How to setup automatic import of scan files

+ More

Table of Contents

Overview Creating a dedicated user and specifying it in the Oracle Compliance Service web service Generating an API token Modifying your data collection scripts Encrypting files using the Windows built-in EFS (Encrypting File System) Encrypting files in UNIX Files with Restricted Permissions GPG Encryption (Manual or Scripted)

Overview

Starting with version 3.8 it is possible that the results of the data collection scripts are automatically uploaded to the ESM App server using https. Some configuration steps are required.

This data transfer is implemented using our existing authorization mechanism through a Web Service Token which can be generated in the Administration application.

In order to configure this feature, take the following steps:

  1. Create a dedicated user with a corresponding account.
  2. Specify this user in the Oracle Compliance Service web service.
  3. Generate a new API token.
  4. Modify your data collection scripts.

 Prerequisites

  • For Linux/Unix curl must be installed on the scanned systems.
  • PowerShell 3.0 is required for Windows systems.

Creating a dedicated user and specifying it in the Oracle Compliance Service web service

To create a user:

  1. First go to Users > Persons in the Master Data application.
  2. Create a new person.
  3. Specify an account for this person on the Accounts tab of the User dialog.
  4. Assign the Upload Oracle Inventory Files role to the newly-created user.

Generating an API token

  1. Open the Administration application and go to Integration > Web Services Tokens.
  2. Use the Generate API Token action to create a new token for the user:
    • In the wizard that opens, specify the name of the token and its expiration period.
    • Select your dedicated user in the User lookup field.
  3. Click Generate API Token.
  4. Copy or save the token displayed.

Modifying your data collection scripts

 At this step, you need to adjust data collection scripts on all scanned machines. Based on the operating system, adjust the required files:

  • Matrix42_AddOn_OracleProviderPackage\Files\OracleLocalInventory\M42DataCollectionWin\Config\M42DataCollection.env (for Windows)
  • Matrix42_AddOn_OracleProviderPackage\Files\OracleLocalInventory\M42DataCollectionUnix\bin\config\M42DataCollection.env (for Linux)
  • Matrix42_AddOn_OracleProviderPackage\Files\OracleLocalInventory\M42DataCollectionUnix\bin\config\M42DataCollection_SunOS.env (for Solaris)

You need to set the AutoUpload to 1, specify the FQDN/IP of your server as an application server and insert the API token:

AutoUpload=1
AppServer=""
TokenEncryptedfile=""

For Windows systems, the Application Server certificate must be added to Trusted Certificates on the scanned machines. For Linux system, you can set AllowUntrustedCertificate to 1 in the data collection script.

 

Encrypting files using the Windows built-in EFS (Encrypting File System) 

To encrypt files using the Windows built-in EFS, first make sure to store your Token in a file. Then, take the following steps:

  1. Right-click on the file you wish to encrypt. 
  2. Click Properties.
  3. In the file properties dialog box, click Advanced
  4. In the Advanced Attributes dialog box, under Compress or Encrypt attributes, enable the Encrypt contents to secure data option.
  5. Click OK.

Encrypting files in UNIX

There are two methods of securing files in Unix environments: 

  1. Apply restricted permissions to your files
  2. Use GPG Encryption (Manual or Scripted)

Files with Restricted Permissions

This method ensures that only the file owner can read or modify a file. However, this means that information is not encrypted, just permission-protected.

chmod 600 ~/.mytoken

GPG Encryption (Manual or Scripted)

This method offers increased security for your information, and can be automated in scripts.

echo "your-secret-token" | gpg --symmetric --cipher-algo AES256 -o ~/.mytoken.gpg

GPG Encryption requires a passphrase to decrypt files, unless you are using a keyring.

 

 

Related Articles