![]() When the JSS Module is first loaded, that connection object isn't connected to anything. The method JSS.api returns the currently active connection to the API (an instance of a JSS::APIConnection, q.v.). swu_server = " Main SWU Server " # save the new network segment in the JSS, ns.create works as wellīefore you can work with JSS Objects via the API, you have to connect to it. # which must exist in the JSS, and be listed in JSS::SoftwareUpdateServer.all_names building = " Main Office " # Associate this network segment with a specific software update server, # which must exist in the JSS, and be listed in JSS::Building.all_names make ( name: ' Private Class C ', starting_address: ' 192.168.0.0 ', ending_address: ' 192.168.0.255 ' ) # Associate this network segment with a specific building, # This makes a new Ruby Object that doesn't yet exist in the JSS. save # Create a new network segment to store in the JSS. add_member " pricklepants " # save changes back to the JSS, mg.update works also fetch name: " Macs of interest " # Add a computer to the group # representing the existing JSS computer group. all # get an array of names of all JSS::Package objects in the JSS: connect user: jss_user, pw: jss_user_pw, server: jss_server_hostname # get an array of basic data about all JSS::Package objects in the JSS: ![]() Here are some simple examples of using ruby-jss require ' ruby-jss ' # Connect to the API NOTE: ruby-jss 1.2.4 will introduce beta-level support for the Jamf Pro API in a ruby module called 'Jamf', See README-JP-API.md in /lib/jamf, or in the 'Files' section of the YARD docs file for details. ![]() Hopefully others will find it useful, and add more to it as well.įull technical documentation can be found here. We've implemented the things we need in our environment, and as our needs grow, we'll add more. Of those, some are read-only, some partially writable, some fully read-write (all implemented objects can be deleted) See OBJECTS IMPLEMENTED for a list. Only some API objects are modeled, some only minimally. The module is not a complete implementation of the Jamf Pro Classic API. Point, and the installation of JSS::Package objects on client machines. dmg JSS::Package data to the master distribution ![]() It also provides some features that aren't a part of the API itself, but come with other The module abstracts many API resources as Ruby objects, and provides methods for interacting with those The JAMF Software Server (JSS), the core of Jamf Pro, an enterprise-level management tool for Appleĭevices from. Ruby-jss defines a Ruby module called JSS, which is used for accessing the 'classic' REST API of Working with JSS Objects (a.k.a REST Resources).Many many thanks to actae0n of Blacksun Hackers Club for reporting this issue and providing examples of how it could be exploited. Please update all installations of ruby-jss to at least v1.6.0. This has been resolved in 1.6.0, which now uses the CFProperlyList gem. Versions of ruby-jss prior to 1.6.0 contain a known security issue due to the use of the 'plist' gem. IMPORTANT: Known Security Issue in v1.5.3 and below Thanks again to everyone who has provided feedback on this change.Ruby-jss: Working with the Jamf Pro Classic API in Ruby We continue to evaluate all aspects of our APIs to ensure simple and secure programmatic access to the entire Jamf portfolio of products. Starting in Jamf Pro 10.36 you can disable this directly within the web interface by unchecking the "Allow Basic authentication in addition to Bearer Token authentication" checkbox in your Password Policy settings as outlined in the release notes ( ). We encourage customers not currently using the Classic API to disable basic auth as soon as possible to reduce the attack surface of their Jamf Pro instance. We know that a change like this causes additional work for customers and partners to update API workflows, but we believe this change is critical to improving the overall security posture of Jamf Pro. Today, the Classic API is the main target for attackers executing brute force attacks to attempt to gain access to a Jamf Pro instance.īy using the same authorization mechanism as the newer Jamf Pro API, we're able to funnel all auth requests through a small number of endpoints that we can rate limit, without limiting every API request. The change in authorization mechanism in the Classic API was an effort to quickly mitigate the threat of brute force attacks against Jamf Pro instances. We received some great feedback from the community, and there were some questions around why we chose to make this change. In Jamf Pro 10.35 we announced the deprecation of Basic authentication in the Classic API scheduled for a future release of Jamf Pro ( ).
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |