3 # openconnect will call this script with the follow command-line
4 # arguments, which are needed to populate the contents of the
7 # --cookie: a URL-encoded string, as output by openconnect
8 # --authenticate --protocol=gp, which includes parameters
9 # from the /ssl-vpn/login.esp response
11 # --client-ip{,v6}: IPv4/6 addresses allocated by the GlobalProtect
12 # VPN for this client (included in
13 # /ssl-vpn/getconfig.esp response)
15 # --md5: The md5 digest to encode into this HIP report. I'm not sure
16 # exactly what this is the md5 digest *of*, but all that
17 # really matters is that the value in the HIP report
18 # submission should match the value in the HIP report check.
20 # This hipreport.sh does not work as-is on Android. The large here-doc
21 # (cat <<EOF) does not appear to work with Android's /system/bin/sh,
22 # likely due to an insufficient read buffer size.
23 # Try hipreport-android.sh instead.
25 # Read command line arguments into variables
32 if [ "$1" = "--cookie" ]; then shift; COOKIE="$1"; fi
33 if [ "$1" = "--client-ip" ]; then shift; IP="$1"; fi
34 if [ "$1" = "--client-ipv6" ]; then shift; IPV6="$1"; fi
35 if [ "$1" = "--md5" ]; then shift; MD5="$1"; fi
39 if [ -z "$COOKIE" -o -z "$MD5" -o -z "$IP$IPV6" ]; then
40 echo "Parameters --cookie, --md5, and --client-ip and/or --client-ipv6 are required" >&2
44 # Extract username and domain and computer from cookie
45 USER=$(echo "$COOKIE" | sed -rn 's/(.+&|^)user=([^&]+)(&.+|$)/\2/p')
46 DOMAIN=$(echo "$COOKIE" | sed -rn 's/(.+&|^)domain=([^&]+)(&.+|$)/\2/p')
47 COMPUTER=$(echo "$COOKIE" | sed -rn 's/(.+&|^)computer=([^&]+)(&.+|$)/\2/p')
49 # Timestamp in the format expected by GlobalProtect server
50 NOW=$(date +'%m/%d/%Y %H:%M:%S')
55 # This value may need to be extracted from the official HIP report, if a made-up value is not accepted.
56 HOSTID="deadbeef-dead-beef-dead-beefdeadbeef"
60 <?xml version="1.0" encoding="UTF-8"?>
62 <md5-sum>$MD5</md5-sum>
63 <user-name>$USER</user-name>
64 <domain>$USER</domain>
65 <host-name>$COMPUTER</host-name>
66 <host-id>$HOSTID</host-id>
67 <ip-address>$IP</ip-address>
68 <ipv6-address>$IPV6</ipv6-address>
69 <generate-time>$NOW</generate-time>
71 <entry name="host-info">
72 <client-version>5.1.0-101</client-version>
73 <os>Linux 4.19.0-6-amd64</os>
74 <os-vendor>Linux</os-vendor>
75 <domain>domain.com</domain>
76 <host-name>spes</host-name>
77 <host-id>d6f838cc-2b6f-11b2-a85c-d7bcda6b231e</host-id>
80 <description>pan1</description>
81 <mac-address>42:4e:62:fe:ef:87</mac-address>
92 </hip-report><?xml version="1.0" encoding="UTF-8"?>
94 <md5-sum>$MD5</md5-sum>
95 <user-name>$USER</user-name>
96 <domain>$USER</domain>
97 <host-name>$COMPUTER</host-name>
98 <host-id>$HOSTID</host-id>
99 <ip-address>$IP</ip-address>
100 <ipv6-address>$IPV6</ipv6-address>
101 <generate-time>$NOW</generate-time>
102 <hip-report-version>4</hip-report-version>
104 <entry name="host-info">
105 <client-version>5.1.0-101</client-version>
106 <os>Linux 4.19.0-6-amd64</os>
107 <os-vendor>Linux</os-vendor>
108 <domain>domain.com</domain>
109 <host-name>spes</host-name>
110 <host-id>d6f838cc-2b6f-11b2-a85c-d7bcda6b231e</host-id>
113 <description>pan1</description>
114 <mac-address>42:4e:62:fe:ef:87</mac-address>
119 <entry name="$IPV6"/>
124 <entry name="anti-malware">
128 <entry name="disk-backup">
132 <entry name="disk-encryption">
136 <entry name="firewall">
140 <entry name="patch-management">
144 <entry name="data-loss-prevention">