Added Bearer Auth

jamf/jamf 1.2.2/assign_policy.py

@@ -0,0 +1,85 @@
+'''
+Copyright © 2020 Forescout Technologies, Inc.
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
+'''
+
+import urllib.request
+from urllib.request import HTTPError, URLError
+import logging
+
+url = params["connect_jamf_url"]
+policy_name = urllib.parse.quote(params["jamf_policy"])
+assign_policy_url = f"{url}/JSSResource/policies/name/{policy_name}"
+
+logging.debug("The URL is: {assign_policy_url}")
+username = params["connect_jamf_username"]
+password = params["connect_jamf_password"]
+
+# Proxy support
+jamf_proxy_enabled = params.get("connect_proxy_enable")
+jamf_proxy_basic_auth_ip = params.get("connect_proxy_ip")
+jamf_proxy_port = params.get("connect_proxy_port")
+jamf_proxy_username = params.get("connect_proxy_username")
+jamf_proxy_password = params.get("connect_proxy_password")
+opener = jamf_lib.handle_proxy_configuration(jamf_proxy_enabled,*-/+
+                                             jamf_proxy_basic_auth_ip,
+                                             jamf_proxy_port,
+                                             jamf_proxy_username,
+                                             jamf_proxy_password, ssl_context)
+
+response = {}
+
+if "dhcp_hostname_v2" in params:
+    xml_body = '<policy><name>' + \
+        params["jamf_policy"] + '</name><scope><computer_additions><computer>'
+    computer = '<name>' + params["dhcp_hostname_v2"] + '</name>'
+    xml_body += computer + '</computer></computer_additions></scope></policy>'
+    logging.debug(f"Content of xml body: {xml_body}")
+    xml_body = xml_body.encode("utf-8")
+
+    try:
+        request = urllib.request.Request(url, data=xml_body, method='PUT')
+        token = params.get('connect_authorization_token')
+        request.add_header("Authorization", f"Bearer {token}")
+        request.add_header("Content-Type", "application/xml")
+
+        # resp = urllib.request.urlopen(request, context=ssl_context)
+
+        assign_policy_handle = opener.open(request)
+
+        logging.info(f"Response code is {assign_policy_handle.getcode()}")
+        if assign_policy_handle.getcode() >= 200 and assign_policy_handle.getcode() < 300:
+            response["succeeded"] = True
+
+    except HTTPError as e:
+        response["succeeded"] = False
+        response["troubleshooting"] = f"Failed action. Response code: {e.code}"
+    except URLError as e:
+        response["succeeded"] = False
+        response["troubleshooting"] = f"Failed action. {e.reason}"
+    except Exception as e:
+        logging.exception(e)
+        response["succeeded"] = False
+        response["troubleshooting"] = f"Failed action. {str(e)}"
+else:
+    logging.error(
+        "Adding the endpoint to the scope of the policy requires a hostname.")
+    response["succeeded"] = False
+    response["troubleshooting"] = "Failed action. Endpoint does not have a hostname."

jamf/jamf 1.2.2/auth.py

@@ -0,0 +1,35 @@
+import requests
+import re
+import logging
+
+url = params["connect_jamf_url"]
+username = params["connect_jamf_username"]
+password = params["connect_jamf_password"]
+
+def get_jamf_token(username: str, password: str, url: str) -> str:
+    try:
+        response = requests.post(f"{url}/api/v1/auth/token", auth=(username, password), verify=False)
+        response.raise_for_status()
+        if response.json().get('token'):
+            return response.json().get('token')
+        else:
+            raise ValueError("Token not found in the response")
+
+    except requests.exceptions.RequestException as e:
+        logging.error(f"JAMF FAILED TO GET TOKEN: {e}")
+        return None
+    except Exception as e:
+        logging.error(f"JAMF FAILED TO GET TOKEN: {e}")
+        return None
+
+response = {}
+token = get_jamf_token(username, password, url)
+
+if token is not None:
+    response['token'] = token
+    response['succeeded'] = True
+else:
+    response['token']= ""
+    response['succeeded'] = False
+
+

