Class: Nexpose::Credential

Inherits:

APIObject

• Object
• APIObject
• Nexpose::Credential

Defined in:

lib/nexpose/credential.rb

Overview

Contains the shared methods for the SiteCredential and SharedCredential Objects. See Nexpose::SiteCredential or Nexpose::SharedCredential for additional info.

Direct Known Subclasses

SharedCredentialSummary, SiteCredentials

Defined Under Namespace

Modules: AuthenticationType, ElevationType, PrivacyType, Scope, Service

Constant Summary

DEFAULT_PORTS =

Mapping of Common Ports.

{ 'cvs'              => 2401,
'ftp'              => 21,
'http'             => 80,
'as400'            => 449,
'notes'            => 1352,
'tds'              => 1433,
'sybase'           => 5000,
'cifs'             => 445,
'cifshash'         => 445,
'oracle'           => 1521,
'pop'              => 110,
'postgresql'       => 5432,
'remote execution' => 512,
'snmp'             => 161,
'snmpv3'           => 161,
'ssh'              => 22,
'ssh-key'          => 22,
'telnet'           => 23,
'mysql'            => 3306,
'db2'              => 50000 }

Instance Method Summary

• #_to_param(target, engine_id, port, siteid) ⇒ Object
• #set_as400_service(domain = nil, username = nil, password = nil) ⇒ Object

  sets the IBM AS/400 service.

• #set_cifs_service(domain = nil, username = nil, password = nil) ⇒ Object

  sets the Microsoft Windows/Samba (SMB/CIFS) service.

• #set_cifshash_service(domain = nil, username = nil, password = nil) ⇒ Object

  sets the Microsoft Windows/Samba LM/NTLM Hash (SMB/CIFS) service.

• #set_cvs_service(username = nil, password = nil) ⇒ Object

  sets the Concurrent Versioning System (CVS) service.

• #set_db2_service(database = nil, username = nil, password = nil) ⇒ Object

  sets the DB2 service.

• #set_ftp_service(username = nil, password = nil) ⇒ Object

  sets the File Transfer Protocol (FTP) service.

• #set_http_service(domain = nil, username = nil, password = nil) ⇒ Object

  sets the Web Site HTTP Authentication service.

• #set_mysql_service(database = nil, username = nil, password = nil) ⇒ Object

  sets the MySQL Server service.

• #set_notes_service(password = nil) ⇒ Object

  sets the Lotus Notes/Domino service.

• #set_oracle_service(sid = nil, username = nil, password = nil) ⇒ Object

  sets the Oracle service.

• #set_pop_service(username = nil, password = nil) ⇒ Object

  sets the Post Office Protocol (POP) service.

• #set_postgresql_service(database = nil, username = nil, password = nil) ⇒ Object

  sets the PostgreSQL service.

• #set_remote_execution_service(username = nil, password = nil) ⇒ Object

  sets the Remote Execution service.

• #set_snmp_service(community_name = nil) ⇒ Object

  sets the Simple Network Management Protocol v1/v2c service.

• #set_snmpv3_service(authentication_type = AuthenticationType::NOAUTH, username = nil, password = nil, privacy_type = PrivacyType::NOPRIV, privacy_password = nil) ⇒ Object

  sets the Simple Network Management Protocol v3 service.

• #set_ssh_key_service(username, pemkey, password = nil, elevation_type = nil, elevation_user = nil, elevation_password = nil) ⇒ Object

  sets the Secure Shell (SSH) Public Key service.

• #set_ssh_service(username = nil, password = nil, elevation_type = nil, elevation_user = nil, elevation_password = nil) ⇒ Object

  sets the Secure Shell (SSH) service.

• #set_sybase_service(database = nil, domain = nil, username = nil, password = nil) ⇒ Object

  sets the Sybase SQL Server service.

• #set_tds_service(database = nil, domain = nil, username = nil, password = nil) ⇒ Object

  sets the Microsoft SQL Server service.

• #set_telnet_service(username = nil, password = nil) ⇒ Object

  sets the Telnet service.

• #test(nsc, target, engine_id = nil, siteid = -1)) ⇒ Object

  Test this credential against a target where the credentials should apply.

