Fixlet | Distribute 2 Secrets

Distribute 2 Secrets
Log In or Register to download the BES file, and more.

2 Votes

Description

Distribute Secret: the secret below is prompted in the console and only "known" to the person typing it and the endpoint on execution of the action.

At the time the action is propagated, the secret gets encrypted with a key that only the endpoint can decrypt, so it remains secure "in flight" and "in the database" and "in the console" and "in the .fxf files on the endpoint" and "in all client logs"

Note that if you choose to output the secret into a file as part of the action, as this example does, it will be availabe there in plain text.

In this example, I would add a delete c:\secret to clean up after I used the secret on the endpoint.

Secret

Varient: This variation also includes, a second hardcoded secret. This is not secure on the console or database, but would be secure "in flight" and "on the endpoint" and "in all client logs". If you require "console secure" then you should only use the first method where the taker of the action has to type in the secret when taking the action.

Property Details

ID	3678
Status	Beta - Preliminary testing ready for more
Title	Distribute 2 Secrets
Domain	BESC
Source	Internal
Source Release Date	7/31/2012 12:00:00 AM
Keywords	TakeSecureFixletAction Secret Encrypted Password
Added by	brolly33 on 12/21/2013 6:59:31 AM
Last Modified by	brolly33 on 12/21/2013 6:59:31 AM
Counters	8238 Views / 229 Downloads
User Rating	* Average over 0 ratings. ** Log In or Register to add your rating.

Relevance

Relevance 289

Used in 96 fixlets and 101 analyses

* Results in a true/false

true

Actions

Action 1 (default)

Action Link Click here to deploy this action.

Script Type BigFix Action Script

dos echo {parameter "secret" of action} > c:\secret
dos echo {parameter "secret2" of action} >> c:\secret

// uncomment this line to "clean up" the the secret in normal usage.
// delete c:\secret

// You may prefer to use the secret directly in commands instead of inserting it into a script file.
// if you choose this method, the plaintext secret will only exist briefly in memory on the endpoint during execution.
// dos net user adminstrator {parameter "secret" of action}

Success Criteria

This action will be considered successful when the applicability relevance evaluates to false.

Sharing

Social Media:

Search for:	Relevance	Fixlets/Tasks
	Analyses	BFI Signatures
	Dashboard/Wizard

Title	Keywords	Description
Relevance	Domain	ActionScript
Mime	Signature Content	(clear all)


Content Search Share Learn Projects	Utilities View SCM Scripts Base64 Converter Shell to Action Script	About About Us Tour FAQ Terms Contact Us	BigFix Resources Download BigFix Support Forum Github/Bigfix

Distribute 2 Secrets Log In or Register to download the BES file, and more.

Description

Property Details

Relevance

Actions

Action 1 (default)

Sharing

Comments

Content

Utilities

About

BigFix Resources

Distribute 2 Secrets
Log In or Register to download the BES file, and more.