-
-
Save nathancatania/2c25ad1d663d25b5677d51bba3d1681c to your computer and use it in GitHub Desktop.
Netskope Tools to Configure Inspection for Developer Machines
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# THIS SCRIPT IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. | |
# IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. | |
# BY USING THIS SCRIPT, YOU AGREE TO USE IT AT YOUR OWN RISK. | |
# This script is supposed to fix SSLError by assigning Netskope certificates to a list of tools. | |
# You can find this list under the main | |
# How to run: | |
<# | |
1. Open Start. | |
2. Search for PowerShell, right-click the top result, and select the Run as administrator option. | |
3. Type the following command to allow scripts to run and press Enter: | |
Set-ExecutionPolicy Unrestricted | |
4. Type A and press Enter (if applicable). | |
5. Type the correct path to the script in the following command and run it: | |
& "C:\PATH\TO\SCRIPT\first_script.ps1" | |
#> | |
# configures python-related tools | |
function configure_python{ | |
if($Env:REQUESTS_CA_BUNDLE -ne "${bundle}") { | |
Write-Host "REQUESTS_CA_BUNDLE" -NoNewline | |
setx REQUESTS_CA_BUNDLE "${bundle}" | |
} | |
} | |
# OpenSSL CLI | |
function configure_openssl{ | |
if($Env:SSL_CERT_FILE -ne "${bundle}") { | |
Write-Host "SSL_CERT_FILE" -NoNewline | |
setx SSL_CERT_FILE "${bundle}" | |
} | |
} | |
# Curl CLI | |
function configure_curl{ | |
if($Env:CURL_CA_BUNDLE -ne "${bundle}") { | |
Write-Host "CURL_CA_BUNDLE" -NoNewline | |
setx CURL_CA_BUNDLE "${bundle}" | |
} | |
} | |
# Node.JS | |
function configure_node_js{ | |
if($Env:NODE_EXTRA_CA_CERTS -ne "${bundle}") { | |
Write-Host "NODE_EXTRA_CA_CERTS" -NoNewline | |
setx NODE_EXTRA_CA_CERTS "${bundle}" | |
} | |
} | |
# Git CLI | |
function configure_git{ | |
if($Env:GIT_SSL_CAPATH -ne "${bundle}") { | |
Write-Host "GIT_SSL_CAPATH" -NoNewline | |
setx GIT_SSL_CAPATH "${bundle}" | |
} | |
} | |
# Azure CLI | |
function configure_az{ | |
# python-based | |
configure_python | |
} | |
# AWS CLI | |
function configure_aws{ | |
if($Env:AWS_CA_BUNDLE -ne "${bundle}") { | |
Write-Host "AWS_CA_BUNDLE" -NoNewline | |
setx AWS_CA_BUNDLE "${bundle}" | |
} | |
} | |
function configure_gcloud{ | |
gcloud config set core/custom_ca_certs_file "$bundle" | |
} | |
# Eclipse | |
# function configure_java{ | |
# # get java version to specify the PATH | |
# $java_version = /usr/libexec/java_home -v 1.8 | |
# # add cert to java keystore | |
# &"C:\Program Files\Java\jdk-$java_version\bin>/keytool \ | |
# -import -alias netskope-cert-bundle \ | |
# -storepass changeit \ | |
# -file $bundle -noprompt | |
# " | |
# } | |
function configure_composer{ | |
composer config --global cafile "$bundle" | |
} | |
function configure_nmp{ | |
npm config set cafile "$bundle" | |
} | |
# function configure_Android_Studio{ | |
# bash -c " | |
# # Add cert to Android keystore for Android Studio | |
# /Applications/Android\ Studio.app/Contents/jre/Contents/Home/bin/keytool \ | |
# -import -alias netskope-cert-bundle -keystore \ | |
# /Applications/Android\ Studio.app/Contents/jre/Contents/Home/lib/security/cacerts -storepass changeit \ | |
# -file $bundle -noprompt | |
# " | |
# } | |
function tool_exists{ | |
Param ($command) | |
$oldPreference = $ErrorActionPreference | |
$ErrorActionPreference = 'stop' | |