Methods inherited from APIObject

#object_from_hash

Instance Method Details

#_to_param(target, engine_id, port, siteid) ⇒ Object

# File 'lib/nexpose/credential.rb', line 109

def _to_param(target, engine_id, port, siteid)
  { engineid: engine_id,
    sc_creds_dev: target,
    sc_creds_svc: @service,
    sc_creds_database: @database,
    sc_creds_domain: @domain,
    sc_creds_uname: @username,
    sc_creds_password: @password,
    sc_creds_pemkey: @pem_key,
    sc_creds_port: port,
    sc_creds_privilegeelevationusername: @privilege_username,
    sc_creds_privilegeelevationpassword: @privilege_password,
    sc_creds_privilegeelevationtype: @privilege_type,
    sc_creds_snmpv3authtype: @auth_type,
    sc_creds_snmpv3privtype: @privacy_type,
    sc_creds_snmpv3privpassword: @privacy_password,
    siteid: siteid }
end

#set_as400_service(domain = nil, username = nil, password = nil) ⇒ Object

sets the IBM AS/400 service.

# File 'lib/nexpose/credential.rb', line 151

def set_as400_service(domain = nil, username = nil, password = nil)
  @domain = domain
  @user_name = username
  @password = password
  @service = Service::AS400
end

#set_cifs_service(domain = nil, username = nil, password = nil) ⇒ Object

sets the Microsoft Windows/Samba (SMB/CIFS) service.

# File 'lib/nexpose/credential.rb', line 175

def set_cifs_service(domain = nil, username = nil, password = nil)
  @domain = domain
  @user_name = username
  @password = password
  @service = Service::CIFS
end

#set_cifshash_service(domain = nil, username = nil, password = nil) ⇒ Object

sets the Microsoft Windows/Samba LM/NTLM Hash (SMB/CIFS) service.

# File 'lib/nexpose/credential.rb', line 183

def set_cifshash_service(domain = nil, username = nil, password = nil)
  @domain = domain
  @user_name = username
  @password = password
  @service = Service::CIFSHASH
end

#set_cvs_service(username = nil, password = nil) ⇒ Object

sets the Concurrent Versioning System (CVS) service

# File 'lib/nexpose/credential.rb', line 129

def set_cvs_service(username = nil, password = nil)
  @user_name = username
  @password = password
  @service = Service::CVS
end

#set_db2_service(database = nil, username = nil, password = nil) ⇒ Object

sets the DB2 service

# File 'lib/nexpose/credential.rb', line 136

def set_db2_service(database = nil, username = nil, password = nil)
  @database = database
  @user_name = username
  @password = password
  @service = Service::DB2
end

#set_ftp_service(username = nil, password = nil) ⇒ Object

sets the File Transfer Protocol (FTP) service

# File 'lib/nexpose/credential.rb', line 144

def set_ftp_service(username = nil, password = nil)
  @user_name = username
  @password = password
  @service = Service::FTP
end

#set_http_service(domain = nil, username = nil, password = nil) ⇒ Object

sets the Web Site HTTP Authentication service.

# File 'lib/nexpose/credential.rb', line 283

def set_http_service(domain = nil, username = nil, password = nil)
  @domain = domain
  @user_name = username
  @password = password
  @service = Service::HTTP
end

#set_mysql_service(database = nil, username = nil, password = nil) ⇒ Object

sets the MySQL Server service.

# File 'lib/nexpose/credential.rb', line 191

def set_mysql_service(database = nil, username = nil, password = nil)
  @database = database
  @user_name = username
  @password = password
  @service = Service::MYSQL
end

#set_notes_service(password = nil) ⇒ Object

sets the Lotus Notes/Domino service.

# File 'lib/nexpose/credential.rb', line 159

def set_notes_service(password = nil)
  @notes_id_password = password
  @service = Service::NOTES
end

#set_oracle_service(sid = nil, username = nil, password = nil) ⇒ Object

sets the Oracle service.

# File 'lib/nexpose/credential.rb', line 199

def set_oracle_service(sid = nil, username = nil, password = nil)
  @database = sid
  @user_name = username
  @password = password
  @service = Service::ORACLE
end

#set_pop_service(username = nil, password = nil) ⇒ Object

sets the Post Office Protocol (POP) service.

# File 'lib/nexpose/credential.rb', line 207

def set_pop_service(username = nil, password = nil)
  @user_name = username
  @password = password
  @service = Service::POP
end

#set_postgresql_service(database = nil, username = nil, password = nil) ⇒ Object

sets the PostgreSQL service.

# File 'lib/nexpose/credential.rb', line 214

def set_postgresql_service(database = nil, username = nil, password = nil)
  @database = database
  @user_name = username
  @password = password
  @service = Service::POSTGRESQL
end

#set_remote_execution_service(username = nil, password = nil) ⇒ Object

sets the Remote Execution service.

