ericr999
Enthusiast
Enthusiast

Script protections / hashing

Jump to solution

This is not really related to VRO itself. But in my case, VRO is used to launch a Workflow that will do a bunch of stuff first, then upon the different results, will launch a PowerShell script. That script is sentitive and will do Delete/Create/Move stuff in AD.

Since its related to AD, the security team asked us to do a mecanic, to hash the Second script. That hash is stored in the first script. And the hash of the first script is stored in a Vault, more specifically CyberArk. So if the first script is changed, CyberArk will validate it and I won't be able to retrieve a password for the second script, so the script will fail. If the first script is good, and the second one the hash found in the first script and if it fit with the second one the script is allowed to be run.

So anyway, I was wondering what mecanic does people uses to monitor/protect their script ?

If I have to change something in the scripts I must change the hash in the scripts and must contact the Security team to change the hash value. And only me and another collegue is allowed to call them.

I know I could use Tripwire to monitor the file, but the current method used is not very pratical and I have to contact the other them frequently. I was trying to find something that makes more sense.

Thanks,

0 Kudos
1 Solution

Accepted Solutions
iiliev
VMware Employee
VMware Employee

Hi,

You should be able to cover this use case using Dan Linsley's Encryption plug-in, available at https://github.com/vmware/o11n-plugin-crypto

View solution in original post

0 Kudos
2 Replies
iiliev
VMware Employee
VMware Employee

Hi,

You should be able to cover this use case using Dan Linsley's Encryption plug-in, available at https://github.com/vmware/o11n-plugin-crypto

View solution in original post

0 Kudos
ericr999
Enthusiast
Enthusiast

Hi Ilian,

That's a very good plugin!! Thanks a lot!!

0 Kudos