-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathtesting.py
More file actions
54 lines (46 loc) · 2.82 KB
/
testing.py
File metadata and controls
54 lines (46 loc) · 2.82 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
#!/usr/bin/env python
import json, requests, base64, sys, os, re
requests.urllib3.disable_warnings()
from variables import *
from ns_mod_auth import *
from ns_mod_basics import *
authToken_ns1 = getAuthCookie(connectiontype,nitroNSIP[0],nitroUser,nitroPass)
addAuthLdapAction(connectiontype,nitroNSIP[0],authToken_ns1,ldapaction_name,ldap_serverip,ldap_serverport,ldapbase,ldapbinddn,ldapbinddnpassword,ldaploginname,searchfilter,groupattrname,subattributename,sectype,passwdchange,authentication)
addAuthLdapPolicy(connectiontype,nitroNSIP[0],authToken_ns1,ldappolicy_name,ldappolicy_rule,ldappolicy_reqaction)
#saveNsConfig(connectiontype,nitroNSIP[1],authToken_ns2)
### Qualys
"""
set ssl profile ns_default_ssl_profile_frontend -sessreuse DISABLED
create ssl dhparam "/nsconfig/ssl/dhkey2048-vpn.key" 2048 -gen 2
set ssl profile ns_default_ssl_profile_frontend -dh ENABLED -dhFile "/nsconfig/ssl/dhkey2048-vpn.key"
set ssl profile ns_default_ssl_profile_frontend -ssl3 DISABLED
set ssl profile ns_default_ssl_profile_frontend -tls1 DISABLED
set ssl profile ns_default_ssl_profile_frontend -HSTS ENABLED
bind ssl vserver vpnserver -eccCurveName ALL
set ssl profile ns_default_ssl_profile_frontend -HSTS ENABLED -maxage 157680000
"""
### Cipher optimization
"""
add ssl cipher ssllabs-smw-q2-2018
bind ssl cipher ssllabs-smw-q2-2018 -cipherName TLS1.2-ECDHE-ECDSA-AES128-GCM-SHA256
bind ssl cipher ssllabs-smw-q2-2018 -cipherName TLS1.2-ECDHE-ECDSA-AES256-GCM-SHA384
bind ssl cipher ssllabs-smw-q2-2018 -cipherName TLS1.2-ECDHE-ECDSA-AES128-SHA256
bind ssl cipher ssllabs-smw-q2-2018 -cipherName TLS1.2-ECDHE-ECDSA-AES256-SHA384
bind ssl cipher ssllabs-smw-q2-2018 -cipherName TLS1-ECDHE-ECDSA-AES128-SHA
bind ssl cipher ssllabs-smw-q2-2018 -cipherName TLS1-ECDHE-ECDSA-AES256-SHA
bind ssl cipher ssllabs-smw-q2-2018 -cipherName TLS1.2-ECDHE-RSA-AES128-GCM-SHA256
bind ssl cipher ssllabs-smw-q2-2018 -cipherName TLS1.2-ECDHE-RSA-AES256-GCM-SHA384
bind ssl cipher ssllabs-smw-q2-2018 -cipherName TLS1.2-ECDHE-RSA-AES-128-SHA256
bind ssl cipher ssllabs-smw-q2-2018 -cipherName TLS1.2-ECDHE-RSA-AES-256-SHA384
bind ssl cipher ssllabs-smw-q2-2018 -cipherName TLS1-ECDHE-RSA-AES128-SHA
bind ssl cipher ssllabs-smw-q2-2018 -cipherName TLS1-ECDHE-RSA-AES256-SHA
bind ssl cipher ssllabs-smw-q2-2018 -cipherName TLS1.2-DHE-RSA-AES128-GCM-SHA256
bind ssl cipher ssllabs-smw-q2-2018 -cipherName TLS1.2-DHE-RSA-AES256-GCM-SHA384
bind ssl cipher ssllabs-smw-q2-2018 -cipherName TLS1-DHE-RSA-AES-128-CBC-SHA
bind ssl cipher ssllabs-smw-q2-2018 -cipherName TLS1-DHE-RSA-AES-256-CBC-SHA
bind ssl cipher ssllabs-smw-q2-2018 -cipherName TLS1-AES-128-CBC-SHA
bind ssl cipher ssllabs-smw-q2-2018 -cipherName TLS1-AES-256-CBC-SHA
unbind ssl vserver vpnserver -cipherName DEFAULT
bind ssl vserver vpnserver -cipherName ssllabs-smw-q2-2018
"""
logOut(connectiontype,nitroNSIP[1],authToken_ns1)