Forum Discussion

saidshow_251381's avatar
saidshow_251381
Icon for Cirrostratus rankCirrostratus
Mar 13, 2019

User for ASM Automated Backup Script

Hi Guys,

 

I have a script that allows me to backup ASM policies in moments, the catch however is that this script requires credentials for a user with Advanced Shell Access. Advanced Shell Access requires Administrative privileges. As a result, this script then creates a security issue even when properly stored and access simply due to the hardcoded credentials in the script.

 

I am aiming to reduce the severity of this issue in one of two ways: - Is it possible to have a user with read only permissions in the portal and advanced shell access on the box? or can I create an API only user? - Alternatively is anyone aware of how I can swap out credentials from my script so that if the script was discovered, credentials would not be identified?

 

Thanks

 

  • Hi Saidshow,

     

    interesting question which I don't have an answer for. But... ;-)

     

    ... how about placing the script directly on your units and let the script push the backups to a file share. In this case you only need some user credentials to write onto your share.

     

    A backup job could for an example be triggered via an anonymous GET request (or ask for some hardcoded credentials) through an iRule attached to an ordinary HTTP Virtual Server. Once the iRule is executed it would generate a specific log line, which triggers an iCall log-event and finally executes your backup script to generate the backups and store them on the file share...

     

    https://devcentral.f5.com/articles/what-is-icall-27404

     

    Cheers, Kai