Class: Nexpose::SiteCredentials

Inherits:

Credential

• Object
• APIObject
• Credential
• Nexpose::SiteCredentials

Defined in:

lib/nexpose/site_credentials.rb

Overview

Object that represents administrative credentials to be used during a scan. When retrieved from an existing site configuration the credentials will be returned as a security blob and can only be passed back as is during a Site Save operation. This object can only be used to create a new set of credentials.

Constant Summary

Constants inherited from Credential

Credential::DEFAULT_PORTS

Instance Attribute Summary

• #authentication_type ⇒ Object

  The authentication type to use with SNMP v3 credentials.

• #community_name ⇒ Object

  for snmp v1/v2.

• #database ⇒ Object

  database of the service.

• #description ⇒ Object

  the description of credential.

• #domain ⇒ Object

  domain of the service.

• #enabled ⇒ Object

  is this credential enable on site or not.

• #host_restriction ⇒ Object

  The host for these credentials.

• #id ⇒ Object

  Unique identifier of the credential on the Nexpose console.

• #name ⇒ Object

  The name.

• #notes_id_password ⇒ Object

  the notes password.

• #password ⇒ Object

  The password.

• #pem_format_private_key ⇒ Object

  for ssh public key require pem format private key.

• #permission_elevation_password ⇒ Object

  The password to use when escalating privileges (optional).

• #permission_elevation_type ⇒ Object

  The type of privilege escalation to use (sudo/su) Permission elevation type.

• #permission_elevation_user ⇒ Object

  The userid to use when escalating privileges (optional).

• #port_restriction ⇒ Object

  The port on which to use these credentials.

• #privacy_password ⇒ Object

  The privacy/encryption pass phrase to use with SNMP v3 credentials.

• #privacy_type ⇒ Object

  The privacy/encryption type to use with SNMP v3 credentials.

• #scope ⇒ Object

  scope of credential.

• #service ⇒ Object

  The service for these credentials.

• #service_name ⇒ Object

  service name for oracle.

• #sid ⇒ Object

  sid for oracle.

• #use_windows_auth ⇒ Object

  use windows auth.

• #user_name ⇒ Object

  the user name to be used in service.

Class Method Summary

• .copy(connection, site_id, credential_id) ⇒ SiteCredentials

  Copy an existing configuration from a Nexpose instance.

• .for_service(name, id = -1,, desc = nil, host = nil, port = nil, service = Credential::Service::CIFS) ⇒ Object

  Create a credential object using name, id, description, host and port.

• .load(nsc, site_id, credential_id) ⇒ SiteCredential

  Load an credential from the provided console.

Instance Method Summary

• #==(other) ⇒ Object
• #_to_param(target, engine_id, port, siteid) ⇒ Object
• #copy ⇒ SiteCredentials

  Copy an existing configuration from a site credential.

• #eql?(other) ⇒ Boolean
• #test(nsc, target, engine_id = nil, siteid = -1)) ⇒ Boolean

  Test this credential against a target where the credentials should apply.

• #to_h ⇒ Object
• #to_json ⇒ Object

Methods included from CredentialHelper

#set_as400_service, #set_cifs_service, #set_cifshash_service, #set_cvs_service, #set_db2_service, #set_ftp_service, #set_http_service, #set_mysql_service, #set_notes_service, #set_oracle_service, #set_oracle_service_using_service_name_auth, #set_pop_service, #set_postgresql_service, #set_remote_execution_service, #set_snmp_service, #set_snmpv3_service, #set_ssh_key_service, #set_ssh_service, #set_sybase_service, #set_tds_service, #set_telnet_service

Methods inherited from APIObject

#object_from_hash

Instance Attribute Details

#authentication_type ⇒ Object

The authentication type to use with SNMP v3 credentials

# File 'lib/nexpose/site_credentials.rb', line 39

def authentication_type
  @authentication_type
end

#community_name ⇒ Object

for snmp v1/v2

# File 'lib/nexpose/site_credentials.rb', line 57

def community_name
  @community_name
end

#database ⇒ Object

database of the service

# File 'lib/nexpose/site_credentials.rb', line 30

def database
  @database
end

#description ⇒ Object

the description of credential

# File 'lib/nexpose/site_credentials.rb', line 26

def description
  @description
end

#domain ⇒ Object

domain of the service

# File 'lib/nexpose/site_credentials.rb', line 28

def domain
  @domain
end

#enabled ⇒ Object

is this credential enable on site or not.

# File 'lib/nexpose/site_credentials.rb', line 24

def enabled
  @enabled
end

#host_restriction ⇒ Object

The host for these credentials.

# File 'lib/nexpose/site_credentials.rb', line 16

def host_restriction
  @host_restriction
end

#id ⇒ Object

Unique identifier of the credential on the Nexpose console.

# File 'lib/nexpose/site_credentials.rb', line 12

def id
  @id
end

#name ⇒ Object

The name

# File 'lib/nexpose/site_credentials.rb', line 22

def name
  @name
end

#notes_id_password ⇒ Object

the notes password

# File 'lib/nexpose/site_credentials.rb', line 47

def notes_id_password
  @notes_id_password
end

#password ⇒ Object

The password

# File 'lib/nexpose/site_credentials.rb', line 20

def password
  @password
end

#pem_format_private_key ⇒ Object

for ssh public key require pem format private key

# File 'lib/nexpose/site_credentials.rb', line 55

def pem_format_private_key
  @pem_format_private_key
end

#permission_elevation_password ⇒ Object

The password to use when escalating privileges (optional)

# File 'lib/nexpose/site_credentials.rb', line 37

def permission_elevation_password
  @permission_elevation_password
end

#permission_elevation_type ⇒ Object

The type of privilege escalation to use (sudo/su) Permission elevation type. See Nexpose::Credential::ElevationType.

# File 'lib/nexpose/site_credentials.rb', line 33

def permission_elevation_type
  @permission_elevation_type
end

#permission_elevation_user ⇒ Object

The userid to use when escalating privileges (optional)

# File 'lib/nexpose/site_credentials.rb', line 35

def permission_elevation_user
  @permission_elevation_user
end

#port_restriction ⇒ Object

The port on which to use these credentials.

# File 'lib/nexpose/site_credentials.rb', line 18

def port_restriction
  @port_restriction
end

#privacy_password ⇒ Object

The privacy/encryption pass phrase to use with SNMP v3 credentials

# File 'lib/nexpose/site_credentials.rb', line 43

def privacy_password
  @privacy_password
end

#privacy_type ⇒ Object

The privacy/encryption type to use with SNMP v3 credentials

# File 'lib/nexpose/site_credentials.rb', line 41

def privacy_type
  @privacy_type
end

#scope ⇒ Object

scope of credential

# File 'lib/nexpose/site_credentials.rb', line 59

def scope
  @scope
end

#service ⇒ Object

The service for these credentials.

# File 'lib/nexpose/site_credentials.rb', line 14

def service
  @service
end

#service_name ⇒ Object

service name for oracle

# File 'lib/nexpose/site_credentials.rb', line 53

def service_name
  @service_name
end

#sid ⇒ Object

sid for oracle

# File 'lib/nexpose/site_credentials.rb', line 51

def sid
  @sid
end

#use_windows_auth ⇒ Object

use windows auth

# File 'lib/nexpose/site_credentials.rb', line 49

def use_windows_auth
  @use_windows_auth
end

#user_name ⇒ Object

the user name to be used in service

# File 'lib/nexpose/site_credentials.rb', line 45

def user_name
  @user_name
end

Class Method Details

.copy(connection, site_id, credential_id) ⇒ SiteCredentials

Copy an existing configuration from a Nexpose instance. Returned object will reset the credential ID and append “Copy” to the existing name. Reminder: The password field will not be populated due to the API not sending password.

Parameters:

• connection (Connection) —

  Connection to the security console.

• id (String) —

  Unique identifier of an site.

• id (String) —

  Unique identifier of an credential.

Returns:

• (SiteCredentials) —

  Site credential loaded from a Nexpose console.

# File 'lib/nexpose/site_credentials.rb', line 143

def self.copy(connection, site_id, credential_id)
  site_credential      = self.load(connection, site_id, credential_id)
  site_credential.id   = -1
  site_credential.name = "#{site_credential.name} Copy"
  site_credential
end

.for_service(name, id = -1,, desc = nil, host = nil, port = nil, service = Credential::Service::CIFS) ⇒ Object

Create a credential object using name, id, description, host and port

# File 'lib/nexpose/site_credentials.rb', line 105

def self.for_service(name, id = -1, desc = nil, host = nil, port = nil, service = Credential::Service::CIFS)
  cred                           = new
  cred.name                      = name
  cred.id                        = id.to_i
  cred.enabled                   = true
  cred.description               = desc
  cred.host_restriction          = host
  cred.port_restriction          = port
  cred.service                   = service
  cred.scope                     = Credential::Scope::SITE_SPECIFIC
  cred.permission_elevation_type = Credential::ElevationType::NONE
  cred
end

.load(nsc, site_id, credential_id) ⇒ SiteCredential

Load an credential from the provided console.

Parameters:

• nsc (Connection) —

  Active connection to a Nexpose console.

• id (String) —

  Unique identifier of an site.

• id (String) —

  Unique identifier of an credential.

Returns:

• (SiteCredential) —

  The requested credential of site, if found.

