SoftLayer Vulnerability Scan Python

2019-09-15 03:07发布

问题:

I'm trying to use SoftLayer's Python library to run automated vulnerability scans. Unfortunately I get the following exception:

SoftLayerAPIError: SoftLayerAPIError(SoftLayer_Exception): Unable to create a new object of type SoftLayer_Network_Security_Scanner_Request_Nessus. Make sure the authentication method is correct.

The code I use can be seen below.

import SoftLayer

USERNAME=""    # I put valid value in here
APIKEY=""      # I put valid value in here
TARGET=""      # I put valid value in here

client = SoftLayer.create_client_from_env(
    username=USERNAME,
    api_key=APIKEY
)
""" ALTERNATE I TRIED ALSO FROM DOCUMENTATION:
client = SoftLayer.Client(
    username=USERNAME,
    api_key=APIKEY
)
"""
account = client['Account'].getObject()
scanner = client.call(
        "SoftLayer_Network_Security_Scanner_Request",
        "createObject", {
            "accountId": account.get('id'),
            "ipAddress": TARGET
})

The HTTP request being sent by the Python library look like:

POST /xmlrpc/v3.1/SoftLayer_Network_Security_Scanner_Request HTTP/1.1
Host: api.softlayer.com
Connection: keep-alive
Accept: */*
Content-Type: application/xml
Content-Length: 798

<?xml version='1.0'?>
<methodCall>
<methodName>createObject</methodName>
<params>
<param>
<value><struct>
<member>
<name>headers</name>
<value><struct>
<member>
<name>authenticate</name>
<value><struct>
<member>
<name>username</name>
<value><string>***USERNAME_HERE***</string></value>
</member>
<member>
<name>apiKey</name>
<value><string>***API_KEY_HERE***</string></value>
</member>
</struct></value>
</member>
</struct></value>
</member>
</struct></value>
</param>
<param>
<value><struct>
<member>
<name>ipAddress</name>
<value><string>***TARGET_IP_HERE***</string></value>
</member>
<member>
<name>accountId</name>
<value><int>***ACCOUNT_ID_HERE***</int></value>
</member>
</struct></value>
</param>
</params>
</methodCall>

The HTTP response received is:

HTTP/1.1 200 OK
Date: Thu, 09 Feb 2017 12:47:17 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close
Content-Type: text/xml
Content-Length: 495

<?xml version="1.0" encoding="iso-8859-1"?>
<methodResponse>
<fault>
 <value>
  <struct>
   <member>
    <name>faultCode</name>
    <value>
     <string>SoftLayer_Exception</string>
    </value>
   </member>
   <member>
    <name>faultString</name>
    <value>
     <string>Unable to create a new object of type SoftLayer_Network_Security_Scanner_Request_Nessus. Make sure the authentication method is correct.</string>
    </value>
   </member>
  </struct>
 </value>
</fault>
</methodResponse>

Could someone please help me out and have a look at the code as I could not figure out where the issue could be. Could you please also provide the minimum list of permissions that is needed for this to work?

Note: I tried with all possible permissions enabled for debugging but no luck

回答1:

this looks like an issue with the API, it does not work only specifying the IP addres you need to specify the hardwareId (for bare metal servers) or guestId (for virtual guest servers)

so try this code:

import SoftLayer

USERNAME="set me"    # I put valid value in here
APIKEY="set me"      # I put valid value in here
TARGET="set me"      # I put valid value in here

client = SoftLayer.create_client_from_env(
    username=USERNAME,
    api_key=APIKEY
)

account = client['Account'].getObject()
server = client['Virtual_Guest'].findByIpAddress(TARGET)
if (server) :
    request = {
            "accountId": account["id"],
            "guestId": server["id"]
    }
else:
    server = client['Hardware_Server'].findByIpAddress(TARGET)
    if (server):
        request = {
            "accountId": account["id"],
            "hardwareId": server["id"]
    }
    else:
        print ("server does not exist.")
        exit
scanner = client['Network_Security_Scanner_Request'].createObject(request)


回答2:

I tested out the above comment from Nelson and it is working with guestId set for virtual systems. So you must provide accountId, guestId and ipAddress for this to work now. I am going to test out hardware as well and expect the same success. If not I will post back again