Documentation avancée

Compliance Airgap avec l’API en PowerShell

Les scripts de Compliance Airgap nécessite de s’authentifier en suivant cette procédure.

Compliance Airgap ne fonctionne qu’avec des actifs déjà existant dans Cyberwatch.

Dans le cas où le certificat TLS du serveur Cyberwatch ne peut être reconnu par la machine sur laquelle est exécuté ce script, il est nécessaire d’exécuter le snippet de code suivant en amont dans le script :

add-type @"
    using System.Net;
    using System.Security.Cryptography.X509Certificates;
    public class TrustAllCertsPolicy : ICertificatePolicy {
        public bool CheckValidationResult(
            ServicePoint srvPoint, X509Certificate certificate,
            WebRequest request, int certificateProblem) {
            return true;
        }
    }
"@
[System.Net.ServicePointManager]::CertificatePolicy = New-Object TrustAllCertsPolicy

Scripts Compliance Airgap + Fonctionnement

  1. Récupérer le script de téléchargement Compliance Airgap et le script d’upload Compliance Airgap, remplir les variables $API_URL et $CREDENTIALS

  2. Après avoir exécuté le script de téléchargement, un dossier compliance_scripts est créé qui contient le script permettant de générer les résultats

  3. Pour exécuter le script, déplacer le dossier complet vers l’actif que vous souhaitez scanner et exécuter le script comme indiqué ci-dessous. Pour éviter tout risque d’exécution d’un script indésirable, prenez le dossier complet, et pas seulement son contenu :

    • Pour Linux : bash ./compliance.sh > result.txt
    • Pour Windows en PowerShell : .\compliance.ps1 | Out-File -Encoding ASCII -FilePath result.txt

    Cela créera un fichier result.txt contenant les résultats de l’exécution

    Déplacer ensuite le fichier result.txt vers le dossier uploads sur le système avec le script d’upload.

  4. Envoyer les résultats des scripts présents dans le dossier uploads à l’aide du script d’upload Compliance Airgap

Script de téléchargement Compliance Airgap

Afficher le code source du script
# -------------------------------------
# CONFIGURATION
# Please check and complete these items
# -------------------------------------

$API_URL = ""
$CREDENTIALS = "access_key:secret_key"

# -------------------------
# RUN
# -------------------------

$encodedCreds = [System.Convert]::ToBase64String([System.Text.Encoding]::ASCII.GetBytes($CREDENTIALS))

$os = Read-Host -Prompt "Input one OS (format from $API_URL/cbw_assets/os) to get the scripts, ex: 'windows_10_21h1_64/ubuntu_2004_64'"
$repository_input = Read-Host -Prompt "Input one or multiple repositories to fetch, ex: 'CIS_Benchmark, Security_Best_Practices, ...'"

$repository_array = $repository_input -split ", "

Function FetchImporterScripts {
<#
.SYNOPSIS
        Example script to fetch Compliance Airgap scripts
#>

  Write-Output "-------------------------------------------"
  Write-Output "Cyberwatch - Fetch Compliance Airgap scripts"
  Write-Output "-------------------------------------------"

  # Test the client connection
  Write-Output "INFO: Checking API connection and credentials..."
  try {
    $response = Invoke-WebRequest -URI $API_URL/api/v3/ping -Method Get -Headers @{
      "Accept"      = "application/json; charset=utf-8"
      Authorization = "Basic $encodedCreds"
    }

    $response.Content
  }
  catch {
    Write-Output "ERROR: Connection failed. Please check the following error message : '$_'"
    Return
  }

  # Clean old files
  Write-Output "INFO: Cleaning old files..."
  Remove-Item -LiteralPath ".\compliance_scripts" -Force -Recurse -ErrorAction Ignore
  Write-Output "INFO: Done."

