAT
Current virtual domain: root
Max number of virtual domains: 10
Virtual domains status: 2 in NAT mode, 0 in TP mode
Virtual domain configuration: enable
FIPS-CC mode: disable
Current HA mode: a-a, master
Branch point: 1138
Release Version Information: GA
FortiOS x86-64: Yes
System time: Tue Sep 12 10:13:11 2017

Steps to Reproduce the Issue

from pyFG import FortiOS
d = FortiOS('10.1.1.1', username='username', password='password')
d.open()
d.execute_command('a')
['', 'POST WARNING:', 'This is a private computer system. Unauthorized access or use ', 'is prohibited and subject to prosecution and/or disciplinary ', 'action. All use of this system constitutes consent to ', 'monitoring at all times and users are not entitled to any ', 'expectation of privacy. If monitoring reveals possible evidence', 'of violation of criminal statutes, this evidence and any other ', 'related information, including identification information about ', 'the user, may be provided to law enforcement officials.', 'If monitoring reveals violations of security regulations or', 'unauthorized use, employees who violate security regulations or', 'make unauthorized use of this system are subject to appropriate ', 'disciplinary action.', '', '', '', ' ', "(Press 'a' to accept):", '']
d.execute_command('a')
['', 'POST WARNING:', 'This is a private computer system. Unauthorized access or use ', 'is prohibited and subject to prosecution and/or disciplinary ', 'action. All use of this system constitutes consent to ', 'monitoring at all times and users are not entitled to any ', 'expectation of privacy. If monitoring reveals possible evidence', 'of violation of criminal statutes, this evidence and any other ', 'related information, including identification information about ', 'the user, may be provided to law enforcement officials.', 'If monitoring reveals violations of security regulations or', 'unauthorized use, employees who violate security regulations or', 'make unauthorized use of this system are subject to appropriate ', 'disciplinary action.', '', '', '', ' ', "(Press 'a' to accept):", '']
tommarcoen commented 7 years ago

When I do ssh username@10.1.1.1 'a; get system status', I get the following output which seems to suggest then sendinga` via SSH automation works as I do get a prompt.


POST WARNING:
This is a private computer system. Unauthorized access or use
is prohibited and subject to prosecution and/or disciplinary
action. All use of this system constitutes consent to
monitoring at all times and users are not entitled to any
expectation of privacy. If monitoring reveals possible evidence
of violation of criminal statutes, this evidence and any other
related information, including identification information about
the user, may be provided to law enforcement officials.
If monitoring reveals violations of security regulations or
unauthorized use, employees who violate security regulations or
make unauthorized use of this system are subject to appropriate
disciplinary action.

(Press 'a' to accept):

FWBIS001 #
FWBIS001 # 6694: Unknown action 0
Command fail. Return code -1

Moreover, I was able to remotely execute a command via cat commands.txt | ssh username@10.1.1.1 where the commands.txt file contains two lines:

a
get system status

I think this means that pyFG somehow is sending the commands passed along with execute_command() wrongly to the SSH session.

dbarrosop commented 7 years ago

I suggest you opening an issue in https://github.com/spotify/pyfg as there isn't much we can do here.

Closing the ticket, feel free to reopen if you feel there is something we could do.

dbarrosop commented 7 years ago

Now that I realized, try the following:

from pyFG import FortiOS
d = FortiOS('10.1.1.1', username='username', password='password')
d.open()
d.execute_command('a\n')
tommarcoen commented 7 years ago

Does not work either. But I suspect it should be something like this. Also a\r\n or a\n\r did not work.

awlx commented 6 years ago

Maybe this is obsolete in the future, I started a rewrite based on the official FortiOS API (https://github.com/fortinet-solutions-cse/fortiosapi) instead of screenscraping.

Let's see if I can pull all the needed stuff through API only.

tommarcoen commented 6 years ago

Hey awlx, any updates on that?