Documentación avanzada
Compliance Air gap con la API en PowerShell
Los scripts de Compliance Air gap requieren autenticarse siguiendo este procedimiento.
Compliance Air gap solo funciona con activos ya existentes en Cyberwatch.
En el caso de que el certificado TLS del servidor Cyberwatch no pueda ser reconocido por la maquina en la que se ejecuta este script, es necesario ejecutar el siguiente snippet de código antes en el script:
add-type @"
using System.Net;
using System.Security.Cryptography.X509Certificates;
public class TrustAllCertsPolicy : ICertificatePolicy {
public bool CheckValidationResult(
ServicePoint srvPoint, X509Certificate certificate,
WebRequest request, int certificateProblem) {
return true;
}
}
"@
[System.Net.ServicePointManager]::CertificatePolicy = New-Object TrustAllCertsPolicy
Scripts de Compliance Air gap + funcionamiento
Recuperar el script de descarga Compliance Air gap y el script de upload Compliance Air gap, completar las variables
$API_URLy$CREDENTIALSDespués de ejecutar el script de descarga, se crea una carpeta
compliance_scriptsque contiene el script que permite generar los resultadosPara ejecutar el script, mover la carpeta completa al activo que desea escanear y ejecutar el script como se indica a continuación. Para evitar cualquier riesgo de ejecución de un script no deseado, tome la carpeta completa, y no solo su contenido:
- Para Linux :
bash ./compliance.sh > result.txt - Para Windows en PowerShell :
\.\compliance.ps1 | Out-File -Encoding ASCII -FilePath result.txt
Esto creara un archivo
result.txtque contiene los resultados de la ejecuciónLuego mover el archivo
result.txta la carpetauploadsen el sistema con el script de upload.- Para Linux :
Enviar los resultados de los scripts presentes en la carpeta
uploadscon la ayuda del script de upload Compliance Air gap
Script de descarga Compliance Air gap
Mostrar el código fuente del script
# -------------------------------------
# CONFIGURATION
# Please check and complete these items
# -------------------------------------
$API_URL = ""
$CREDENTIALS = "access_key:secret_key"
# -------------------------
# RUN
# -------------------------
$encodedCreds = [System.Convert]::ToBase64String([System.Text.Encoding]::ASCII.GetBytes($CREDENTIALS))
$os = Read-Host -Prompt "Input one OS (format from $API_URL/cbw_assets/os) to get the scripts, ex: 'windows_10_21h1_64/ubuntu_2004_64'"
$repository_input = Read-Host -Prompt "Input one or multiple repositories to fetch, ex: 'CIS_Benchmark, Security_Best_Practices, ...'"
$repository_array = $repository_input -split ", "
Function FetchImporterScripts {
<#
.SYNOPSIS
Example script to fetch Compliance Air gap scripts
#>
Write-Output "-------------------------------------------"
Write-Output "Cyberwatch - Fetch Compliance Air gap scripts"
Write-Output "-------------------------------------------"
# Test the client connection
Write-Output "INFO: Checking API connection and credentials..."
try {
$response = Invoke-WebRequest -URI $API_URL/api/v3/ping -Method Get -Headers @{
"Accept" = "application/json; charset=utf-8"
Authorization = "Basic $encodedCreds"
}
$response.Content
}
catch {
Write-Output "ERROR: Connection failed. Please check the following error message : '$_'"
Return
}
# Clean old files
Write-Output "INFO: Cleaning old files..."
Remove-Item -LiteralPath ".\compliance_scripts" -Force -Recurse -ErrorAction Ignore
Write-Output "INFO: Done."
# Create the base folders
New-Item -path ".\compliance_scripts" -Force -ItemType Directory | Out-Null
New-Item -path ".\uploads" -Force -ItemType Directory | Out-Null
# Fetch available scanning scripts from the API for the OS
Write-Output "INFO: Fetching filtered compliance scripts for OS: $os..."
$uri = "$API_URL/api/v2/compliances/scripts?os=$os&"
$repository_array | ForEach-Object {
$uri += "repositories%5B%5D=$_&"
}
Write-Output $uri
$response = Invoke-RestMethod -URI $uri -Method Get -Headers @{
"Accept" = "application/json; charset=utf-8"
Authorization = "Basic $encodedCreds"
}
# Fetch content of each script and attachments
$response | ForEach-Object {
Write-Output "INFO: Fetching content for '$($_.code)' ..."
$scanning_script = ($_)
$scanning_script_path = ".\compliance_scripts\"+$scanning_script.filename.ToLower().replace("::", "\")
Write-Output $scanning_script.filename
$scanning_script.script_content | New-Item -path $scanning_script_path -Force -ItemType File | Out-Null
Write-Output "INFO: Script saved at $($(Resolve-Path -Path $scanning_script_path).Path)."
}
Write-Output "---------------------------------------------------------------------"
Write-Output "Script completed!"
Write-Output "To continue, please now:"
Write-Output "1) Run the fetched scripts with 'compliance.ps1' or 'compliance.sh' on the targeted systems"
Write-Output "2) Put the results of the scripts as TXT files in the 'upload' folder"
Write-Output "3) Run the compliance 'upload' script"
Write-Output "---------------------------------------------------------------------"
}
FetchImporterScripts
Script de upload Compliance Air gap
Mostrar el código fuente del script
# -------------------------------------
# CONFIGURATION
# Please check and complete these items
# -------------------------------------
$API_URL = ""
$CREDENTIALS = "access_key:secret_key"
# -------------------------
# RUN
# -------------------------
Write-Output "-------------------------------------------"
Write-Output "Cyberwatch - Send Compliance Air gap results for analysis"
Write-Output "-------------------------------------------"
$encodedCreds = [System.Convert]::ToBase64String([System.Text.Encoding]::ASCII.GetBytes($CREDENTIALS))
Function SendResultsImporter {
<#
.SYNOPSIS
Example script to send Compliance Air gap scripts results
#>
try {
$response = Invoke-WebRequest -URI $API_URL/api/v3/ping -Method Get -Headers @{
"Accept" = "application/json; charset=utf-8"
Authorization = "Basic $encodedCreds"
}
$response.Content
}
catch {
Write-Output "ERROR: Connection failed. Please check the following error message : '$_'"
Return
}
# Load results and send them to Cyberwatch
Write-Output "INFO: Searching for available results..."
$available_results = Get-ChildItem -Recurse -File -Path ".\uploads"
Write-Output "INFO: Done. Found $($available_results.count) results to be processed and sent for analysis."
$available_results | ForEach-Object {
Write-Output "INFO: Reading $($_.FullName) content..."
$content = [IO.File]::ReadAllText($_.FullName)
Write-Output "INFO: Sending $($_.FullName) content to the API..."
$body_content = @{ output = $content } | ConvertTo-Json
$response = Invoke-WebRequest -URI $API_URL/api/v2/compliances/scripts -Method POST -Body $body_content -Headers @{
"Accept" = "application/json; charset=utf-8"
"Content-Type" = "application/json"
Authorization = "Basic $encodedCreds"
}
Write-Output "INFO: Done."
}
Write-Output "---------------------------------------------------------------------"
Write-Output "Script completed!"
Write-Output "Your scans are now being processed by your Cyberwatch nodes."
Write-Output "Please log on $API_URL to see the results."
Write-Output "---------------------------------------------------------------------"
}
SendResultsImporter