# File 'lib/nexpose/credential.rb', line 222

def set_remote_execution_service(username = nil, password = nil)
  @user_name = username
  @password = password
  @service = Service::REMOTE_EXECUTION
end

#set_snmp_service(community_name = nil) ⇒ Object

sets the Simple Network Management Protocol v1/v2c service.

# File 'lib/nexpose/credential.rb', line 250

def set_snmp_service(community_name = nil)
  @community_name = community_name
  @service = Service::SNMP
end

#set_snmpv3_service(authentication_type = AuthenticationType::NOAUTH, username = nil, password = nil, privacy_type = PrivacyType::NOPRIV, privacy_password = nil) ⇒ Object

sets the Simple Network Management Protocol v3 service.

# File 'lib/nexpose/credential.rb', line 256

def set_snmpv3_service(authentication_type = AuthenticationType::NOAUTH, username = nil, password = nil, privacy_type = PrivacyType::NOPRIV, privacy_password = nil)
  @authentication_type = authentication_type
  @user_name = username
  @password = password
  @privacy_type = privacy_type
  @privacy_password = privacy_password
  @service = Service::SNMPV3
end

#set_ssh_key_service(username, pemkey, password = nil, elevation_type = nil, elevation_user = nil, elevation_password = nil) ⇒ Object

sets the Secure Shell (SSH) Public Key service.

# File 'lib/nexpose/credential.rb', line 239

def set_ssh_key_service(username, pemkey,  password = nil, elevation_type = nil, elevation_user = nil, elevation_password = nil)
  @user_name = username
  @password = password
  @pem_format_private_key = pemkey
  @permission_elevation_type = elevation_type || ElevationType::NONE
  @permission_elevation_user = elevation_user
  @permission_elevation_password = elevation_password
  @service = Service::SSH_KEY
end

#set_ssh_service(username = nil, password = nil, elevation_type = nil, elevation_user = nil, elevation_password = nil) ⇒ Object

sets the Secure Shell (SSH) service.

# File 'lib/nexpose/credential.rb', line 229

def set_ssh_service(username = nil, password = nil, elevation_type = nil, elevation_user = nil, elevation_password = nil)
  @user_name = username
  @password = password
  @permission_elevation_type = elevation_type || ElevationType::NONE
  @permission_elevation_user = elevation_user
  @permission_elevation_password = elevation_password
  @service = Service::SSH
end

#set_sybase_service(database = nil, domain = nil, username = nil, password = nil) ⇒ Object

sets the Sybase SQL Server service.

# File 'lib/nexpose/credential.rb', line 266

def set_sybase_service(database = nil, domain = nil, username = nil, password = nil)
  @database = database
  @domain = domain
  @use_windows_auth = domain.nil?
  @user_name = username
  @password = password
  @service = Service::SYBASE
end

#set_tds_service(database = nil, domain = nil, username = nil, password = nil) ⇒ Object

sets the Microsoft SQL Server service.

# File 'lib/nexpose/credential.rb', line 165

def set_tds_service(database = nil, domain = nil, username = nil, password = nil)
  @database = database
  @domain = domain
  @use_windows_auth = domain.nil?
  @user_name = username
  @password = password
  @service = Service::TDS
end

#set_telnet_service(username = nil, password = nil) ⇒ Object

sets the Telnet service.

# File 'lib/nexpose/credential.rb', line 276

def set_telnet_service(username = nil, password = nil)
  @user_name = username
  @password = password
  @service = Service::TELNET
end

#test(nsc, target, engine_id = nil, siteid = -1)) ⇒ Object

Test this credential against a target where the credentials should apply. Only works for a newly created credential. Loading an existing credential will likely fail.

Parameters:

• nsc (Connection) —

  An active connection to the security console.

• target (String) —

  Target host to check credentials against.

• engine_id (Fixnum) (defaults to: nil) —

  ID of the engine to use for testing credentials. Will default to the local engine if none is provided.

# File 'lib/nexpose/credential.rb', line 97

def test(nsc, target, engine_id = nil, siteid = -1)
  unless engine_id
    engine_id = nsc.engines.find { |e| e.name == 'Local scan engine' }.id
  end
  @port = Credential::DEFAULT_PORTS[@service] if @port.nil?
  parameters = _to_param(target, engine_id, @port, siteid)
  xml = AJAX.form_post(nsc, '/data/credential/shared/test', parameters)
  result = REXML::XPath.first(REXML::Document.new(xml), 'TestAdminCredentialsResult')
  result.attributes['success'].to_i == 1
end