Role Based Policy - Miscellaneous Calls
Retrieve RBP Version List
GET https://pbuild:24351/pbrest/REST/v2.0/policy/rbp/list?appid=<appid>×tamp=<timestamp>
&hmac=<hmac>
RESPONSE { "rbp": [{ "version": 1, "who": "ctaylor", "why": "New data",
"created": 1529322345} ] }
Retrieve Entitlement "Raw" Data
GET https://pbuild:24351/pbrest/REST/v2.0/policy/rbp/entitlement?appid=<appid>
×tamp=<timestamp>&hmac=<hmac>
Optional Arguments
- submituser=<wildcard>
- runuser=<wildcard>
- submithost=<wildcard>
- runhost=<wildcard>
- command=<wildcard>
RESPONSE {
"results": [
{
"id": 1,
"name": "Admin",
"tag": null,
"description": "Super users and admins",
"rorder": 1,
"action": "allowed",
"iolog": true,
"auth": false,
"script": false,
"message": false,
"submitusers": {
"Admins": {
"description": "Admin users",
"list": [
"root",
"admin"
]
}
},
"submithosts": {
"All Hosts": {
"description": "All Hosts",
"list": [
"*"
]
}
},
"runusers": {
"Admins": {
"description": "Admin users",
"list": [
"root",
"admin"
]
},
"Users": {
"description": "Normal Users",
"list": [
"user*"
]
}
},
"runhosts": {
"All Hosts": {
"description": "All Hosts",
"list": [
"*"
]
}
},
"commands": {
"User Commands": {
"description": "Common UNIX Commands",
"list": [
{ "cmd": "/bin/ls","runcommand": "" },
{ "cmd": "/bin/ls *","runcommand": "" },
{ "cmd": "/usr/bin/ls","runcommand": "" },
{ "cmd": "/usr/bin/ls *","runcommand": ""},
{ "cmd": "/bin/cat *","runcommand": ""},
{ "cmd": "/usr/bin/cat *","runcommand": "" }
]
}
},
"time/dates": {
"Any Time": {
"description": "Any Time",
"list": [
{
"dotw": {
"mon": [
15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15,
15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15 ]
],
"tue": [
15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15,
15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15 ]
],
"wed": [
15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15,
15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15 ]
],
"sun": [
15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15,
15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15 ]
],
"thu": [
15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15,
15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15 ]
],
"fri": [
15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15,
15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15 ]
],
"sat": [
15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15,
15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15 ]
]
}
}
]
}
}
}
]
}
Retrieve Entitlement Report
GET https://pbuild:24351/pbrest/REST/v2.0/policy/rbp/entrpt?appid=<appid>
×tamp=<timestamp>&hmac=<hmac>
Optional Arguments
- submituser=<wildcard>
- runuser=<wildcard>
- submithost=<wildcard>
- runhost=<wildcard>
- command=<wildcard>
- wrap=number of columns
RESPONSE {
"entitlement": "======================================================================\nEndpoint Privilege Management for Unix and Linux Role Based Policy Entitlement Report - Level 1\n----------------------------------------------------------------------------\nDate/Time: 2018-06-18 09:14:48\nUser: *\nBelongs to the following Roles: \n Admin,users\n======================================================================\nRole Order: 1\nName: Admin\nDescription: Super users and admins\nAction: allowed\nTag: \nMembership: Admins\n\nSubmit Host(s): Any PBUL Host\nRun Host(s): Any PBUL Host\n\nCommands may be executed as user(s): root,admin,user*\n\nPlease use the '-u' flag to select user at run time.\neg: pbrun -u runuser command [arguments]\n\nUser may request the following commands using pbrun:\n/bin/find *,/usr/bin/ls,/bin/ls,/bin/cat *,/bin/ls *,/usr/bin/ls *,/usr/bin/rm *,\n/usr/bin/cat *,/usr/bin/find *,/sbin/shutdown *,/bin/more *,/bin/id,/usr/bin/more *,\n/usr/bin/mount *,/bin/ln *,/bin/mount *,/bin/rm *,/usr/sbin/shutdown *,\n/usr/bin/ln *,/usr/bin/id,/sbin/ifconfig *,/usr/sbin/ifconfig *\n\n\n======================================================================\nRole Order: 4\nName: users\nDescription: Normal users\nAction: allowed\nTag: \nMembership: Users\n\nSubmit Host(s): build.company.com,staging.company.com,nfs.company.com\nRun Host(s): build.company.com,staging.company.com,nfs.company.com\n\nCommands will execute as user: user*\n\nUser may request the following commands using pbrun:\n/usr/bin/ls,/bin/find *,/bin/ls,/bin/cat *,/bin/ls *,/usr/bin/rm *,/usr/bin/ls *,\n/usr/bin/cat *,/usr/bin/find *,/bin/id,/bin/more *,/usr/bin/more *,/bin/ln *,\n/bin/rm *,/usr/bin/ln *,/usr/bin/id\n\n\n"
}
