Wednesday, February 1, 2012

Tenable SC4 Asset Groups From AD

Note (5/8/12): With the latest release of Tenable Security Center 4.4.x, you can create asset groups using DNS names.

If you are a Tenable Security Center 4 user, you might have noticed that unlike Qualys, you can only use IP addresses in SC4 asset groups**.  In normal production environments, IPs are static and this restriction does not pose a huge challenge.  However, in my case we are using SC4 to scan a large end-user desktop environment which is using AD Dynamic DHCP.  Due to this, I find myself having to update the asset groups before a scan and it can be tedious.

To make things easier, I decided to write a quick 'n' dirty shell script to get the computer names from AD and do a reverse lookup.

echo "LDAP Password:"
read PASS
DEPT=([1]="Dept 1" [2]="Dept 2" [3]="Dept 3")

for ((i=1; i<=${#DEPT[@]}; i++ ));
        CMD="/usr/bin/ldapsearch -x -v -LLL -E pr=200/noprompt -H $LDAPURI -D \"$USER\" -w $PASS -b \"OU=${DEPT[$i]} Computers,OU=${DEPT[$i]},OU=Corporate,DC=domain,DC=com\" -s one \"(objectClass=computer)\" | grep name | awk '{print \$2}' | tr '[:upper:]' '[:lower:]' | sed 's/$/' | dig +short -f -"

        echo "Run $CMD:"
        eval $CMD > ${DEPT[$i]}_IPs.txt

The resulting output should be one file per department containing IP's of all the names which resolved.

Note: I am doing a simple LDAP bind (-x) and the password (-w) is sent clear-text.

** I have been told by my Tenable sales rep that in late Feb 2012 they *might* include the ability to add hosts using DNS name.


No comments:

Post a Comment