Add device with curl/wget and API

 
1
0
-1

Hello.

I've been running version 10.09.01 of Open-Audit since forever and finally decided to upgrade to the latest version.


The thing is I've been having problems adding devices with the API (I can succesfully run queries); while the script audit_linux.sh works as it should and adds the results of the scan, the commands curl and wget alone wont add a device.


So far I've tried wget and curl with countless argument combinations, but I always get errors or even no errors but nothing gets added.

curl -b cookies.txt -F 'input_type=@file.xml http://localhost/omk/open-audit/index.php/input/devices

curl -X GET -b cookies.txt --data 'upload_file=@file.xml' http://localhost/omk/open-audit/index.php/input?action=devices

curl -b cookies.txt --data-binary "@file.xml" http://localhost/open-audit/index.php/input/devices

wget -o add_system --post-file=file.xml http://localhost/open-audit/index.php/devices


So my questions are:

What is the correct command to create a device with curl?

Which one is the correct URL: localhost/omk/open-audit/ or localhost/open-audit/?


Thank you in advance.


    CommentAdd your comment...

    4 answers

    1.  
      1
      0
      -1

      Hello Mark.

      Sorry for the late response but weekend got in the way and I didn't have access to the server.

      With -o add_system I get a file "add_system" created in the woking directory with this content:

      Array
(
    [0] => stdClass Object
        (
            [code] => ERR-0021
            [status] => HTTP/1.1 400 Bad Request
            [severity] => 4
            [title] => Required attributes not supplied (User:, Collection:input, Action:).
            [detail] => When attempting to create a resource, some attributes are required but missing.
            [status_code] => 400
            [severity_text] => warning
            [controller] =>
            [summary] => Required attributes not supplied (User:, Collection:input, Action:).
            [link] => /open-audit/index.php/errors/ERR-0021
        )

)

      Basically the same error.


      I activated Code Igniter logs and appart from the initialization logs, I'm getting a couple notices and a warning as follows:

      ERROR - 2019-07-08 08:32:57 --> Severity: Notice  --> Undefined property: Input::$user /usr/local/open-audit/code_igniter/application/helpers/error_helper.php 65
ERROR - 2019-07-08 08:32:57 --> Severity: Notice  --> Trying to get property of non-object /usr/local/open-audit/code_igniter/application/helpers/error_helper.php 65
ERROR - 2019-07-08 08:32:57 --> Severity: Warning  --> mysqli_num_rows() expects parameter 1 to be mysqli_result, boolean given /usr/local/open-audit/code_igniter/system/database/drivers/mysqli/mysqli_result.php 38

      I don't know if that's relevant to the error.


      Thanks for your time Mark.


      Edited for clarity.

      1. Mark Unwin

        I think I have an answer. Your XML file must have data= as the first 5 characters when submitting like this. This is because PHP accepts the input and must be able to associate the XML string with an attribute - in this case, called "data".

      2. rodrigo juarez

        Hello Mark.


        Indeed that fixed the issue and the server finally displays the system just created.

        It also works with "-d" or "–data" argument instead of "--data-binary" and the "-o add_system" argument is not necesary.


        Why authentication is not necessary to add a system?

        Doesn't that beat the point of generating a cookie?

      3. Mark Unwin

        No auth required because machines can have the audit script run locally using cron or task scheduler and submit the result themselves.

        The Blessed Subnets feature mitigates the risk, here - Blessed Subnets.

        And if a rogue actor was to submit an audit result that changed things on a PC(s), it is all recorded in the change log anyway.


      4. rodrigo juarez

        Hello Mark.

        I get it then.

        Thank you for your help.

      CommentAdd your comment...
    2.  
      1
      0
      -1

      What about this one?

      curl -o add_system --data-binary @file.xml http://localhost/open-audit/index.php/input/devices



        CommentAdd your comment...
      1.  
        1
        0
        -1

        Hello Mark.

        Thanks for your response.

        I tried that and it gives me errors:

        [user@server ~]# curl --data-binary @file.xml http://localhost/open-audit/index.php/input/devices
Array
(
    [0] => stdClass Object
        (
            [code] => ERR-0021
            [status] => HTTP/1.1 400 Bad Request
            [severity] => 4
            [title] => Required attributes not supplied (User:, Collection:input, Action:).
            [detail] => When attempting to create a resource, some attributes are required but missing.
            [status_code] => 400
            [severity_text] => warning
            [controller] =>
            [summary] => Required attributes not supplied (User:, Collection:input, Action:).
            [link] => /open-audit/index.php/errors/ERR-0021
        )

)


        So far i've tried without arguments and with the arguments "user", "input_type" and "upload_file" trough both GET and POST methods and always fails with either ERR-0011 or ERR-0021.


        What could it be?

          CommentAdd your comment...
        1.  
          1
          0
          -1

          The linux audit script does the below:

          curl --data-binary "@file.xml" http://localhost/open-audit/index.php/input/devices

          There is no need for cookies.

            CommentAdd your comment...