🐧
Linux Control Center
EN
EN
  • Introduction - User Manual
  • Requirements
    • Server Requirements
    • Client Requirements
  • Quick Start
  • Setup and Installation
  • Dashboard
  • Discover
    • Linux Control Center Discover
    • BeyondTrust Password Safe
  • Host Actions
    • Get Info
    • Package Check Update
    • Package Update
    • Package Vulnerable Update
    • Package Hold
    • Package Install
    • Package Remove
    • Account Add
    • Account Del
    • Account Expire
    • Account Lock
    • Account UnLock
    • File Add
    • File Del
    • File Download
    • Manage Host Service
    • Host Ping
    • Host Reboot
    • Host Shutdown
    • Insert Group
    • Check Vulnerability
    • Execute Custom Playbook
    • Execute Custom Scripts
    • Tenable Launch Scan
    • Tenable Sync Results
    • Delete Hosts
  • Host Groups
  • Managed Account
    • Create Managed Account
  • Managed Files
    • Create Managed File
  • 7 Library
    • Install Tenable Agent
  • 7 VulnDB-API
  • Custom Scripts
    • Linux Scripts
    • BeyondTrust Password Safe Secrets
  • Custom Playbooks
  • Hook Bridge
    • Hook Bridge
  • Workflow
    • Create Workflow
  • Assisted Workflow
  • Scheduler
  • Unmanaged Hosts
    • Microsoft Windows
  • Settings and Integrations
    • Settings
      • License
      • Worker
      • Nodes
      • Certificate
      • LCC Management
      • Diagnostic
      • Linux Credentials
      • Regions
      • Syncronized Files
      • Notifications
        • SMTP
        • Teams
        • Telegram
      • Parameters
      • Discover Timeout
      • Backup and Restore
    • Integrations
      • BeyondTrust
        • Password Safe
        • Privileged Remote Access
      • VMWare
      • Nutanix
      • Tenable
        • Security Center
        • Cloud Security
    • User Management
      • Console Users
        • Create Super User
        • Create Group Users
      • TOTP
      • Providers
        • SAML
          • Cisco Duo
          • Entra ID
      • Authentication
  • Release Notes
Powered by GitBook
On this page
  • Requirements
  • Overview
  • Objective
  • Hook Bridge Token
  • Request Parameters
  • Login Type Request Configuration
  • Login Type System Configuration
  • Custom Script Action with Login Type Script Configuration
  • Request Logs
  • Hook Bridge Request
  1. Hook Bridge

Hook Bridge

PreviousHook BridgeNextWorkflow

Last updated 12 days ago

Requirements

Linux Control Center = 2.10.X or higher

Overview

The LCC Hook Bridge is a feature that allows the automated execution of Actions on specific networks through Web requests. Each request contains an authorization Token that defines which Actions will be executed and on which network (CIDR). These actions are pre-configured at the time of Token creation, ensuring that only authorized Actions are executed.

The Hook Bridge is also used to facilitate integrations with the Linux Control Center. Serving as an access point, this feature allows the user to execute pre-configured actions on the LCC without needing to be logged in to the Console, while still ensuring high traceability of the flow and multiple options for monitoring the execution.

  1. See the operating flow of the Hook Bridge with Propagation Action from BeyondTrust Password Safe.

Objective

The objective of this document is to provide step-by-step instructions and demonstrate the use of the Hook Bridge functionality of the Linux Control Center.

Hook Bridge Token

  1. Access the Hook Bridge screen on the left side menu.

  2. Click Create.

  3. Fill in the Name field.

  4. Choose the CIDR registered in the LCC database.

    Name: Name to identify the Hook Bridge. CIDRs: Defines which IP address range (CIDR) the Token will have access to in order to execute the Actions.

  5. It is also possible to create a new CIDR, to do so, click on the + sign

  6. Fill in the required fields, being;

Name: Name to identify the CIDR. CIDR: Enter the IP address range followed by the network mask. Ex: 192.168.0.0/24

  1. Click Save.

  2. Set the Action in the Action field

  • Action: Defines which Action the Token will be allowed to execute.

  1. Choose the Token login method in the Login Type field.

  • Login Type: Defines the Token authentication type, whether it will be Request Credential or System Configuration.

  • Difference between Login Type System Configuration and Request Credential.

When selecting Request Credentials as the login type, the request must mandatory contain the username and password with access permission to the target Host, along with the Token, serving as double authentication.

With the System Configuration option, the user can execute the configured Action only with the Token as authentication.

  1. Check if the fields were filled in correctly and click Save.

Request Parameters

  • The Token serves to limit which Action will be executed and to perform authentication, but does not define on which Host the Action will be executed. To define the Host, the LCC provides some parameters that allow you to configure the request as needed.

The request URL must contain Host and/or Hostname to define which Host the Action will be executed on. When only one of them is sent, the search will be performed using the parameter provided.

If both parameters are provided, the search will be performed using both. This means that if the Hostname is not associated with the Host parameter provided, the match will not be made, and the request will return an error informing what happened.

Login Type Request Configuration

  • See how to assemble a request with Login Type Request Configuration. Note: Always use the & sign to join each argument.

Login Type Request Configuration Arguments:

  • token: Token that was generated in the LCC Console.

  • username: User used to log in to the Host.

  • password: Password used to log in to the Host.

  • host: IPV4 address of the host where the Action will be executed.

  • hostname: Hostname of the host where the Action will be executed.

