Laura Seletos

API Code Walkthrough - Create Unix Authentication Record with Root Delegation (CURL & Postman)

Discussion created by Laura Seletos Employee on May 24, 2017
Purpose: This is an API sample code walkthrough for creating a Unix authentication record with root delegation enabled. I cover both CURL & Postman methods.

Description: This example follows along with version 2 of the API user guide (https://www.qualys.com/docs/qualys-api-v2-user-guide.pdf) under Chapter 8: Scan Authentication API in the Section for Unix Records. This covers how to create a Unix authentication record, via the API, with root delegation enabled not using a vault. Currently, the examples in the user guide covers the following (as of 5/24/2017). This tutorial helps simplify the use of 'API request 3':
  • API request 1: Create a Unix record and add the password for login, without adding any root delegation tools or private-key certificates.
  • API request 2: (Applies to record type Unix only) Create a Unix record without adding any root delegation tools or private-key certificates AND set skip_password=1 if the login account does not have a password. (If this account has the empty password, just enter the required parameters title, username and ips as in previous releases and the empty password will be used for login). 
  • API request 3: (Applies to record type Unix only) Create a Unix record and add multiple root delegation tools and private-key certificates AND use the Lieberman ERPM vault for login.


Sample Code for CURL Method:

  • Step 1: Create your XML object (used a file in my example)
    • Create an XML file called add_params.xml and past the following code into it. 
    • Make sure to update the password in the <PASSWORD> tag.
      • Note: If you wanted to use a vault for the password you would change the PASSWORD_INFO from "basic" to "vault"
<?xml version="1.0" encoding="UTF-8" ?>
<UNIX_AUTH_PARAMS>
  <ROOT_TOOLS>
    <ROOT_TOOL>
      <STANDARD_TYPE type="sudo"/>
      <PASSWORD_INFO type="basic">
        <PASSWORD><![CDATA[password]]></PASSWORD>
      </PASSWORD_INFO>
    </ROOT_TOOL>
  </ROOT_TOOLS>
</UNIX_AUTH_PARAMS>
  • Step 2: Create & Run your CURL Query
    • You can copy the below CURL query and update the following:
      • "USER:PASS" --> Change to your username and password
      • https://qualysapi.qualys.com --> Change this to your subscription URL (this is for US POD 1)
      • title=UnixRecord --> Change this to whatever you want to call your auth record
      • username=root --> Change this to your qualys service account that has access to the Unix box
      • password=abc123 --> Change this to the password to your qualys service account
      • ips=10.10.10.10 --> Change this to your target assets
curl -H "X-Requested-With: curl" -H "Content-Type: text/xml" -u "USER:PASS" -X "POST" --data-binary @- "https://qualysapi.qualys.com/api/2.0/fo/auth/unix/?action=create&title=UnixRecord&username=root&password=abc123&ips=10.10.10.10" < add_params.xml
  • Screenshots of example:

   XML file

   CURL query in command line

 

Sample Code for Postman Method:

  • Import the attached Postman file "APIQuery.postman_collection"
  • Once the collection has been imported you need to add your authentication to the Authorization tab
  • Update the URL to match your parameters
    • Note: You can follow the break down under "Sample Code for CURL Method" under Step 2
  • Update the Body tab to reflect the password in the <PASSWORD> tag
  • Save your updates and click 'Send' to submit
  • Screenshots of example:

   Postman example

 

 

Feel free to comment with any questions or comments!

Outcomes