Friday 24 October 2014

Nessus with System Center Orchestrator and getting PDF reports via powershell.

I have recently created an integration pack for Nessus and Orchestrator using the NessusSharp Library located here

All is good and I can initiate a scan and wait for its completion by getting the status using listreports() and filtering by the scan id.

I then wanted to get the PDF report and email it, which isn't that easy as the above library nor powershell posh-nvs (formally posh-sec-mod) support getting anything other than a nessusv2 report.

I would have put a bit of effort into this but it appears that nessus 6 has a new api which is REST based, so I'm reluctant to spend any time doing something that I need to replace shortly, so I have done a temporary quick and dirty powershell script for downloading PDF reports from nessus.

The links below may help with working out wtf this is doing and what helped me knock this quick and dirty solution together:

The code is below.. Update: Please note that this code requires version 3 of powershell for the invoke-webrequest command.. I did have "# Requires -version 3.0 at the beginning of the script.. but orchestrator doesn't seem to like that when you wrap the script in $var = powershell { } Need to test this more first though.

$username = "login"
$password = "password"
$Server = "server"
$port = "8834"
$reportID = "2bfd7a4d-a806-8d5e-905a-0c39e7e248556d7fc3b9c5aa0f98"

# Ignore SSL Errors
[System.Net.ServicePointManager]::ServerCertificateValidationCallback = {$true}

$postParams = @{login=$username;password=$password}
$resp = Invoke-WebRequest -Uri "https://$($Server):$($port)/login" -body $postParams -Method Post

#Crude check!
if ($resp.StatusCode -ne 200){throw "Authorisation failed"}

# Try and get the token returned whilst logging in
$resp1 = $resp.AllElements[4].InnerHTML
$result = $resp1 -match "(?<content>.*)</token>"

#Another crude check!
If ($result -ne $true){Throw ("Error Logging in")}

$Token = $matches['content']
$ChapParams = @{chapters='compliance;compliance_exec;vuln_by_host;vuln_by_plugin;`
$Chapresp = Invoke-WebRequest -Uri "https://$($Server):$($port)/chapter" -body $ChapParams -Method Post

# Wait for the Report to be generated
# TODO: Check contents are valid at some point, if not wait
# longer and re-download.
start-sleep -seconds 60

$file = $Chapresp -match 'fileName=(?.*)">'
$filename = $matches['content']

$DownloadParams = @{fileName=$fileName;step=2;token=$token;}
Invoke-WebRequest -Uri "https://$($Server):$($port)/file/xslt/download" `
 -body $DownloadParams -Method Post -OutFile "c:\temp\pdf\$($filename)"

# Ingore the html below.. blogger, or syntax higlighter is finding the tag on the line for getting the filename!

Monday 15 September 2014

Powershell from Orchestrator

I’ve recently been trying to call and existing script (quite large) from System Center Orchestrator R2 and hit a number of issues.. The first one being that the script was reporting to run in the runbook, but not actually appearing to do anything, despite a “hello world” working fine.

I suspected it was down to the parameter validation, I found a post here which detailed how to run v3 scripts from orchestrator 

Armed with this I created a bit of code to wrap up the execution using this. The problem with this was I still wasn’t seeing any output, despite my script throwing errors, and logging when run in the console. I attempted to use |out-file to get some debugging, but this didn’t work right well either..

However redirecting the output using
2>&1 | tee -filePath c:\results.txt
me the information I needed..