jamf/jamf 1.2.2/jamf_lib.py

@@ -0,0 +1,84 @@
+'''
+Copyright © 2020 Forescout Technologies, Inc.
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
+'''
+
+import base64
+
+import logging
+import urllib.request
+
+
+def create_auth(username, password):
+    basic_auth_string = base64.b64encode(
+        bytes('%s:%s' % (username, password), 'ascii'))
+    return basic_auth_string.decode('utf-8')
+
+
+def get_proxy_dict(proxy_basic_auth_ip, proxy_port, proxy_username, proxy_password):
+    """
+    Generates the proxy dictionary object to be used in the handle_proxy_configuration() function, and as the 'proxies' argument in requests library API call
+    :return: proxy dictionary for both http and https connections
+    """
+    logging.debug("PROXY IS ENABLED --> Generating proxy dictionary...")
+
+    logging.debug("Proxy Basic Auth IP: " + proxy_basic_auth_ip)
+    logging.debug("Proxy Port: " + proxy_port)
+    logging.debug("Proxy Username: " + proxy_username)
+
+    if proxy_username is None or proxy_password is None:
+        proxy_dict = {
+            "http": "http://{}:{}".format(proxy_basic_auth_ip, proxy_port),
+            "https": "https://{}:{}".format(proxy_basic_auth_ip, proxy_port)
+        }
+    else:
+        proxy_dict = {
+            "http": "http://{}:{}@{}:{}".format(proxy_username, proxy_password, proxy_basic_auth_ip, proxy_port),
+            "https": "https://{}:{}@{}:{}".format(proxy_username, proxy_password, proxy_basic_auth_ip, proxy_port)
+        }
+
+    #logging.debug("PROXY HTTP URL: {}".format(proxy_dict.get("http")))
+    #logging.debug("PROXY HTTPS URL: {}".format(proxy_dict.get("https")))
+    return(proxy_dict)
+
+
+def handle_proxy_configuration(proxy_enabled, proxy_basic_auth_ip, proxy_port, proxy_username, proxy_password, ssl_context):
+    """
+    Handles the proxy server in the case that proxy was enabled by the user
+    :return: opener that handles both proxy and no proxy ONLY for the urllib library
+    """
+    logging.debug("Proxy Enabled: " + proxy_enabled)
+
+    # creating the https handler object
+    https_handler = urllib.request.HTTPSHandler(context=ssl_context)
+
+    # with proxy handler
+    if proxy_enabled == "true":
+        # get proxy_dict
+        proxy_dict = get_proxy_dict(
+            proxy_basic_auth_ip, proxy_port, proxy_username, proxy_password)
+        proxy_handler = urllib.request.ProxyHandler(proxy_dict)
+        opener = urllib.request.build_opener(proxy_handler, https_handler)
+        logging.debug("Opener object with Proxy support ENABLED")
+    else:
+        # without proxy handler
+        opener = urllib.request.build_opener(https_handler)
+        logging.debug("Opener object with Proxy DISABLED")
+    return(opener)

jamf/jamf 1.2.2/license.txt

@@ -0,0 +1,19 @@
+Copyright © 2020 Forescout Technologies, Inc.
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

