Using CLAPI in allowlist management
There are three main steps for adding a new command and confirming that it has been successfully added.
-
Acquire the CSRF token before adding a new command into the allowlist.
On the command line, run:
curl -G https://127.0.0.1:15067/clapi/api/security/csrf -k --header "Authorization:Basic YWRtaW5pc3RyYXRvcjpQQHNzd29yZDAx" -c cookie.out -v
Results:
- There is feedback on the command line.
- The file cookie.out is created.
- There is feedback “{ "csrf":
"04c0d8c5-de00-4f3c-bffb-a7ef292921ef" }HTTP/1.1 200 OK” on
the command line.Note: The CSRF token session is different for each call. You must replace the next step's CSRF token session of cases with the actual one.
-
Update the allowlist. There are four APIs for updating the command/commands.
Replace the
{siteName}
with a real site name such as “helloworld”.- To update the command allowlist entries, on the command line,
run:
curl https://127.0.0.1:15067/clapi/v3/api/admin/server-admin/{siteName}/allowlist-config -k --header "Authorization:Basic YWRtaW5pc3RyYXRvcjpQQHNzd29yZDAx" --header "X-CSRF-TOKEN: 04c0d8c5-de00-4f3c-bffb-a7ef292921ef" -b cookie.out -d @$SITEDIR/test/ serveradmin_setAllowListConfig.json --request POST -v
This results in “HTTP/1.1 200 OK” feedback on the command line.
If you require adding the ls command, then the file content in the $SITEDIR/test/serveradmin_setAllowListConfig.json file is:
{"entries": [{"name": "ls.exe","note": "this is note for command ls","path": "C:\\cygwin\\bin\\ls.exe"}, {"name": "ps.exe","note": "this is note for command ps","path": "C:\\cygwin\\bin\\ps.exe"}]}
- To add a new command, on the command line, run:
curl https://127.0.0.1:15067/clapi/v3/api/server-admin/{siteName}/allowlist-config/entries?type=command -k --header "Authorization:Basic YWRtaW5pc3RyYXRvcjpQQHNzd29yZDAx" --header "X-CSRF-TOKEN: 04c0d8c5-de00-4f3c-bffb-a7ef292921ef" -b cookie.out -H "Content-Type:application/json" -d @$HCISITEDIR/test/serveradmin_addAllowlistEntry.json --request POST -v
This results in “HTTP/1.1 200 OK” feedback on the command line.
If you require adding the ls command, then the file content in the $SITEDIR/test/serveradmin_addAllowlistEntry.json file is:
{"name": "ls.exe","note": "this is note for command ls", "path": "C:\\cygwin\\bin\\ls.exe"}
- To update the node of a command,
run:
curl https://127.0.0.1:15067/clapi/v3/api/server-admin/{siteName}/allowlist-config/entries/{entryId} ?type=command -k --header "Authorization:Basic YWRtaW5pc3RyYXRvcjpQQHNzd29yZDAx" -d @$HCISITEDIR/test/serveradmin_updateAllowlistEntry.json --header "X-CSRF-TOKEN: 04c0d8c5-de00-4f3c-bffb-a7ef292921ef" -b cookie.out --request PUT -v
This results in “HTTP/1.1 200 OK” feedback on the command line.
If you require updating the note of the ls command, then the file content in the $SITEDIR/test/serveradmin_updateAllowlistEntry.json is:
{"note": "this is updated note for command ls"}
- To delete a command,
run:
curl https://127.0.0.1:15067/clapi/v3/api/server-admin/{siteName}/allowlist-config/entries/{entryId} ?type=command -k --header "Authorization:Basic YWRtaW5pc3RyYXRvcjpQQHNzd29yZDAx" --header "X-CSRF-TOKEN: 04c0d8c5-de00-4f3c-bffb-a7ef292921ef" -b cookie.out -H "Content-Type:application/json" –request DELETE -v
This results in “HTTP/1.1 200 OK” feedback on the command line.
- To update the command allowlist entries, on the command line,
run:
-
On the command line, run:
curl -G https://127.0.0.1:15067/clapi/v3/api/admin/server-admin/{siteName}/allowlist-config -k --header "Authorization:Basic YWRtaW5pc3RyYXRvcjpQQHNzd29yZDAx" -v
Results:
- On the command line, there is feedback: “HTTP/1.1 200 OK”..
- On the command line, there is
feedback:
{"entries": [{"id": 1, "name": "ls.exe","note": "this is note for command ls","path": "C:\\cygwin\\bin\\ls.exe", "digest": "2427ae41e4649b934ca495991b7852b855e3b0c44298fc1c149afbf4c8996fb9"}, {"id": 2, "name": "ps.exe","note": "this is note for command ps","path": "C:\\\cygwin\bin\\ps.exe","digest": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855"}]}