Cisco Cisco Firepower Management Center 2000 开发者指南
2-13
FireSIGHT System Remediation API Guide
Chapter 2 Planning and Packaging Your Remediation Module
Packaging and Installing Your Module
Packaging Your Module
When packaging your remediation files for installation, keep in mind the following:
•
Remediation modules must be packaged in a gzipped tarball (
.tar.gz
or
.tgz
) before you install
them.
•
When you install the module, the package is extracted into
/var/sf/remediation/remediation_directory
where
remediation_directory
is a combination of
the
name
attribute of the module’s
module
element and the data in the
version
element.
For example, one of the default remediation modules shipped with the Defense Center is the Cisco
PIX Shun module. That module resides in
PIX Shun module. That module resides in
/var/sf/remediation/cisco_pix_1.0
.
•
When extracted, your remediation module’s
module.template
document must reside in the top level
of the directory created to contain that module package.
•
As instances of remediations are created, they are saved in a directory created in your module
directory and named for the instance.
directory and named for the instance.
For example, instances of the Cisco PIX Shun module might reside in
/var/sf/remediation/cisco_pix_1.0/PIX_01
and
/var/sf/remediation/cisco_pix_1.0/PIX_02
.
For example, you upload and install a module that is packaged in firewall.tgz and is named in the
module.template
as
firewall
with a version value of
1.0
. The system installs the module in the
following directory:
/var/sf/remediation/firewall_1.0
. That directory contains your
module.template file and your program binary. When you add an instance to the remediation module and
name it block_tokyo, the system creates the following directory:
name it block_tokyo, the system creates the following directory:
/var/sf/remediation/firewall_1.0/block_tokyo
and places the
instance.conf
file for
block_tokyo
in it.
Installing Your Module
Once you have correctly packaged your remediation module, use the Modules page to install it.
To install a new module on the Remediation API:
Step 1
Select
Policies > Actions > Modules
.
The Installed Remediation Modules page appears.
Step 2
Click
Browse
to navigate to the location where you saved the tar.gz file that contains the custom
remediation module.
Step 3
Click
Install
.
The custom remediation module installs.
Step 4
Select
Policies > Actions > Modules
.
The Installed Remediation Modules table lists the module just installed. The Module Name, Version, and
Description columns match the information defined in the
Description columns match the information defined in the
module.template
file.
Step 5
Add instances of your new module and associate remediations to each instance, as described in the
FireSIGHT System User Guide.
FireSIGHT System User Guide.