]> code.communitydata.science - nu-vpn-proxy.git/blob - hipreport-modified.sh
noting version requirement for openconnect
[nu-vpn-proxy.git] / hipreport-modified.sh
1 #!/bin/sh
2
3 # openconnect will call this script with the follow command-line
4 # arguments, which are needed to populate the contents of the
5 # HIP report:
6 #
7 #   --cookie: a URL-encoded string, as output by openconnect
8 #             --authenticate --protocol=gp, which includes parameters
9 #             from the /ssl-vpn/login.esp response
10 #
11 #   --client-ip{,v6}: IPv4/6 addresses allocated by the GlobalProtect
12 #                     VPN for this client (included in
13 #                     /ssl-vpn/getconfig.esp response)
14 #
15 #   --md5: The md5 digest to encode into this HIP report. I'm not sure
16 #          exactly what this is the md5 digest *of*, but all that
17 #          really matters is that the value in the HIP report
18 #          submission should match the value in the HIP report check.
19 #
20 # This hipreport.sh does not work as-is on Android. The large here-doc
21 # (cat <<EOF) does not appear to work with Android's /system/bin/sh,
22 # likely due to an insufficient read buffer size.
23 # Try hipreport-android.sh instead.
24
25 # Read command line arguments into variables
26 COOKIE=
27 IP=
28 IPv6=
29 MD5=
30
31 while [ "$1" ]; do
32     if [ "$1" = "--cookie" ];      then shift; COOKIE="$1"; fi
33     if [ "$1" = "--client-ip" ];   then shift; IP="$1"; fi
34     if [ "$1" = "--client-ipv6" ]; then shift; IPV6="$1"; fi
35     if [ "$1" = "--md5" ];         then shift; MD5="$1"; fi
36     shift
37 done
38
39 if [ -z "$COOKIE" -o -z "$MD5" -o -z "$IP$IPV6" ]; then
40     echo "Parameters --cookie, --md5, and --client-ip and/or --client-ipv6 are required" >&2
41     exit 1;
42 fi
43
44 # Extract username and domain and computer from cookie
45 USER=$(echo "$COOKIE" | sed -rn 's/(.+&|^)user=([^&]+)(&.+|$)/\2/p')
46 DOMAIN=$(echo "$COOKIE" | sed -rn 's/(.+&|^)domain=([^&]+)(&.+|$)/\2/p')
47 COMPUTER=$(echo "$COOKIE" | sed -rn 's/(.+&|^)computer=([^&]+)(&.+|$)/\2/p')
48
49 # Timestamp in the format expected by GlobalProtect server
50 NOW=$(date +'%m/%d/%Y %H:%M:%S')
51 DAY=$(date +'%d')
52 MONTH=$(date +'%m')
53 YEAR=$(date +'%Y')
54
55 # This value may need to be extracted from the official HIP report, if a made-up value is not accepted.
56 HOSTID="deadbeef-dead-beef-dead-beefdeadbeef"
57
58 cat <<EOF
59
60 <?xml version="1.0" encoding="UTF-8"?>
61 <hip-report>
62     <md5-sum>$MD5</md5-sum>
63     <user-name>$USER</user-name>
64     <domain>$USER</domain>
65     <host-name>$COMPUTER</host-name>
66     <host-id>$HOSTID</host-id>
67     <ip-address>$IP</ip-address>
68     <ipv6-address>$IPV6</ipv6-address>
69         <generate-time>$NOW</generate-time>
70         <categories>
71                 <entry name="host-info">
72                         <client-version>5.1.0-101</client-version>
73                         <os>Linux 4.19.0-6-amd64</os>
74                         <os-vendor>Linux</os-vendor>
75                         <domain>domain.com</domain>
76                         <host-name>spes</host-name>
77                         <host-id>d6f838cc-2b6f-11b2-a85c-d7bcda6b231e</host-id>
78                         <network-interface>
79                                 <entry name="pan1">
80                                         <description>pan1</description>
81                                         <mac-address>42:4e:62:fe:ef:87</mac-address>
82                                         <ip-address>
83                                                 <entry name="$IP"/>
84                                         </ip-address>
85                                         <ipv6-address>
86                                                 <entry name="$IPV6"/>
87                                         </ipv6-address>
88                                 </entry>
89                         </network-interface>
90                 </entry>
91         </categories>
92 </hip-report><?xml version="1.0" encoding="UTF-8"?>
93 <hip-report>
94     <md5-sum>$MD5</md5-sum>
95     <user-name>$USER</user-name>
96     <domain>$USER</domain>
97     <host-name>$COMPUTER</host-name>
98     <host-id>$HOSTID</host-id>
99     <ip-address>$IP</ip-address>
100     <ipv6-address>$IPV6</ipv6-address>
101         <generate-time>$NOW</generate-time>
102         <hip-report-version>4</hip-report-version>
103         <categories>
104                 <entry name="host-info">
105                         <client-version>5.1.0-101</client-version>
106                         <os>Linux 4.19.0-6-amd64</os>
107                         <os-vendor>Linux</os-vendor>
108                         <domain>domain.com</domain>
109                         <host-name>spes</host-name>
110                         <host-id>d6f838cc-2b6f-11b2-a85c-d7bcda6b231e</host-id>
111                         <network-interface>
112                                 <entry name="pan1">
113                                         <description>pan1</description>
114                                         <mac-address>42:4e:62:fe:ef:87</mac-address>
115                                         <ip-address>
116                                                 <entry name="$IP"/>
117                                         </ip-address>
118                                         <ipv6-address>
119                                                 <entry name="$IPV6"/>
120                                         </ipv6-address>
121                                 </entry>
122                         </network-interface>
123                 </entry>
124                 <entry name="anti-malware">
125                         <list>
126                         </list>
127                 </entry>
128                 <entry name="disk-backup">
129                         <list>
130                         </list>
131                 </entry>
132                 <entry name="disk-encryption">
133                         <list>
134                         </list>
135                 </entry>
136                 <entry name="firewall">
137                         <list>
138                         </list>
139                 </entry>
140                 <entry name="patch-management">
141                         <list>
142                         </list>
143                 </entry>
144                 <entry name="data-loss-prevention">
145                         <list>
146                         </list>
147                 </entry>
148         </categories>
149 </hip-report>
150 EOF

Community Data Science Collective || Want to submit a patch?