Integration with Arbor Servers

Dears,

I am integrating SPP with a machine that has the ArbOS operating system (A proprietary operating system created by Netscout). However, after contacting support, I knew that the initial shell that open when someone tries to login to the server is AED shell. To change to bash, the user has to type: / shell

Is there a way to add this "/ shell" command before the commands Safeguard runs when it tests the connection?

Parents

0 Tawfiq.Ahmad 12 days ago

This would require a custom platform to change the way the commands are sent from SPP:

https://support.oneidentity.com/kb/4209805/how-to-use-custom-platforms-in-safeguard

For assistance with creating a custom platform, We recommend consulting with One Identity Professional Services.

Thanks!
Cancel
Up 0 Down

Reply

Verify Answer

Cancel

0 walied shoaip 8 days ago in reply to Tawfiq.Ahmad

Thank you, Mr. Tawfiq, for the reply.

I tried cloning the GenericLinux custom script from the SafeguardCustomPlatform Repo on GitHub, and placed the commnd at the start of the SetupEnvironment function, as in this:

...
"SetUpEnvironment": {
    "Do": [
      { "Send": { "ConnectionObjectName": "ConnectSsh", "Buffer": "/ shell; unset TERM; stty -echo; LANG=C; LC_ALL=C; SUDO_PROMPT='SUDO password for %p:'; export LANG LC_ALL SUDO_PROMPT; echo \"INIT_CHECK=$?\"" } },
      { "Receive": { "ConnectionObjectName": "ConnectSsh", "BufferName": "FlushBuffer" } },
      { "Return": { "Value": true } }
    ]
  },
...

However, I receive this error:

2024-07-21T14:14:34+03:00 Debug RECV buf(("Last login: Mon Jul  8 15:46:10 2024 from 10.9.106.173


Arbor Edge Defense v7.0.1.0
Copyright (c) 2000-2023 Arbor Networks, Inc.  All Rights Reserved.

Welcome to ArbOS

PAM-SVC-l@HQ-AED-01:/# "))
2024-07-21T14:14:34+03:00 Debug Send : / shell; unset TERM; stty -echo; LANG=C; LC_ALL=C; SUDO_PROMPT='SUDO password for %p:'; export LANG LC_ALL SUDO_PROMPT; echo "INIT_CHECK=$?"
2024-07-21T14:14:34+03:00 Debug RECV buf(("/ shell; unset TERM; stty -echo; LANG=C; LC_ALL=C; SUDO_P ROMPT='SUDO password for %p:'; export LANG LC_ALL SUDO_PROMPT; echo \"INIT_CHECK= $
PAM-SVC-l@HQ-AED-01:/# / shell; unset TERM; stty -echo; LANG=C; LC_ALL=C; SUDO_P 
ROMPT='SUDO password for %p:'; export LANG LC_ALL SUDO_PROMPT; echo \"INIT_CHECK= 
$?\"
120: Invalid command
PAM-SVC-l@HQ-AED-01:/# "))
2024-07-21T14:14:34+03:00 Debug Send : sudo egrep -q '^(PAM-SVC-l):' /etc/shadow; echo "CHECKSYS=$?"
2024-07-21T14:14:35+03:00 Debug RECV buf(("**secret**"))

Can you recognize the issue?

Reply

0 walied shoaip 8 days ago in reply to Tawfiq.Ahmad

Thank you, Mr. Tawfiq, for the reply.

I tried cloning the GenericLinux custom script from the SafeguardCustomPlatform Repo on GitHub, and placed the commnd at the start of the SetupEnvironment function, as in this:

...
"SetUpEnvironment": {
    "Do": [
      { "Send": { "ConnectionObjectName": "ConnectSsh", "Buffer": "/ shell; unset TERM; stty -echo; LANG=C; LC_ALL=C; SUDO_PROMPT='SUDO password for %p:'; export LANG LC_ALL SUDO_PROMPT; echo \"INIT_CHECK=$?\"" } },
      { "Receive": { "ConnectionObjectName": "ConnectSsh", "BufferName": "FlushBuffer" } },
      { "Return": { "Value": true } }
    ]
  },
...

However, I receive this error:

2024-07-21T14:14:34+03:00 Debug RECV buf(("Last login: Mon Jul  8 15:46:10 2024 from 10.9.106.173


Arbor Edge Defense v7.0.1.0
Copyright (c) 2000-2023 Arbor Networks, Inc.  All Rights Reserved.

Welcome to ArbOS

PAM-SVC-l@HQ-AED-01:/# "))
2024-07-21T14:14:34+03:00 Debug Send : / shell; unset TERM; stty -echo; LANG=C; LC_ALL=C; SUDO_PROMPT='SUDO password for %p:'; export LANG LC_ALL SUDO_PROMPT; echo "INIT_CHECK=$?"
2024-07-21T14:14:34+03:00 Debug RECV buf(("/ shell; unset TERM; stty -echo; LANG=C; LC_ALL=C; SUDO_P ROMPT='SUDO password for %p:'; export LANG LC_ALL SUDO_PROMPT; echo \"INIT_CHECK= $
PAM-SVC-l@HQ-AED-01:/# / shell; unset TERM; stty -echo; LANG=C; LC_ALL=C; SUDO_P 
ROMPT='SUDO password for %p:'; export LANG LC_ALL SUDO_PROMPT; echo \"INIT_CHECK= 
$?\"
120: Invalid command
PAM-SVC-l@HQ-AED-01:/# "))
2024-07-21T14:14:34+03:00 Debug Send : sudo egrep -q '^(PAM-SVC-l):' /etc/shadow; echo "CHECKSYS=$?"
2024-07-21T14:14:35+03:00 Debug RECV buf(("**secret**"))

Can you recognize the issue?

Children

0 Tawfiq.Ahmad 6 days ago in reply to walied shoaip

It seems there is an issue with sent Buffer as the target is returning it as an invalid command.

You may need to modify the information sent by the custom platform so that its compatible with the target system.

For assistance with creating a custom platform, We recommend consulting with One Identity Professional Services.

Thanks!
Cancel
Up 0 Down

Reply

Verify Answer

Cancel
0 walied shoaip 5 days ago in reply to Tawfiq.Ahmad

The first command sent in the buffer is `/ shell;` which is working fine when I am accessing the asset manually. However, it shows this error when I try to run it through this custom script.
Cancel
Up 0 Down

Reply

Verify Answer

Cancel
0 Tawfiq.Ahmad 5 days ago in reply to walied shoaip

Does sending the full command work if you ran it directly on the asset manually? like below:

PAM-SVC-l@HQ-AED-01:/# / shell; unset TERM; stty -echo; LANG=C; LC_ALL=C; SUDO_P
ROMPT='SUDO password for %p:'; export LANG LC_ALL SUDO_PROMPT; echo \"INIT_CHECK=
$?\"
120: Invalid command
Cancel
Up 0 Down

Reply

Verify Answer

Cancel