Bash and PowerShell scripts for FIM Re-Baselining
- FIM Re-Baseline Script Goal
- FIM Re-Baseline Pre-Requisites
- Bash Script (Linux Environment)
- JQ Tool
- Script Mode
- PowerShell Script (Windows Environment)
- Enable execution of PowerShell scripts
- Bash Script (Linux Environment)
- FIM Re-Baseline Script Parameters
- Passing parameters to the FIM Re-Baseline script
- Bash Script (Linux Environment)
- PowerShell Script (Windows Environment)
- FIM Re-Baseline Script Outputs
- FIM Re-Baseline Script Process
Updates the baseline (re-runs the baseline scan) specified by baseline ID and policy ID in the call URL, on the server specified in the request body.
The script requires third tool library called “jq” to be installed in the underlying operating system. jq is a powerful tool that lets you read, filter, and write JSON in bash. To install jq run the below command:
sudo yum install jq
Created bash script needs to be marked as executable bash file in order to be able to call it from the console. To change the mode of the bash script file run the command below:
sudo chmod 775 FIM Re-Baselining bash.sh
In order to be able to call the PowerShell script, you should enable execution of PowerShell scripts on the underlying operating system. Two steps to enable execution of PowerShell scripts:
- Start Windows PowerShell with the "Run as Administrator" option. Only members of the Administrators group on the computer can change the execution policy.
- Enable running unsigned scripts by entering:
set-executionpolicy remotesigned
This will allow running unsigned scripts that you write on your local computer and signed scripts from Internet.
To be able to run the bash / powershell script, you should provide the following input parameters:
- api_key_id
- api_key_secret
- fim_policy_id
- fim_baseline_id
- expires_at
- comment
- server_id
- agent_id
There are two versions of the bash script.
-
The first version of the bash script named “FIM_Re- Baselining_Bash_Command-Params.sh” takes the input parameters from the terminal as illustrated in Figure 1.
$ bash FIM_Re-Baselining_Bash_Command-Params.sh -a "a7ab96e8" -b "2ab3cc676c5fa33e43aaf64c84660b11" -c "c77c809ab26b11eaafc959098258d76d" -d "3d969ba8b27111ea9a4515c8227f0790" -e "" -f "FIM_Rebaselining_Script" -g "b7303e86b26911ea8c421382890b5bc7" -h ""
Figure 1. Passing input parameters to the bash script from the terminal.
-
The second version of the bash script named “FIM_Re- Baselining_Bash_Static-Params.sh” takes the input parameters in a static manner where input parameters are set in the script source as illustrated in Figure 2.
#!/bin/bash
# Input Variables
api_key_id="a7ab96e8"
api_key_secret="2ab3cc676c5fa33e43aaf64c84660b11"
fim_policy_id="c77c809ab26b11eaafc959098258d76d"
fim_baseline_id="3d969ba8b27111ea9a4515c8227f0790"
expires_at=""
comment="FIM_Rebaselining_Script"
agent_id=""
server_id="b7303e86b26911ea8c421382890b5bc7"
Figure 2. passing input parameters to the bash script in a static manner through the script source.
There are two versions of the powershell script.
- The first version of the powershell script named “FIM_Re- Baselining_Powershell_Command-Params.ps1” takes the input parameters from the command prompt as illustrated in Figure 3.
PS C:\Users\Tom\Projects\CloudPassage\FIM_Baseline_Script\Scripts> .\FIM_Re-Baselining_Powershell_Command-Params.ps1
-api_key_id "a7ab96e8"
-api_key_secret "2ab3cc676c5fa33e43aaf64c84660b11"
-fim_policy_id "c77c809ab26b11eaafc959098258d76d"
-fim_baseline_id "3d969ba8b27111ea9a4515c8227f0790"
-expires_at ""
-comment "FIM_Rebaselining_Script"
-server_id "b7303e86b26911ea8c421382890b5bc7"
-agent_id ""
Figure 3. passing input parameters to the powershell script through the command prompt.
- The second version of the powershell script named “FIM_Re- Baselining_Powershell_File-Params.ps1” takes the input parameters from a configuration file called “inputparams.txt” located in the same directory of the script as illustrated in Figure 4.
api_key_id=a7ab96e8
api_key_secret=2ab3cc676c5fa33e43aaf64c84660b11
fim_policy_id=c77c809ab26b11eaafc959098258d76d
fim_baseline_id=3d969ba8b27111ea9a4515c8227f0790
expires_at=
comment=FIM_Rebaselining_Script_Powershell_New
server_id=b7303e86b26911ea8c421382890b5bc7
agent_id=
Figure 4. Passing input parameters to the powershell script through a configuration file located in the same directory of the script.
The script exports all generated results into log file created in the same directory of the script. If the script updated the baseline successfully without any errors, you should receive response as illustrated in Figure 5.
{"baseline":{"id":"3d969ba8b27111ea9a4515c8227f0790",
"url":"https://api.cloudpassage.com/v1/fim_policies/c77c809ab26b
11eaafc959098258d76d/baselines/3d969ba8b27111ea9a4515c8227f0790"
,"server_id":"b7303e86b26911ea8c421382890b5bc7","comment":"FIM_R
ebaselining_Script","status":"Pending",
"effective_at":null,"expires_at":null,"policy_name":"FIM_Baselin
e_Linux_Policy",
"server_name":"ip-172-31-36-201.us-east-
2.compute.internal","platform":"linux"}}
Figure 5. Sample of the script returned results.
FIM Re-Baseline script executes specific interal tasks to update the baseline. These steps are illustrated in Figure 6.
Figure 6. FIM Re-Baseline Script Process