try {if(Get-Command $command){RETURN $true}} | |
Catch {RETURN $false} | |
Finally {$ErrorActionPreference=$oldPreference} | |
} | |
function generate_bundle{ | |
((Get-ChildItem Cert: -Recurse | Where-Object { $_.RawData -ne $null } ` | |
| Sort-Object -Property Thumbprint -Unique ` | |
|% { "-----BEGIN CERTIFICATE-----", [System.Convert]::ToBase64String($_.RawData, "InsertLineBreaks"), "-----END CERTIFICATE-----", "" }) ` | |
-replace "`r","") -join "`n" ` | |
| Out-File -Encoding ascii "$bundle" -NoNewline | |
} | |
#################### MAIN ########################## | |
# first list of supported command line tools | |
$tools = @( | |
"aws" | |
"az" | |
"curl" | |
"openssl" | |
"git" | |
"python" | |
# "java" | |
"gcloud" | |
"composer" | |
# "nmp" # stands for aws_cdk | |
) | |
# the list of supported apps | |
$apps=@( | |
# "Android Studio" | |
# "Salesforce Apex Dataloader" | |
# "Node.JS" | |
) | |
# Netskope directory | |
$ns_data_dir="$env:ProgramData\Netskope\STAgent\download" | |
# path to the bundle | |
$bundle="$ns_data_dir\netskope-cert-bundle.pem" | |
# generate cert bundle | |
if (test-Path "$bundle" ) | |
{ | |
Write-Host "Certificate bundle already exists" | |
} | |
else | |
{ | |
generate_bundle | |
} | |
Write-Host "Bundle location : $bundle" | |
# configure command line tools | |
foreach ($i in $tools) | |
{ | |
if (tool_exists $i) | |
{ | |
# Write-Host "$i : " | |
&"configure_$i" | |
} | |
} | |
# # configure apps | |
# foreach ($i in $apps) | |
# { | |
# if (app_exists $i) | |
# { | |
# Write-Host $1 | |
# &"configure_$i" | |
# } | |
# } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# THIS SCRIPT IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. | |
# IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. | |
# BY USING THIS SCRIPT, YOU AGREE TO USE IT AT YOUR OWN RISK. | |
#!/bin/zsh | |
# ./configure_tools.sh | |
# check if the command returns the SSLError | |
test(){ | |
source $shell | |
while read -r line; do | |
# echo $line | |
if [[ $line == *"SSL"* ]]; then | |
ssl_error_exists=true | |
fi | |
done < <($1 2>&1) | |
if [ "$ssl_error_exists" = true ] ; then | |
return 0 | |
else | |
return 1 | |
fi | |
} | |
export_env_var(){ | |
# if environment variable is not defined to ns bundle | |
if [[ "$(printenv | grep $1)" != *${bundle//\\/$''}* ]]; then | |
# need to backup the shell startup script before editing | |
backup | |
# export variable to startup script | |
echo export $1="${bundle}" >> $shell | |
# export to the current window | |
export $1="${bundle}" | |
fi | |
} | |
backup(){ | |
if [ "$have_backup" = false ] ; then | |
backup_file="$shell-$(date +%s)" | |
echo "Backing up $shell to $backup_file" | |
cp $shell $backup_file | |
have_backup=true | |
fi | |
} | |
configure_python(){ | |
export_env_var REQUESTS_CA_BUNDLE | |
} | |
configure_openssl(){ | |
export_env_var SSL_CERT_FILE | |
} | |
configure_curl(){ | |
export_env_var CURL_CA_BUNDLE | |
} | |
configure_node_js(){ | |
export_env_var NODE_EXTRA_CA_CERTS | |
} | |
configure_git(){ | |
export_env_var GIT_SSL_CAPATH | |
} | |
configure_az(){ | |
# python-based | |
if ! tool_exists python | |
then | |
export_env_var REQUESTS_CA_BUNDLE | |
fi | |
} | |
# AWS CLI | |
configure_aws(){ | |
# aws configure set default.ca_bundle $bundle | |
export_env_var AWS_CA_BUNDLE | |
} | |
configure_gcloud(){ | |