# Get DataBusVariables and store them ready to pass through to a ps V3/4 Process.
$inobj = new-object pscustomobject -property @{
          ServerName = "\`d.T.~Ed/{4183F8A1-F775-4FC1-81A2-534907708B56}.{D8A8CCDC-C2D4-491B-A639-63E9163D1345}\`d.T.~Ed/"
          ServerDescription = "\`d.T.~Ed/{4183F8A1-F775-4FC1-81A2-534907708B56}.{BD45F4BD-D6E2-4309-BAC4-0AF3A4A519E4}\`d.T.~Ed/"
          DatastoreName = "\`d.T.~Ed/{4183F8A1-F775-4FC1-81A2-534907708B56}.{AB24D540-4CDD-4607-B209-E26F9A9C0825}\`d.T.~Ed/"
          OSFamily = "\`d.T.~Ed/{4183F8A1-F775-4FC1-81A2-534907708B56}.{BFC64A8B-3280-4E45-95D8-EA1A58D869F9}\`d.T.~Ed/"
          WindowsEdition = "\`d.T.~Ed/{4183F8A1-F775-4FC1-81A2-534907708B56}.{9A2ED74C-49BA-410E-9D24-C45FFD3A194E}\`d.T.~Ed/"
          FolderName = "\`d.T.~Ed/{4183F8A1-F775-4FC1-81A2-534907708B56}.{7F137DE7-C64A-454F-A1DA-3827913202E7}\`d.T.~Ed/"
          ClusterName = "\`d.T.~Ed/{4183F8A1-F775-4FC1-81A2-534907708B56}.{8DF61766-4734-4692-86EE-2A5EBD86A0A1}\`d.T.~Ed/"
          Network = "\`d.T.~Ed/{4183F8A1-F775-4FC1-81A2-534907708B56}.{C5FF09B0-FDE4-4968-8FD6-3B10DF29B2FE}\`d.T.~Ed/"

# Call V3/4
$PSE = $inobj | Powershell{
    $inp = $input | select -first 1
          $command = 'C:\scripts\CreateVMandDeployOS.ps1 -ServerName $($inp.ServerName) -ServerDescription $($inp.ServerDescription) -DatastoreName $($inp.DatastoreName) -OSFamily $($inp.OSFamily) -WindowsEdition $($inp.WindowsEdition) -FolderName $($inp.FolderName) -ClusterName $($inp.ClusterName) -Network $($inp.Network)'
          # write-output "Invoking Command " $command.ToString()
          invoke-expression $command
          } 2>&1 | tee -filePath c:\results.txt

Second problem was then that it couldn’t  import the relevant modules using import-module, main tip with this? Remember to launch x86 powershell window when you are testing, and if necessary drop the modules into the syswow64 modules path… 

Monday 18 August 2014

DevOps, System Center Orchestrator R2 Integration Packs and more..

It's been a while since I have posted any updates here, mainly because I haven't done anything remotely challenging recently ;)

 At work we are currently trying to follow the latest 'craze' - DevOps, what annoys me personally about this 'craze'- It's a lot of talk about using a lot of opensource tools such as Puppet, Ansible, Chef, BoxStarter, Vagrant etc etc, rather than looking at what you need to achieve and looking to see if the Ops guys already have a tool that they aren't using properly.

In fact at a recent DevOps event in Leeds - UK, I asked how many of these users were windows users, The room responded by laughing, now I know there are plenty of people using these tools on Windows, but we have already invested in Microsoft System Center and we have a reasonably large estate 600+ Servers.

So utilising our existing investment we have created some scripts which allow us to now rapdily build HyperV Guests, VMware Guests and HP Servers using 1 single SCCM task sequence and thus essentially 1 build for 2003, 2008 (2012 to follow) and also any edition (Std / Ent etc) The scripts basically add the computer into SCCM via its MAC address then populate a load of TS Variables which can be used during the build stage.

We have kind of got to the limit of where we can go with this without a lot more scripting, so the next stage of this was to look at Orchestrator. To try and get to grips with the tool I started off trying to automate patching of some critical systems, I then realised it couldn't do everything I needed out of the box and got carried away, or hooked - one or the other!

Armed with the SDK much like I did with SCOM I got started and started writing an Integration pack, I've been threatening myself that I need to move from to C# and this seemed like the ideal opportunity, I must say I am quite impressed with how simple in relative terms it has been to create the Integration packs, and as for C# it seems it little stricter than on careless coding errors!

So I have now made a start on the following Integration Packs and they work to my needs so far, and I do plan on uploading them soon..

VMware Service Manager (Create, Close, Update Call)
Globalscape EFT (Get Server Statistics)
Nessus (Create Nessus Scan)

Next on the List is:
ManageEngine Password ManagerPro
VisionApp Remote Desktop

Again once I have sorted out the configuration options properly I will upload them, however if you desperate for copies of them in the meantime I suggest you drop me a mail at [email protected]