# File 'lib/nexpose/site_credentials.rb', line 126

def self.load(nsc, site_id, credential_id)
  uri  = "/api/2.1/sites/#{site_id}/credentials/#{credential_id}"
  resp = AJAX.get(nsc, uri, AJAX::CONTENT_TYPE::JSON)
  hash = JSON.parse(resp, symbolize_names: true)
  new.object_from_hash(nsc, hash)
end

Instance Method Details

#==(other) ⇒ Object

# File 'lib/nexpose/site_credentials.rb', line 195

def ==(other)
  eql?(other)
end

#_to_param(target, engine_id, port, siteid) ⇒ Object

# File 'lib/nexpose/site_credentials.rb', line 83

def _to_param(target, engine_id, port, siteid)
  {
    dev: target,
    port: port,
    siteID: siteid,
    engineID: engine_id,
    service: @service,
    domain: @domain,
    database: @database,
    userName: @user_name,
    password: @password,
    privilegeElevationUserName: @permission_elevation_user,
    privilegeElevationPassword: @permission_elevation_password,
    privilegeElevationType: @permission_elevation_type,
    pemkey: @pem_format_private_key,
    snmpv3AuthType: @authentication_type,
    snmpv3PrivType: @privacy_type,
    snmpv3PrivPassword: @privacy_password
  }
end

#copy ⇒ SiteCredentials

Copy an existing configuration from a site credential. Returned object will reset the credential ID and append “Copy” to the existing name. Reminder: The password field will not be populated due to the API not sending password.

Returns:

• (SiteCredentials) —

  modified.

# File 'lib/nexpose/site_credentials.rb', line 157

def copy
  site_credential      = self.clone
  site_credential.id   = -1
  site_credential.name = "#{site_credential.name} Copy"
  site_credential
end

#eql?(other) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/nexpose/site_credentials.rb', line 199

def eql?(other)
  id.eql?(other.id) &&
  service.eql?(other.service) &&
  host_restriction.eql?(other.host_restriction) &&
  port_restriction.eql?(other.port_restriction) &&
  password.eql?(other.password) &&
  name.eql?(other.name) &&
  enabled.eql?(other.enabled) &&
  description.eql?(other.description) &&
  domain.eql?(other.domain) &&
  database.eql?(other.database) &&
  permission_elevation_type.eql?(other.permission_elevation_type) &&
  permission_elevation_user.eql?(other.permission_elevation_user) &&
  permission_elevation_password.eql?(other.permission_elevation_password) &&
  authentication_type.eql?(other.authentication_type) &&
  privacy_type.eql?(other.privacy_type) &&
  privacy_password.eql?(other.privacy_password) &&
  user_name.eql?(other.user_name) &&
  notes_id_password.eql?(other.notes_id_password) &&
  use_windows_auth.eql?(other.use_windows_auth) &&
  sid.eql?(other.sid) &&
  service_name.eql?(other.service_name) &&
  pem_format_private_key.eql?(other.pem_format_private_key) &&
  community_name.eql?(other.community_name) &&
  scope.eql?(other.scope)
end

#test(nsc, target, engine_id = nil, siteid = -1)) ⇒ Boolean

Test this credential against a target where the credentials should apply. Only works for a newly created credential. Loading an existing credential will likely fail due to the API not sending password.

Parameters:

• nsc (Connection) —

  An active connection to the security console.

• target (String) —

  Target host to check credentials against.

• engine_id (Fixnum) (defaults to: nil) —

  ID of the engine to use for testing credentials. Will default to the local engine if none is provided.

• siteid (Fixnum) (defaults to: -1))

Returns:

• (Boolean) —

  If the credential is able to connect to the target.

# File 'lib/nexpose/site_credentials.rb', line 72

def test(nsc, target, engine_id = nil, siteid = -1)
  unless engine_id
    engine_id = nsc.engines.detect { |e| e.name == 'Local scan engine' }.id
  end
  @port      = Credential::DEFAULT_PORTS[@service] if @port.nil?
  parameters = _to_param(target, engine_id, @port, siteid)
  parameters = JSON.generate(parameters)
  resp       = JSON.parse(Nexpose::AJAX.post(nsc, '/data/credential/test', parameters, Nexpose::AJAX::CONTENT_TYPE::JSON))
  resp['success'] == 'true'
end

#to_h ⇒ Object

# File 'lib/nexpose/site_credentials.rb', line 168

def to_h
  { id: id,
    service: service,
    host_restriction: host_restriction,
    port_restriction: port_restriction,
    password: password,
    name: name,
    enabled: enabled,
    description: description,
    domain: domain,
    database: database,
    permission_elevation_type: permission_elevation_type,
    permission_elevation_user: permission_elevation_user,
    permission_elevation_password: permission_elevation_password,
    authentication_type: authentication_type,
    privacy_type: privacy_type,
    privacy_password: privacy_password,
    user_name: user_name,
    notes_id_password: notes_id_password,
    use_windows_auth: use_windows_auth,
    sid: sid,
    service_name: service_name,
    pem_format_private_key: pem_format_private_key,
    community_name: community_name,
    scope: scope }
end

#to_json ⇒ Object

# File 'lib/nexpose/site_credentials.rb', line 164

def to_json
  JSON.generate(to_h)
end