bash -c "gcloud config set core/custom_ca_certs_file $bundle" | |
} | |
configure_java(){ | |
# Add cert to java keystore | |
bash -c " | |
/Library/Internet\ Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/bin/keytool \ | |
-import -alias netskope-cert-bundle \ | |
-storepass changeit \ | |
-file $bundle -noprompt | |
" | |
} | |
configure_composer(){ | |
bash -c "composer config --global cafile $bundle" | |
} | |
# aws_cdk | |
configure_npm(){ | |
bash -c "npm config set cafile $bundle" | |
} | |
configure_android_studio_app(){ | |
# Add cert to Android keystore for Android Studio | |
bash -c " | |
/Applications/Android\ Studio.app/Contents/jre/Contents/Home/bin/keytool \ | |
-import -alias netskope-cert-bundle -keystore \ | |
/Applications/Android\ Studio.app/Contents/jre/Contents/Home/lib/security/cacerts -storepass changeit \ | |
-file $bundle -noprompt | |
" | |
} | |
test(){ | |
while read -r line; do | |
# echo $line | |
if [[ $line == *"SSL"* ]]; then | |
ssl_error_exists=true | |
fi | |
done < <($1 2>&1) | |
if [ "$ssl_error_exists" = true ] ; then | |
echo 'FAIL' | |
else | |
echo 'SUCCESS' | |
fi | |
} | |
tool_exists(){ | |
# if it is app | |
if [[ ${1:(-4)} == ".app" ]] | |
then | |
# check for presence under Applications folder | |
if [[ "$(ls /Applications)" == *$1* ]] | |
then return 0 | |
fi | |
return 1 | |
fi | |
# if command not found | |
if ! command -v $1 &> /dev/null | |
# alternative: | |
# if ! [ -x "$(command -v $1)" ] | |
then | |
return 1 # false | |
fi | |
return 0 | |
} | |
get_shell(){ | |
my_shell=$(echo $SHELL) | |
echo $my_shell | |
if [[ $my_shell == *"bash"* ]] | |
then | |
shell=~/.bash_profile | |
else | |
shell=~/.zshrc | |
fi | |
} | |
################################# MAIN ################################### | |
ns_data_dir="/Library/Application\ Support/Netskope/STAgent/data" | |
# sudo sh -c "cat '/Library/Application Support/Netskope/STAgent/data/nscacert.pem' '/Library/Application Support/Netskope/STAgent/data/nstenantcert.pem' > '/Library/Application Support/Netskope/STAgent/data/netskope-cert-bundle.pem'" | |
bundle="$ns_data_dir/netskope-cert-bundle.pem" | |
# check if using bash or zsh | |
get_shell | |
echo "Bundle location : $bundle" | |
echo "Shell : $shell" | |
# generate cert bundle | |
if [ -f "$bundle" ] | |
then | |
echo "Certificate bundle already exists" | |
else | |
# generate bundle | |
eval cd $ns_data_dir | |
cacert="$ns_data_dir"/nscacert.pem | |
tenantcert="$ns_data_dir"/nstenantcert.pem | |
CA="https://ccadb-public.secure.force.com/mozilla/IncludedRootsPEMTxt?TrustBitsInclude=Websites" | |
sudo sh -c "cat $tenantcert $cacert > $bundle" | |
sudo sh -c "curl $CA >> ${bundle}" | |
fi | |
# list of supported tools | |
declare -a tools=( | |
"aws" | |
"az" | |
"curl" | |
"openssl" | |
"git" | |
"java" | |
"python" | |
"gcloud" | |
"npm" | |
"composer" | |
"Android Studio.app" | |
"Node.JS.app" | |
# "Salesforce Apex Dataloader" | |
) | |
have_backup=false # no backup created yet | |
# configure each tool | |
for tool in "${tools[@]}" | |
do | |
echo "Checking for presence of $tool" | |
if tool_exists $tool | |
then | |
echo "Configuring $tool for Netskope" | |
configure_"$(echo $tool | tr ' .' _ | tr '[:upper:]' '[:lower:]')" | |
else | |
>&2 echo "$tool not detected" | |
fi | |
done | |
echo "Done" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment