-
Notifications
You must be signed in to change notification settings - Fork 26
/
Copy pathset-aia-settings.sh
82 lines (71 loc) · 4.09 KB
/
set-aia-settings.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
#!/bin/bash
## set-aia-settings <user> <pass> <elbfqdn> <consoleport>
user=$1
pass=$2
managerfqdn=$3
consoleport=$4
manager=localhost:${4}
SID=`curl -k -H "Content-Type: application/json" -X POST "https://${manager}/rest/authentication/login/primary" -d '{"dsCredentials":{"userName":"'${user}'","password":"'${pass}'"}}'`
curl -k -v -H "Content-Type: text/xml;charset=UTF-8" -H 'SOAPAction: "systemSettingSet"' "https://${manager}/webservice/Manager" -d \
'<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:urn="urn:Manager">'\
'<soapenv:Header/>'\
'<soapenv:Body>'\
'<urn:systemSettingSet>'\
'<urn:editableSettings>'\
'<urn:settingKey>CONFIGURATION_AGENTINITIATEDACTIVATION</urn:settingKey>'\
'<urn:settingUnit>NONE</urn:settingUnit>'\
'<urn:settingValue>1</urn:settingValue>'\
'</urn:editableSettings>'\
'<urn:editableSettings>'\
'<urn:settingKey>CONFIGURATION_AGENTINITIATEDACTIVATIONACTIVEHOST</urn:settingKey>'\
'<urn:settingUnit>NONE</urn:settingUnit>'\
'<urn:settingValue>2</urn:settingValue>'\
'<urn:settingKey>CONFIGURATION_AGENTCOMMUNICATIONS</urn:settingKey>'\
'<urn:settingUnit>NONE</urn:settingUnit>'\
'<urn:settingValue>1</urn:settingValue>'\
'</urn:editableSettings>'\
'<urn:sID>'${SID}'</urn:sID>'\
'</urn:systemSettingSet>'\
'</soapenv:Body>'\
'</soapenv:Envelope'\>
## get Base Policy policyId
policyid=$(curl -ks -H "Content-Type: text/xml;charset=UTF-8" -H 'SOAPAction: "securityProfileRetrieveByName"' "https://${manager}/webservice/Manager" -d '<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:urn="urn:Manager"><soapenv:Header/><soapenv:Body><urn:securityProfileRetrieveByName><urn:name>Base Policy</urn:name><urn:sID>'${SID}'</urn:sID></urn:securityProfileRetrieveByName></soapenv:Body></soapenv:Envelope>' | xml_grep ID --text_only)
echo -e "policyid for Deep Security Manager Policy is $policyid\n" >> aiaSettings.log
## Set Communication Direction to Agent Initated on Base Policy
curl -ks -H "Content-Type: text/xml;charset=UTF-8" -H 'SOAPAction: "securityProfileSettingSet"' "https://${manager}/webservice/Manager" -d \
'<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:urn="urn:Manager">'\
'<soapenv:Header/>'\
'<soapenv:Body>'\
'<urn:securityProfileSettingSet>'\
'<urn:securityProfileID>'${policyid}'</urn:securityProfileID>'\
'<urn:editableSettings>'\
'<urn:settingKey>CONFIGURATION_AGENTCOMMUNICATIONS</urn:settingKey>'\
'<urn:settingUnit>NONE</urn:settingUnit>'\
'<urn:settingValue>1</urn:settingValue>'\
'</urn:editableSettings>'\
'<urn:sID>'${SID}'</urn:sID>'\
'</urn:securityProfileSettingSet>'\
'</soapenv:Body>'\
'</soapenv:Envelope>'
## get Deep Security Virtual Appliance policyId
policyid=$(curl -ks -H "Content-Type: text/xml;charset=UTF-8" -H 'SOAPAction: "securityProfileRetrieveByName"' "https://${manager}/webservice/Manager" -d '<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:urn="urn:Manager"><soapenv:Header/><soapenv:Body><urn:securityProfileRetrieveByName><urn:name>Deep Security Virtual Appliance</urn:name><urn:sID>'${SID}'</urn:sID></urn:securityProfileRetrieveByName></soapenv:Body></soapenv:Envelope>' | xml_grep ID --text_only)
echo -e "policyid for Deep Security Virtual Appliance Policy is $policyid\n" >> aiaSettings.log
## Set Communication Direction to Bi-directional on DSVA policy
curl -ks -H "Content-Type: text/xml;charset=UTF-8" -H 'SOAPAction: "securityProfileSettingSet"' "https://${manager}/webservice/Manager" -d \
'<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:urn="urn:Manager">'\
'<soapenv:Header/>'\
'<soapenv:Body>'\
'<urn:securityProfileSettingSet>'\
'<urn:securityProfileID>'${policyid}'</urn:securityProfileID>'\
'<urn:editableSettings>'\
'<urn:settingKey>CONFIGURATION_AGENTCOMMUNICATIONS</urn:settingKey>'\
'<urn:settingUnit>NONE</urn:settingUnit>'\
'<urn:settingValue>3</urn:settingValue>'\
'</urn:editableSettings>'\
'<urn:sID>'${SID}'</urn:sID>'\
'</urn:securityProfileSettingSet>'\
'</soapenv:Body>'\
'</soapenv:Envelope>'
## log out
curl -k -X DELETE https://localhost:$4/rest/authentication/logout?sID="$SID"
exit