Search code examples
luacisco

Lua Scripts for Cisco AnyConnect

We are trying to deploy Dynamic Access Policies (DAP) for Cisco AnyConnect client that will check end users' computer whether they have AntiVirus installed and running, firewall is up and running, and has certain Windows Updates (KB). Cisco has a nice web site that show these in different scripts, however, we want to merge these three scripts into one.

Below is the code and the web site that shows Lua script for AntiVirus and Firewall check. Could you please help me to merge this script with Hotfix KB check as well? https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/115947-dap-adv-functions-00.html#anc9

Thanks in advance

        assert(function()
    function checkav(antix)
        if (type(antix) == "table") then
            for k,v in pairs(antix) do
                if (EVAL(v.activescan, "EQ", "ok", "string") and EVAL (v.lastupdate, "LT", "2592000", "integer")) then
                    return true
                end
            end
        end
        return false
    end
    function checkfw(antix)
        if (type(antix) == "table") then
            for k,v in pairs(antix) do
                if (EVAL(v.enabled, "EQ", "ok", "string")) then
                    return true
                end
            end
        end
        return false
    end
    return (checkav(endpoint.av) and checkfw(endpoint.fw))
end)()
    assert(function ()
    local pattern = "KB944"
    local true_on_match = true
    local match = false
    for k,v in pairs(endpoint.os.hotfix) do
        print(k)
        match = string.find(k, pattern)
        if (match) then
            if (true_on_match) then
                return true
            else return (false)
            end
        end
    end
end)()
Solution

  • The way forward: separate functionality. Then, you can call an assertion and combine calls using a logical and:

    Hotfix KB check:

    function hotfixKb()
    local pattern = "KB944"
    local true_on_match = true
    local match = false
    for k,v in pairs(endpoint.os.hotfix) do
        print(k)
        match = string.find(k, pattern)
        if (match) then
            if (true_on_match) then
                return true
            else
                return (false)
            end
        end
    end
end

    AntiVirus check:

    function checkAntiVirus(antix)
    if (type(antix) == "table") then
        for k,v in pairs(antix) do
            if (EVAL(v.activescan, "EQ", "ok", "string") and EVAL (v.lastupdate, "LT", "2592000", "integer")) then
                return true
            end
        end
    end

    return false
end

    Firewall check:

    function checkFireWall(antix)
    if (type(antix) == "table") then
        for k,v in pairs(antix) do
            if (EVAL(v.enabled, "EQ", "ok", "string")) then
                return true
            end
        end
    end

    return false
end

    Then:

    assert(hotfixKb() and checkAntiVirus() and checkFireWall())