IBM Tivoli Access Manager for e-Business / IBM Security Access Manager for Web Installed Components

2013-09-26T00:00:00
ID TIVOLI_ACCESS_MANAGER_EBIZ_INSTALLED_COMPONENTS_CRED.NASL
Type nessus
Reporter Tenable
Modified 2017-08-28T00:00:00

Description

IBM Security Access Manager for Web, formerly IBM Tivoli Access Manager for e-Business, is installed on the remote host. The application is an access and authentication control management system.

                                        
                                            #TRUSTED 60338df6cc7c2cceb67e4daeabef840c2c1051dfa28a73fb4490246e79e939d88fa9e13f5e2b9d4a88bf0e421e69da7c0cdabb83d065b5508077517a68d8d7afb12c518bf4dd4b7cbf27043fe20e056002a12219a4cf33c2357078c82e767759b1ddaf7ab00d274545fa25ded88ee19e3ae356e165d61462e5e1f6687fa82c5064e1c7f82ef75837f49cc622382551ea4d083e3ab416de850682ea59f46d7b474bf1bfcda2a1f9ac52ed4258d6a0db6f8e3117653e9d4e769aaa7aeaec9b72ce11b40481a2906ccb643cc75cf1c37f597381dafd4e47cc336d57bdb7454dcea7b22dd96cd1b793315b76acb3e72c19146c521974f8d599a95e689c1eb2929912408e7e02c3a04691f4149786b0291834fe7b5229dd9847bd9899e1584731186da628e73d1de40c31cca6fef1f9eb1247110cc176b6371342b7a884b8a653692f93d87acabce9d235afce1e6d6634a6a33feaa0be626397b82a4487083dfd96bc20df2ac3e38888a5c4b8df8450770c32e25e020407e33eafa8896ae10e86d9b95af2d49132dfd50a1fff47a2835959cb082c18ce0dc35fd3d7ae7dec7d5b131c5bc31483d812e72f0600bea929b6d9df27033f35e49a540f73d5d68d29e3dc645abe488cca0785c16798ac4e7835530d037f116e45d811d2edb3dde07fffacb9d3321e950931d582bbfbc276937bf4f44a74a2733ab8acd6abf6ebd29cf32613
#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(70138);
  script_version("1.5");
  script_set_attribute(attribute:"plugin_modification_date", value:"2017/08/28");

  script_name(english:"IBM Tivoli Access Manager for e-Business / IBM Security Access Manager for Web Installed Components");
  script_summary(english:"Obtains components version information.");

  script_set_attribute(attribute:"synopsis", value:
"An access and authorization control management system is installed on
the remote host.");
  script_set_attribute(attribute:"description", value:
"IBM Security Access Manager for Web, formerly IBM Tivoli Access
Manager for e-Business, is installed on the remote host. The
application is an access and authentication control management system.");
  script_set_attribute(attribute:"see_also", value:"http://www-03.ibm.com/software/products/en/access-mgr-web");
  # http://www-03.ibm.com/software/products/en/category/identity-access-management
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?fc66d382");
  script_set_attribute(attribute:"solution", value:"n/a");
  script_set_attribute(attribute:"risk_factor", value:"None");

  script_set_attribute(attribute:"plugin_publication_date", value:"2013/09/26");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:ibm:tivoli_access_manager_for_e-business");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");

  script_copyright(english:"This script is Copyright (C) 2013-2017 Tenable Network Security, Inc.");

  script_dependencies("ssh_get_info.nasl", "os_fingerprint.nasl");
  script_require_keys("HostLevelChecks/proto", "Host/local_checks_enabled");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("ssh_func.inc");
include("telnet_func.inc");
include("hostlevel_funcs.inc");
include("install_func.inc");


if(sshlib::get_support_level() >= sshlib::SSH_LIB_SUPPORTS_COMMANDS)
  enable_ssh_wrappers();
else disable_ssh_wrappers();

proto = get_kb_item_or_exit('HostLevelChecks/proto');
get_kb_item_or_exit("Host/local_checks_enabled");

# Do not run against Windows and some UNIX-like systems
# to avoid, among other things, Cisco, embedded devices,
# and so forth.
os = get_kb_item_or_exit('Host/OS');
os = tolower(os);
if (
  'linux' >!< os &&
  'aix' >!< os &&
  'solaris' >!< os
) audit(AUDIT_OS_NOT, "a supported OS");

if (proto == 'local')
  info_t = INFO_LOCAL;
else if (proto == 'ssh')
{
  info_t = INFO_SSH;
  ret = ssh_open_connection();
  if (!ret) audit(AUDIT_FN_FAIL, 'ssh_open_connection');
}
else exit(0, 'This plugin only attempts to run commands locally or via SSH, and neither is available against the remote host.');