  1. The request must start with the IP Address or Hostname of the Linux Control Center

  • https://lcc_ip_or_hostname/

  1. Then, insert the API endpoint /api/v2/hook_bridge/request/action/

  • https://lcc_ip_or_hostname/api/v2/hook_bridge/request/action/

  1. After placing the endpoint, place the Hook Bridge ID with the ? sign right after it. The ID is availableavailable in the Hook Bridge ID field.

  • https://lcc_ip_or_hostname/api/v2/hook_bridge/request/action/1?

  1. Set the IP address in the host= parameter and/or the hostname= of the Host where the action will be executed.

  • https://ip_or_hostname_of_lcc/api/v2/hook_bridge/request/action/1?host=10.15.88.4

  • https://ip_or_hostname_of_lcc/api/v2/hook_bridge/request/action/1?hostname=lcc-ubuntu-22

  1. Define the authentication arguments &username= and &password= that will be responsible for logging into the server where the actions will be executed.

  • https://lcc-ip-or-hostname/api/v2/hook-bridge/request/action/1?host=10.15.88.4&username=HOOKBRIDGE_USER&password=HOOKBRIDGE_NAME

  1. Define the Token of the request with the &token= parameter

  • The Token field is obtained from the Token field on the Hook Bridge screen.

  • https://ip-ou-hostname-do-lcc/api/v2/hook-bridge/request/action/1?host=10.15.88.4&username=USUARIO_HOOKBRIDGE&password=SENHA_HOOKBDRIGE&token=YfNa1UKBlMV7nLpa

  1. See the example of a complete Request Configuration request with the curl utility:

  • Windows Terminal: curl.exe -k "https://ip-or-hostname-of-lcc/api/v2/hook-bridge/request/action/1?host=10.15.88.4&username=USUARIO_HOOKBRIDGE&password=SENHA_HOOKBDRIGE&token=YfNa1UKBlMV7nLpa"

  • Linux Terminal: curl -k "https://ip-or-hostname-of-lcc/api/v2/hook-bridge/request/action/1?host=10.15.88.4&username=USUARIO_HOOKBRIDGE&password=SENHA_HOOKBDRIGE&token=YfNa1UKBlMV7nLpa"

Login Type System Configuration

  • See how to assemble a request with Login Type System Configuration. Note: always use the & sign to join each of the arguments.

  • Login Type System Configuration Arguments:

  • token: Token that was generated in the LCC Console.

  • host: IPV4 address of the host where the Action will be executed.

  • hostname: Hostname of the host where the Action will be executed.

Note that the only difference is that the Login Type System Configuration does not need the username and password arguments

  1. The request must start with the IP Address or Hostname of the Linux Control Center

  • https://lcc_ip_or_hostname/

  1. Then, insert the API endpoint /api/v2/hook_bridge/request/action/

  • https://ip_or_hostname_of_lcc/api/v2/hook_bridge/request/action/

  1. After setting the endpoint, set the value of the Hook Bridge ID with the ? sign right after it. The ID is available in the Hook Bridge ID field.

  • https://ip_or_hostname_of_lcc/api/v2/hook_bridge/request/action/1?

  1. Set the IP address in the host= parameter and/or the hostname= of the Host where the action will be executed.

  • https://lcc_ip_or_hostname/api/v2/hook_bridge/request/action/1?host=10.15.88.4

  • https://lcc_ip_or_hostname/api/v2/hook_bridge/request/action/1?hostname=lcc-ubuntu-22

  • See an example of using both arguments simultaneously;

  • https://lcc_ip_or_hostname/api/v2/hook_bridge/request/action/1?host=10.15.88.4&hostname=lcc-ubuntu-22

  1. Set the request Token with the &token= parameter

  • https://lcc-ip-or-hostname/api/v2/hook-bridge/request/action/1?host=10.15.88.4&token=YfNa1UKBlMV7nLpa

  1. See the example of a complete System Configuration request with the CURL utility:

  • Windows Terminal: curl.exe -k "https://ip-or-hostname-of-lcc/api/v2/hook-bridge/request/action/1?host=10.15.88.4&token=YfNa1UKBlMV7nLpa"

  • Linux Terminal: curl -k "https://ip-or-hostname-of-lcc/api/v2/hook-bridge/request/action/1?host=10.15.88.4&token=YfNa1UKBlMV7nLpa"

Custom Script Action with Login Type Script Configuration

When selecting the Script Configuration option, the login will be performed on the machine according to the settings registered in the Credential tab of the Script, without needing to inform the Username or Password parameter as the request arg. It is also possible to use the Login Type Request Credential.

This Action allows you to use only 1 script for each Token, and you can change it whenever necessary.

  1. Click on Action and choose the Custom Script option.

  2. Click on Login Type and choose the Script Configuration option

  3. Click on Script and define which script will be executed by the Token

  4. Click on Save

  • Arguments Login Type Script Configuration ration:

  • token: Token that was generated in the LCC Console.

  • host: IPV4 address of the host where the Action will be executed.

  • hostname: Hostname of the host where the Action will be executed.

Request Logs

Hook Bridge Request

  1. Access the Hook Bridge screen

  2. Click on the desired Hook Bridge.

  3. On this page, you can see the entire execution history for the selected Hook Bridge.

  • Host: where the request was executed.

  • Status: Result of the request.

  • Date and Time of Creation and Last Update.

  • Logs: Detailed information about the result of the request.

The STATUS field contains an identifier for each step of the process, such as:

  • Requested

  • Queued

  • Executing

  • Success

  • Error

  • No license

  • Canceled