  # Create the base folders
  New-Item -path ".\compliance_scripts" -Force -ItemType Directory | Out-Null
  New-Item -path ".\uploads" -Force -ItemType Directory | Out-Null

  # Fetch available scanning scripts from the API for the OS
  Write-Output "INFO: Fetching filtered compliance scripts for OS: $os..."

  $uri = "$API_URL/api/v2/compliances/scripts?os=$os&"
  $repository_array | ForEach-Object {
      $uri += "repositories%5B%5D=$_&"
  }
    
  Write-Output $uri
    
  $response = Invoke-RestMethod -URI $uri -Method Get -Headers @{
      "Accept"      = "application/json; charset=utf-8"
      Authorization = "Basic $encodedCreds"
  }

    # Fetch content of each script and attachments
  $response | ForEach-Object {
    Write-Output "INFO: Fetching content for '$($_.code)' ..."
    $scanning_script = ($_)
    $scanning_script_path = ".\compliance_scripts\"+$scanning_script.filename.ToLower().replace("::", "\")
    Write-Output $scanning_script.filename
    $scanning_script.script_content | New-Item -path $scanning_script_path -Force -ItemType File | Out-Null 
    Write-Output "INFO: Script saved at $($(Resolve-Path -Path $scanning_script_path).Path)."
  }

  Write-Output "---------------------------------------------------------------------"
  Write-Output "Script completed!"
  Write-Output "To continue, please now:"
  Write-Output "1) Run the fetched scripts with 'compliance.ps1' or 'compliance.sh' on the targeted systems"
  Write-Output "2) Put the results of the scripts as TXT files in the 'upload' folder"
  Write-Output "3) Run the compliance 'upload' script"
  Write-Output "---------------------------------------------------------------------"

}

FetchImporterScripts

Script d’upload Compliance Airgap

Afficher le code source du script
# -------------------------------------
# CONFIGURATION
# Please check and complete these items
# -------------------------------------

$API_URL = ""
$CREDENTIALS = "access_key:secret_key"

# -------------------------
# RUN
# -------------------------

Write-Output "-------------------------------------------"
Write-Output "Cyberwatch - Send Compliance Airgap results for analysis"
Write-Output "-------------------------------------------"

$encodedCreds = [System.Convert]::ToBase64String([System.Text.Encoding]::ASCII.GetBytes($CREDENTIALS))

Function SendResultsImporter {
    <#
.SYNOPSIS
        Example script to send Compliance Airgap scripts results
#>

    try {
        $response = Invoke-WebRequest -URI $API_URL/api/v3/ping -Method Get -Headers @{
            "Accept"      = "application/json; charset=utf-8"
            Authorization = "Basic $encodedCreds"
        }

        $response.Content
    }
    catch {
        Write-Output "ERROR: Connection failed. Please check the following error message : '$_'"
        Return
    }

    # Load results and send them to Cyberwatch
    Write-Output "INFO: Searching for available results..."
    $available_results = Get-ChildItem -Recurse -File -Path ".\uploads"
    Write-Output "INFO: Done. Found $($available_results.count) results to be processed and sent for analysis."

    $available_results | ForEach-Object {
        Write-Output "INFO: Reading $($_.FullName) content..."
        $content = [IO.File]::ReadAllText($_.FullName)
        Write-Output "INFO: Sending $($_.FullName) content to the API..."
        $body_content = @{ output = $content } | ConvertTo-Json
        $response = Invoke-WebRequest -URI $API_URL/api/v2/compliances/scripts -Method POST -Body $body_content -Headers @{
            "Accept"      = "application/json; charset=utf-8"
            "Content-Type" = "application/json"
            Authorization = "Basic $encodedCreds"
        }
        Write-Output "INFO: Done."
    }

    Write-Output "---------------------------------------------------------------------"
    Write-Output "Script completed!"
    Write-Output "Your scans are now being processed by your Cyberwatch nodes."
    Write-Output "Please log on $API_URL to see the results."
    Write-Output "---------------------------------------------------------------------"

}

SendResultsImporter

Retour en haut