jamf/jamf 1.2.2/policies/nptemplates/JamfAudit.xml

@@ -0,0 +1,117 @@
+<POLICY>
+    <RULE APP_VERSION="8.2.0-1565" CACHE_TTL="259200" CACHE_TTL_SYNCED="true" CLASSIFICATION="REG_STATUS" DESCRIPTION="Use this template to create a Forescout policy to check for Installed Applications on Jamf managed endpoints.&#10;&#10;Note: Endpoints in this Forescout policy should belong to a Jamf managed group.&#10;&#10;Optional remediation actions can be used to: &#10;&#10;* Notify Forescout administrator to manually install or remove software on the endpoint from Jamf&#10;&#10;* Send log events to syslog or SIEM service about the installed software on the endpoint.&#10;&#10;* Create a ServiceNOW IT incident ticket to begin Jamf manual remediation workflow. (Note: ServiceNOW eyeExtend module is required)&#10;&#10;These actions are disabled by default." ENABLED="true" ID="7903963197397519716" NAME="Jamf example Installed Application Audit" NOT_COND_UPDATE="true" UPGRADE_PERFORMED="true">
+        <GROUP_IN_FILTER/>
+        <INACTIVITY_TTL TTL="259200000" USE_DEFAULT="true"/>
+        <ADMISSION_RESOLVE_DELAY TTL="30000" USE_DEFAULT="true"/>
+        <MATCH_TIMING RATE="28800" SKIP_INACTIVE="true">
+            <ADMISSION ALL="true"/>
+        </MATCH_TIMING>
+        <EXPRESSION EXPR_TYPE="SIMPLE">
+            <!--Rule expression. Rule name is: Jamf example Installed Application Audit-->
+            <CONDITION EMPTY_LIST_VALUE="false" FIELD_NAME="in-group" LABEL="Member of Group" LEFT_PARENTHESIS="0" LOGIC="AND" RET_VALUE_ON_UKNOWN="IRRESOLVED" RIGHT_PARENTHESIS="0">
+                <FILTER FILTER_ID="4002152787089747586">
+                    <GROUP ID="3918488197683043697" NAME="Manageable via Jamf"/>
+                </FILTER>
+            </CONDITION>
+        </EXPRESSION>
+        <EXCEPTION NAME="ip" UNKNOWN_EVAL="UNMATCH"/>
+        <EXCEPTION NAME="mac" UNKNOWN_EVAL="UNMATCH"/>
+        <EXCEPTION NAME="nbthost" UNKNOWN_EVAL="UNMATCH"/>
+        <EXCEPTION NAME="user" UNKNOWN_EVAL="UNMATCH"/>
+        <EXCEPTION NAME="group" UNKNOWN_EVAL="UNMATCH"/>
+        <ORIGIN NAME="CUSTOM"/>
+        <UNMATCH_TIMING RATE="28800" SKIP_INACTIVE="true">
+            <ADMISSION ALL="true"/>
+        </UNMATCH_TIMING>
+        <SEGMENT ID="-8626650449914236856" NAME="Andracia">
+            <RANGE FROM="10.10.17.0" TO="10.10.17.255"/>
+        </SEGMENT>
+        <RULE_CHAIN>
+            <INNER_RULE APP_VERSION="8.2.0-1565" CACHE_TTL="259200" CACHE_TTL_SYNCED="true" CLASSIFICATION="REG_STATUS" DESCRIPTION="" ID="-2395276622384673286" NAME="Endpoint example software installed" NOT_COND_UPDATE="true" RECHECK_MAIN_RULE_DEF="true">
+                <MATCH_TIMING RATE="28800" SKIP_INACTIVE="true">
+                    <ADMISSION ALL="true"/>
+                </MATCH_TIMING>
+                <EXPRESSION EXPR_TYPE="OR">
+                    <!--Rule expression. Rule name is: Endpoint example software installed-->
+                    <EXPRESSION EXPR_TYPE="SIMPLE">
+                        <CONDITION EMPTY_LIST_VALUE="false" FIELD_NAME="connect_jamf_software_installed" LABEL="Jamf Software Installed" LEFT_PARENTHESIS="0" LOGIC="OR" PLUGIN_NAME="Connect" PLUGIN_UNIQUE_NAME="connect_module" PLUGIN_VESRION="1.0.0" PLUGIN_VESRION_NUMBER="10001352" RET_VALUE_ON_UKNOWN="UNMATCH" RIGHT_PARENTHESIS="0">
+                            <FILTER CASE_SENSITIVE="false" FILTER_ID="3857973187310371818" TYPE="equals">
+                                <VALUE VALUE2="&lt;insert application name&gt;"/>
+                            </FILTER>
+                        </CONDITION>
+                    </EXPRESSION>
+                    <EXPRESSION EXPR_TYPE="SIMPLE">
+                        <CONDITION EMPTY_LIST_VALUE="false" FIELD_NAME="connect_jamf_software_installed" LABEL="Jamf Software Installed" LEFT_PARENTHESIS="0" LOGIC="OR" PLUGIN_NAME="Connect" PLUGIN_UNIQUE_NAME="connect_module" PLUGIN_VESRION="1.0.0" PLUGIN_VESRION_NUMBER="10001352" RET_VALUE_ON_UKNOWN="UNMATCH" RIGHT_PARENTHESIS="0">
+                            <FILTER CASE_SENSITIVE="false" FILTER_ID="-163753724635619638" LINKED="true">
+                                <LINK ID="587622377586590346"/>
+                            </FILTER>
+                        </CONDITION>
+                    </EXPRESSION>
+                </EXPRESSION>
+                <EXCEPTION NAME="ip" UNKNOWN_EVAL="UNMATCH"/>
+                <EXCEPTION NAME="mac" UNKNOWN_EVAL="UNMATCH"/>
+                <EXCEPTION NAME="nbthost" UNKNOWN_EVAL="UNMATCH"/>
+                <EXCEPTION NAME="user" UNKNOWN_EVAL="UNMATCH"/>
+                <EXCEPTION NAME="group" UNKNOWN_EVAL="UNMATCH"/>
+            </INNER_RULE>
+            <INNER_RULE APP_VERSION="8.2.0-1565" CACHE_TTL="259200" CACHE_TTL_SYNCED="true" CLASSIFICATION="REG_STATUS" DESCRIPTION="" ID="1104258141472391584" NAME="Endpoint missing example application" NOT_COND_UPDATE="true" RECHECK_MAIN_RULE_DEF="true">
+                <MATCH_TIMING RATE="28800" SKIP_INACTIVE="true">
+                    <ADMISSION ALL="true"/>
+                </MATCH_TIMING>
+                <EXPRESSION EXPR_TYPE="AND">
+                    <!--Rule expression. Rule name is: Endpoint missing example application-->
+                    <EXPRESSION EXPR_TYPE="NOT">
+                        <EXPRESSION EXPR_TYPE="SIMPLE">
+                            <CONDITION EMPTY_LIST_VALUE="false" FIELD_NAME="connect_jamf_software_installed" LABEL="Jamf Software Installed" LEFT_PARENTHESIS="0" LOGIC="AND" NOT="true" PLUGIN_NAME="Connect" PLUGIN_UNIQUE_NAME="connect_module" PLUGIN_VESRION="1.0.0" PLUGIN_VESRION_NUMBER="10001352" RET_VALUE_ON_UKNOWN="UNMATCH" RIGHT_PARENTHESIS="0">
+                                <FILTER CASE_SENSITIVE="false" FILTER_ID="-7990106491649644379" TYPE="equals">
+                                    <VALUE VALUE2="&lt;insert application name&gt;"/>
+                                </FILTER>
+                            </CONDITION>
+                        </EXPRESSION>
+                    </EXPRESSION>
+                    <EXPRESSION EXPR_TYPE="NOT">
+                        <EXPRESSION EXPR_TYPE="SIMPLE">
+                            <CONDITION EMPTY_LIST_VALUE="false" FIELD_NAME="connect_jamf_software_installed" LABEL="Jamf Software Installed" LEFT_PARENTHESIS="0" LOGIC="AND" NOT="true" PLUGIN_NAME="Connect" PLUGIN_UNIQUE_NAME="connect_module" PLUGIN_VESRION="1.0.0" PLUGIN_VESRION_NUMBER="10001352" RET_VALUE_ON_UKNOWN="UNMATCH" RIGHT_PARENTHESIS="0">
+                                <FILTER CASE_SENSITIVE="false" FILTER_ID="2450432160246218848" LINKED="true">
+                                    <LINK ID="587622377586590346"/>
+                                </FILTER>
+                            </CONDITION>
+                        </EXPRESSION>
+                    </EXPRESSION>
+                </EXPRESSION>
+                <ACTION DISABLED="true" NAME="send_syslog">
+                    <PARAM NAME="server" VALUE="default value"/>
+                    <PARAM NAME="protocol" VALUE="default"/>
+                    <PARAM NAME="port" VALUE="default value"/>
+                    <PARAM NAME="ident" VALUE="default value"/>
+                    <PARAM NAME="tls" VALUE="false"/>
+                    <PARAM NAME="message" VALUE="one or more Required Applications are Missing"/>
+                    <PARAM NAME="priority" VALUE="default value"/>
+                    <PARAM NAME="facility" VALUE="default value"/>
+                    <PARAM NAME="OCSPSoftFail" VALUE="false"/>
+                    <SCHEDULE>
+                        <START Class="Immediately"/>
+                        <OCCURENCE onStart="true"/>
+                    </SCHEDULE>
+                </ACTION>
+                <ACTION DISABLED="true" NAME="sendmail">
+                    <PARAM NAME="signature" VALUE="default"/>
+                    <PARAM NAME="subject" VALUE="Forescout: Endpoint not compliant - {ip}one or more required applications are missing on endpoint"/>
+                    <PARAM NAME="to" VALUE="[email protected]"/>
+                    <PARAM NAME="message" VALUE="Hello,&#10;&#10;Forescout has detected an endpoint that does not have all required applications installed. &#10;&#10;Host Information:&#10;&#10;IP Address: &#9;&#9;{ip}&#10;MAC Address: &#9;&#9;{mac}&#10;Hostname:&#9;&#9;{nbtdomain}/{nbthost}&#10;DNS Name:&#9;&#9;{hostname}&#10;Logged in User: &#9;{user}&#10;Vendor and Model:&#9;{vendor_classification}&#10;Function:&#9;&#9;{prim_classification}&#10;Operating System:&#9;{os_classification}&#10;SSH manageability:&#9;{ssh_mac_manage}&#10;"/>
+                    <PARAM NAME="aggregate" VALUE="false"/>
+                    <SCHEDULE>
+                        <START Class="Immediately"/>
+                        <OCCURENCE onStart="true"/>
+                    </SCHEDULE>
+                </ACTION>
+            </INNER_RULE>
+        </RULE_CHAIN>
+        <PROPERTY_LISTS>
+            <HOST_PROPERTY_LIST DESCRIPTION="" FIELD="connect_jamf_software_installed" ID="587622377586590346" NAME="example">
+                <VALUES/>
+            </HOST_PROPERTY_LIST>
+        </PROPERTY_LISTS>
+        <REPORT_TABLES/>
+    </RULE>
+</POLICY>