-
Notifications
You must be signed in to change notification settings - Fork 16
/
add-delete-pas-application.sh
executable file
·42 lines (33 loc) · 1.6 KB
/
add-delete-pas-application.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
#!/bin/bash
set -e
# This script will create an application named "$APP_NAME".
# This application will only be able to authenticate from machine '$APP_ADDRESS' using the linux OS user '$APP_OS_USER'
# This application will have retrieve access to all accounts inside of the '$SAFE_NAME' safe
# In this example "$APP_NAME" application will have access to the MYSQL account specified below in 'Account Information'
# Application information
APP_NAME="FirstApplication"
APP_OS_USER="firstapp"
APP_ADDRESS="10.0.1.10"
SAFE_NAME="TEST_${APP_NAME}"
# Account information
DATABASE_ACCOUNT_NAME="mysql"
DATABASE_ADDRESS="10.0.1.12"
DATABASE_USERNAME="firstapp"
DATABASE_DEFAULT_PASSWORD="thisIsTheDefaultPassword"
DATABASE_PLATFORM="MySQL"
cybr logon -a ldap -b "$PAS_HOSTNAME" -u "$PAS_USERNAME"
# create the application
cybr applications add --app-id "$APP_NAME" --location "\\"
cybr application add-authn --app-id "$APP_NAME" -t OSUser -v "$APP_OS_USER"
cybr application add-authn --app-id "$APP_NAME" -t machineAddress -v "$APP_ADDRESS"
# create the safe
cybr safes add -s "$SAFE_NAME" --days 0 --desc "Safe for application "$APP_NAME""
cybr safes add-member -m "$APP_NAME" -s "$SAFE_NAME" --access-content-without-confirmation --retrieve-accounts
# add account to safe
account=$(cybr accounts add --safe "$SAFE_NAME" -n "$DATABASE_ACCOUNT_NAME" -a "$DATABASE_ADDRESS" -u "$DATABASE_USERNAME" -t password -c "$DATABASE_DEFAULT_PASSWORD" -p "$DATABASE_PLATFORM" --automatic-management)
id=$(echo "$account" | jq -r .id)
# clean up
cybr app delete -a "$APP_NAME"
cybr accounts delete -i "$id"
cybr safe delete -s "$SAFE_NAME"
cybr logoff