# Check if pdversion exists
default_pdversion_path = "/opt/PolicyDirector/bin/pdversion";
output = info_send_cmd(cmd:"test -x " + default_pdversion_path + " && echo OK");
if ("OK" >!< output)
{
  if (info_t == INFO_SSH) ssh_close_connection();
  audit(AUDIT_NOT_INST, 'IBM Access Manager for e-Business / IBM Security Access Manager');
}

# pdversion with no options only outputs the basic components, so
# need to specify all keys to get all info.
# Further, TAM and SAM support different values for '-key'
# so look for one, then the other and exit if neither is present
output = info_send_cmd(cmd:default_pdversion_path);

res = egrep(string:output, pattern:"IBM Tivoli Access Manager ");
if (strlen(res))
{
  # TAM is present
  component_keys = 'pdacld,pdauthadk,pdjrte,pdmgr,pdmgrprxy,pdrte,pdsms,pdweb,pdwebars,pdwebadk,pdwebrte,pdwpi,pdwsl,pdwpm,tivsecutl';
  app_name = 'IBM Tivoli Access Manager for e-Business';
}
else
{
  res = egrep(string:output, pattern:"Security Access Manager ");

  # If still nothing matching, neither TAM or SAM are installed; exit.
  if (!strlen(res))
  {
    if (info_t == INFO_SSH) ssh_close_connection();
    exit(1, "'" + default_pdversion_path + "' exists on the remote host, however, it provided no useful output.");
  }

  # SAM is present
  component_keys = 'pdacld,pdauthadk,pdjrte,pdmgr,pdmgrprxy,pdrte,pdsms,pdweb,pdwebadk,pdwebars,pdwebpi,pdwebpi.apache,pdwebpi.ihs,pdwebrte,pdwpm,tivsecutl';
  app_name = 'Security Access Manager for Web';
}

appears_to_be_installed = TRUE;

# Call pdversion again, but with option to list all components
output = info_send_cmd(cmd:default_pdversion_path + " -key " + component_keys);
if (info_t == INFO_SSH) ssh_close_connection();
res = egrep(string:output, pattern:"(IBM Tivoli Access Manager|(IBM )?Security Access Manager|IBM (Tivoli )?Security Utilities)");
if (!strlen(res))
  exit(1, "'" + default_pdversion_path + "' exists on the remote host, however, it provided no useful output when using the '-key' option.");

res_lines = split(chomp(res));
info = "";
version = UNKNOWN_VER;
components = make_array();

# Components and versions output from pdversion are in the format :
# IBM Tivoli Access Manager Policy Server                6.1.0.0
# IBM Tivoli Access Manager Policy Proxy Server          Not Installed
#
# Note : for the newer Security Access Manager, the output lines
#        will contain 'Security Access Manager ' rather than
#        'IBM Tivoli Access Manager'.

# Get component and version from each line
foreach res_line (res_lines)
{
  if ("Not Installed" >< res_line) continue;

  matches = eregmatch(
    string:res_line,
    pattern:"^((IBM Tivoli Access Manager|(IBM )?Security Access Manager|IBM (Tivoli )?Security Utilities).*) ([0-9.]+)$"
  );
  if (isnull(matches)) continue;
  component = strip(matches[1]);
  component_ver = matches[5];

  # Use the version of the runtime component
  if (component == "IBM Tivoli Access Manager Runtime")
    version = component_ver;
  info += '\n' +
    '  Component : ' + component + '\n' +
    '  Version   : ' + component_ver + '\n';
  set_kb_item(name:'ibm/tivoli_access_manager_ebiz/components/'+component, value:component_ver);
  components[component] = component_ver;
}

if (appears_to_be_installed)
{
  set_kb_item(name:'ibm/tivoli_access_manager_ebiz/pdversion_path', value:default_pdversion_path);

  register_install(
    app_name:'IBM Access Manager for e-Business / IBM Security Access Manager',
    path:default_pdversion_path,
    version:version,
    cpe:"cpe:/a:ibm:tivoli_access_manager_for_e-business",
    extra:components
  );

  if (report_verbosity > 0)
  {
    if (info)
      report =
        '\n' + app_name + ' appears to be installed.' +
        '\nThe following file was used to discover the components listed' +
        '\nfurther below :' +
        '\n\n' +
        '  File : '+default_pdversion_path +
        '\n' +
        '\n' + info;
    else
      report =
        '\n' + app_name + ' appears to be installed,' +
        '\nhowever, no components or version information could be obtained.' +
        '\n' +
        '\nThe following file was used to discover the presence of' +
        '\n' + app_name + ' :' +
        '\n\n' +
        '  File : '+default_pdversion_path +
        '\n';
    security_note(port:0, extra:report);
  }
  else security_note(0);
  exit(0);
}
audit(AUDIT_NOT_INST, 'IBM Tivoli Access Manager for e-Business / IBM Security Access Manager');