cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
5515
Views
10
Helpful
12
Replies

Script Automation - IronPort

Hello, 


I am writing a script to automate the blocking of malicious senders on my IronPort, but I have some questions about how to execute a sequence of commands. I have a Linux server that connects via SSH but I am not able to execute all commands after connecting to the CLI.

 

I did some tests, but they all showed the same error as if it only identified one command.

 

Examples:

 

ssh user@$server "dictconfig" "edit" "7" "new" "teste.com"

 

ssh user@$server

"dictconfig"

"edit"

"7"

"new"

"teste.com"

 

How can I solve this problem?

 

Best Regards

1 Accepted Solution

Accepted Solutions

You can solve the problem this way:

 

ssh user@server.com "dictionaryconfig edit List new $domain; commit -y"

 

I will create a repository on github as soon as possible. I am working on some script improvements now.

View solution in original post

12 Replies 12

Not sure what version you're using, but the CLI doc for both 12 and 13 say the command is "dictionaryconfig"



It's not "batchable", e.g., you can't make a one-liner for it... , but you should be able to get a scriptable SSH client to run the commands for you.




I am using version 12 on my IronPort. Could you give me some example of how you could execute a command sequence via script?

 

I need to automate the steps below:

 

ironportr> dictionaryconfig

Currently configured content dictionaries:

7. Suspect

 

Choose the operation you want to perform:
- NEW - Create a new content dictionary.
- EDIT - Modify a content dictionary.
- DELETE - Remove a content dictionary.
- RENAME - Change the name of a content dictionary.
[]> edit

Enter the number of the dictionary you want to edit:

7. Suspeito

[]> 7

Choose the operation you want to perform on dictionary 'Suspeito':
- NEW - Create new entries in this dictionary.
- IMPORT - Replace all of the words in this dictionary.
- EXPORT - Export the words in this dictionary.
- DELETE - Remove an entry in this dictionary.
- PRINT - List the entries in this dictionary.
- SETTINGS - Change settings for this dictionary.
[]> new

teste.com 

Hey William,

Some commands support one line execution as long as it follows the correct syntax.
In your sample, i assume you want to execute it from one line which covers both login + command execution + commit, if this is the case I would not be possible unless as Ken shared, you write up a script on the SSH client to execute commands, wait and continue through the cycle. The reason being if you attempt it in one command, the commit will not be taken as it's an entirely separate function (as is the login).


For dictionary addition I was able to make it accept the one liner with the following (after login and you're in the CLI prompt, but you still need to commit after).

dictconfig new matt_test mattest,matest_test2

where the dictionary is new with the name "matt_test" with the values of mattest,matest_test2 inside it with weights of 1.

---
(Cluster cluster) (SERVICE)> dictconfig

Currently configured content dictionaries:
1. proprietary_content_txt
2. suspicious_senders

Choose the operation you want to perform:
- NEW - Create a new content dictionary.
- EDIT - Modify a content dictionary.
- DELETE - Remove a content dictionary.
- RENAME - Change the name of a content dictionary.
- CLUSTERSET - Set how content dictionaries are configured in a cluster.
- CLUSTERSHOW - Display how content dictionaries are configured in a cluster.
---
(Cluster cluster) (SERVICE)> dictconfig new matt_test mattest,matest_test2

(Cluster cluster) (SERVICE)> dictconfig

Currently configured content dictionaries:
1. matt_test
2. proprietary_content_txt
3. suspicious_senders

Choose the operation you want to perform:
- NEW - Create a new content dictionary.
- EDIT - Modify a content dictionary.
- DELETE - Remove a content dictionary.
- RENAME - Change the name of a content dictionary.
- CLUSTERSET - Set how content dictionaries are configured in a cluster.
- CLUSTERSHOW - Display how content dictionaries are configured in a cluster.
[]> edit

Enter the number of the dictionary you want to edit:
1. matt_test
2. proprietary_content_txt
3. suspicious_senders
[]> 1

Choose the operation you want to perform on dictionary 'matt_test':
- NEW - Create new entries in this dictionary.
- IMPORT - Replace all of the words in this dictionary.
- EXPORT - Export the words in this dictionary.
- DELETE - Remove an entry in this dictionary.
- PRINT - List the entries in this dictionary.
- SETTINGS - Change settings for this dictionary.
[]> print

Contents of dictionary 'matt_test':
mattest,matest_test2, 1

Choose the operation you want to perform on dictionary 'matt_test':
- NEW - Create new entries in this dictionary.
- IMPORT - Replace all of the words in this dictionary.
- EXPORT - Export the words in this dictionary.
- DELETE - Remove an entry in this dictionary.
- PRINT - List the entries in this dictionary.
- SETTINGS - Change settings for this dictionary.
[]>


Hope this helps.
Mathew

Also note, the SSH pasword prompt can probably be bypassed by adding your ssh key into the device for the trusted user. (CLI> sshconfig > userkey). but the commit will still require separate execution.

Thanks for your help Mathew Huynh,
 
I was able to perform the action with the command “dictionaryconfig edit Suspect new emxample.com”, but as I do to “commit” on the same line as excerpt from the script below:

 

blockEmail () {
     ssh user @ ironport "dictionaryconfig edit Suspicious new exwemple.com"
}

SSH login already occurs without the use of password because I already set the access key.

How do u automate commit along with the above code?


I misunderstood myself. I don't know how to commit automatically with the code above.

can you help me?

Good to hear you got it sorted Willian,
I am curious as well how you got the commit to work on the same scrip above.

Thanks,
Mathew

You can solve the problem this way:

 

ssh user@server.com "dictionaryconfig edit List new $domain; commit -y"

 

I will create a repository on github as soon as possible. I am working on some script improvements now.

Fantastic! Glad to see you got it sorted out and thank you for sharing this to the wider community.

I tried a similar approach with textconfig for automating text resources creation here, but couldn't get it to work for some reason.

Guys, follow link with the completed script.

 

https://github.com/willian20091/IronPortBlockEmail 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: