Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 6 replies
  • Subscribers 1 subscriber
  • Views 3084 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

working directly with the SEC database

melts

hi there

I'm just in the process of looking to make some of updates we do a bit more automated. One of these is resetting access passwords for our SUM Warehouse for some groups.

The problem being we can reset our public SUMs quite easily, all apache setups authenticating against a db, so the hunt is on to make it easy across the board.

Wanting to make the policy update as easy I opened up the SEC (4.7) database and found the updating policies, all nicely stored in XML. The file looks like this;

<policy xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns="com.sophos\mansys\policy" type="UpdatingPolicy">
  <updatingPolicy xmlns="http://www.sophos.com/xml/msys/updatingpolicy.xsd">
    <subscription identityTag="7738F803-5CFF-4322-AB4E-0E62E080115E" />
    <updateLocation bandwidth="0" macProtocol="smb">
      <sourceSite searchOrder="1" id="7f1234eb-63d4-465d-9f25-565821fdcb2d">
        <unc xmlns="http://www.sophos.com/msys/sddm/common.xsd" uri="\\SEC-PRIMARY\SophosUpdate" user="SEC-PRIMARY\SophosUpdateMgr" password="BEGIN_SECURE_TICKET_e3bbd4b8602843fb94bedf206db60093_END_SECURE_TICKET" />
      </sourceSite>
    </updateLocation>
    <updateLocation bandwidth="0" macProtocol="smb">
      <sourceSite searchOrder="2" id="8a811aff-e11b-4a7e-aa53-bf833ea68b6d">
        <http xmlns="http://www.sophos.com/msys/sddm/common.xsd" uri="http://sophos.mybiz.net/sum" password="BEGIN_SECURE_TICKET_b88fceecbb0f4b5e9e727055a0d3030a_END_SECURE_TICKET" user="melts" />
      </sourceSite>
    </updateLocation>
    <logging enabled="true" maxSize="1" logLevel="Normal" numDaysToKeep="5" />
    <schedule autoUpdate="true" updateFrequency="10" useDialUp="false" />
    <bootstrap usePrimary="true" alternativePath="" />
    <intelligentUpdating enabled="true" />
  </updatingPolicy>
</policy>

 Now I don't know if its possible to work with these files, but I figure I could generate my own and insert them back into the SEC db at the same time as the reset happens on the SUM Warehouse. Of course the password seems to be something unhelpful, looks like md5 between the BEGIN_SECURE_TICKET_ ... _END_SECURE_TICKET but it would be hard to reproduce the password back out of that to send to the SUM so I assume its something properiety. its clearly different to the obfuscationUtil so it looks like I can't generate the password field. If thats the case I just won't have that part of the process optimised, its not a big deal, it would just be handy to be able to reset it (and add new policies and groups and and, the list goes on)

:18277


This thread was automatically locked due to age.
Parents
  • 0

    this looks really helpful :)

    its the kind of thing that'd really help manage things. This is from a MSP point of view, where having someone out in the field helping a client out might decide a password reset is for the best, and being able drive it from the same web interface we have for other tools, including the SUM Warehouse protection, would be great. 

    I also haven't seen what happens when you have multiple admins remoting in and firing up SEC, we've avoided it by having one person (usually me :P) doing it all over the phone for everyone else. 

    i have a soft spot for command line tools anyway, i spend too much time working on headless linux boxes :p

    :18339
Reply
  • 0

    this looks really helpful :)

    its the kind of thing that'd really help manage things. This is from a MSP point of view, where having someone out in the field helping a client out might decide a password reset is for the best, and being able drive it from the same web interface we have for other tools, including the SUM Warehouse protection, would be great. 

    I also haven't seen what happens when you have multiple admins remoting in and firing up SEC, we've avoided it by having one person (usually me :P) doing it all over the phone for everyone else. 

    i have a soft spot for command line tools anyway, i spend too much time working on headless linux boxes :p

    :18339
Children
No Data