RESTAPI: Generate Windows OS Patch Baseline - Windows
Log In or Register to download the BES file, and more.

1 Votes


Property Details

ID6132
StatusAlpha - Code that was just developed
TitleRESTAPI: Generate Windows OS Patch Baseline - Windows
DomainBESC
CategoryPatch
Download Size0
Source IDjgstew
Source Release Date10/9/2014 12:00:00 AM
Added by on 7/17/2015 7:39:44 PM
Last Modified by on 7/17/2015 7:39:44 PM
Counters 7203 Views / 192 Downloads
User Rating 1 star 2 star 3 star 4 star 5 star * Average over 1 rating. ** Log In or Register to add your rating.

Relevance

Windows Only (Relevance 2997197)
Used in 6448 fixlets and 32 analyses   * Results in a true/false
Show indented relevance
/* Windows Only */ windows of operating system
Used in 158 fixlets and 17 analyses   * Results in a true/false
Show indented relevance
/* Windows XP or Higher */ version of operating system >= "5.1"
BES Client is version 9+ (Relevance 2999387)
Used in 20 fixlets   * Results in a true/false
Show indented relevance
version of client >= "9.0" as version
Used in 1 fixlet   * Results in a true/false
Show indented relevance
not exists files whose(name of it starts with "RESTAPI_Baseline_" AND name of it as lowercase ends with ".log" AND (now - modification time of it < 15*minute) ) of folder "__BESData\__Global\Logs" of parent folder of client

Actions

Action 1 (default)

Action Link Click here to deploy this action.
Script Type BigFix Action Script
// -- START:DOWNLOADS -------------------------

// - This is the commandline 7zip console which is use to unpack installers
// - https://www.virustotal.com/en/file/2a3afe19c180f8373fa02ff00254d5394fec0349f5804e0ad2f6067854ff28ac/analysis
prefetch 7za.zip sha1:9ce9ce89ebc070fea5d679936f21f9dde25faae0 size:384846 http://iweb.dl.sourceforge.net/project/sevenzip/7-Zip/9.20/7za920.zip

// - This unzip is a compiled verion of unzip v5.52 fom http://info-zip.org/
// - https://www.virustotal.com/en/file/8d9b5190aace52a1db1ac73a65ee9999c329157c8e88f61a772433323d6b7a4a/analysis
prefetch unzip.exe sha1:e1652b058195db3f5f754b7ab430652ae04a50b8 size:167936 http://software.bigfix.com/download/redist/unzip-5.52.exe

// Download CURL http://curl.haxx.se/download.html
// - Analysis of the CURL.exe inside: https://www.virustotal.com/en/file/7e4379dc72cc25e8d546b3f4b4305b93b6521aaae47c1ea2ee49e4cc4ce8b033/analysis/
prefetch curl.cab sha1:1d104ff75f52718709307ba03af0fcad17c1237a size:1435991 http://skanthak.homepage.t-online.de/download/curl-7.43.0.cab

// -- END:DOWNLOADS ---------------------------

// http://www-01.ibm.com/support/knowledgecenter/SS63NW_9.2.0/com.ibm.tivoli.tem.doc_9.2/Platform/Action/c_action_log.html
// https://forum.bigfix.com/t/newer-actionscript-commands/11677
action log command

// ADD TO UTILITY CACHE: unzip,7zip,curl
utility __Download\unzip.exe
utility __Download\7za.zip
utility __Download\curl.cab

// EXTRACT using unzip: the 7zip command line utility
waithidden __Download\unzip.exe -o "{ download path "7za.zip" }" 7za.exe -d "{ pathname of download folder }"

// EXTRACT using 7zip: CURL
waithidden "{ download path "7za.exe" }" e -i!I386\Curl.EXE -y -o"{ pathname of download folder }" "{ download path "curl.cab" }"


// VERIFY: Make sure the parameters are set
continue if { (parameter "currentSiteName" as trimmed string != "") AND (parameter "currentSiteType" as trimmed string != "") AND (parameter "RootServerURL" as trimmed string != "") }

// REST API
// https://www.ibm.com/developerworks/community/wikis/home?lang=en#!/wiki/Tivoli%20Endpoint%20Manager/page/RESTAPI%20Relevance
// http://meyerweb.com/eric/tools/dencoder/
// http://www.w3.org/TR/html401/interact/forms.html#h-17.13.4.1
// http://www.ietf.org/rfc/rfc1738.txt
// https://github.com/bigfix/restapi-examples/tree/master/evaluate-relevance/cURL
// curl --data-urlencode relevance="RELEVANCE" --user username:password https://server:port/api/query
// application/x-www-form-urlencoded
waithidden "{ download path "Curl.EXE" }" -k --data-urlencode relevance="concatenations %22%22 of (%22%22 & item 6 of it & %22%22 & item 8 of it & %22%22 & item 9 of it & %22%22) of ( (if (it contains %22%2522%22) then (concatenations %22%26quot;%22 of substrings separated by %22%2522%22 of it) else it) of name of it, (it as string as lowercase) of (not success on run to completion of default action of it), url of site of it, (it as string) of id of it, content id of default action of it, script type of default action of it, (%22%22) of script of default action of it, (if (success on custom relevance of it) then %22CustomRelevance%22 else if (success on original relevance of it) then %22OriginalRelevance%22 else if (success on run to completion of it) then %22RunToCompletion%22 else %22%22) of default action of it, (if (not success on custom relevance of it) then %22%22 else (%22%22) of (custom success relevance of it)) of default action of it, (%22%22) of relevance of it) of fixlets whose(exists source release dates of it AND ( (0 < applicable computer count of it) ) AND exists default action of it AND fixlet flag of it AND globally visible flag of it AND name of it does not contain %22(Superseded)%22 AND name of it does not contain %22Network Installation)%22 AND name of it does not contain %22Local Installation)%22 AND name of it does not contain %22(Administrative Installation)%22) of bes sites whose(%22Enterprise Security%22 = name of it)" -o "{pathname of download folder}\BaselineComponents.xml" --user {parameter "currentConsoleUser"}:{parameter "secret"} https://{parameter "RootServerURL"}/api/query

delete __createfile
delete Baseline.bes

// CREATEFILE
createfile until END_OF_FILE
="1.0" encoding="UTF-8"?>
="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="BES.xsd">
    
        Patches - <span class='actionscriptRelevance'>{ (month of it as string & " " & year of it as string) of (current date) }</span> - Windows OS - (QA - Experimental)
        This baseline contains relevant Windows Patches.
        windows of operating system
        
        RESTAPI Generate Windows OS Patch Baseline
        jgstew
        
        
        
        
            x-fixlet-modification-time
            {now as string}
        
        BESC
        
            
                {node value of xpath "/BESAPI/Query/Result/Answer/text()" of xml document of file "BaselineComponents.xml" of download folder}
            
        
    

END_OF_FILE

move __createfile __Download\Baseline.bes

// Import Baseline.bes into custom site using API if there is at least one baseline component inside (use secure parameter for user password)
if{ (exists files "Baseline.bes" whose(exists contents whose(it contains "") of it) of folder "__Download" of client folder of current site) }
// IMPORT
    waithidden "{ download path "Curl.EXE" }" -k -X POST --data-binary @"{pathname of file "Baseline.bes" whose(exists contents whose(it contains "") of it) of download folder }" --header "Content-Type:text/xml" -o "{(pathname of folder "__BESData\__Global\Logs" of parent folder of client)}\RESTAPI_Baseline_{parameter "currentSiteName"}.log" --user {parameter "currentConsoleUser"}:{parameter "secret"} https://{parameter "RootServerURL"}/api/import/{parameter "currentSiteType"}/{parameter "currentSiteName"}
endif

// VERIFY: Check if items were actually imported
// TODO: Need to add a check to see if the log file was created after the action started running (See adobe CC template for an example)
continue if{exists files whose((name of it = ("RESTAPI_Baseline_" & (parameter "currentSiteName") & ".log")) AND exists lines whose(it contains "") of it) of folder "__BESData\__Global\Logs" of parent folder of client}

// node value of xpaths "/BESAPI/Baseline/ID/text()" of xml documents of files "C:\Program Files (x86)\BigFix Enterprise\BES Client\__BESData\__Global\Logs\RESTAPI_Baseline_Public.log"
Success Criteria

This action will be considered successful when the applicability relevance evaluates to false.


Sharing

Social Media:
Share this page on Yammer

Comments

Log In or Register to leave comments!
secasados -
The task generate a beseline with all the fixlest that are, at least, relevant for one windows of the all environment. Isen´t it?
mkozz1972 -
fixlet works great, how do i exclude certain applications, I am primarily concerned with windows OS patches TIA.
asarpate -
Can you please explain bit detail ? i tried using cmd prompt it giving same error. I am trying this command on Bigfix client machine and servername/credentials are of client machine.
jgstew -
try importing it using the windows console
asarpate -
I am trying to invoke this script but it's not working: . .\BESImportFile-1.3.exe servername username@pqr.com password "Windows_update.bes" BESAPI.XMLImporter.ImportFile error: HTTP Error 28: Timeout was reached: Connection timed out after 10000 milliseconds Can you please help me here?