Querying Windows Management Instrumentation (WMI) to gather information about a computer is second nature on a PC for some. But working with it on Linux not-so-much. Here's what you need to know.
At one time, a "Windows guy," a "Linux guy" and a "security guy" existed in separate silos. IT workers were split into various roles and rarely ventured outside of their role's responsibilities. Now the industry is starting to merge together. DevOps, anyone? So, it's becoming rarer for an administrator just to work with one operating system or one niche.
With this merge comes challenges and features of an administrator's operating system of choice may not exist or may not be as intuitive as one might expect. Windows Management Instrumentation (WMI) is one of those technologies.
To a Windows "guy," WMI is a fact of life. Querying WMI to gather information about a computer becomes second nature on a Windows computer. But attempting to work with WMI on Linux will soon put the brakes on any enthusiast Windows fan. But that needn't be the case.
WMIC
Let's start the ball rolling by investigating a couple ways to query WMI on a Windows machine from a Linux machine.
When working in Linux, Python quickly becomes a good friend. Like PowerShell on Windows, Python on Linux is ubiquitous and will be a standard method used to query WMI on a Windows machine. It's not possible to work with WMI from Python out of the box; you must download a Python library or download and compile a familiar WMI tool called WMIC, which is where we're going to start.
First, download and compile WMIC on our Linux box. There's a great step-by-step tutorial on how to do this here, or follow these commands to get up and running.
sudo apt-get install autoconf
## Download to your home folder
cd ~
wget http://www.openvas.org/download/wmi/wmi-1.3.14.tar.bz2
tar -xvf wmi-1.3.14.tar.bz2
## Edit the GNUMakeFile and add a line
cd wmi-1.4.14/ #or whatever version you installed
## Add "ZENHOME=../.." to the GNUMakeFile without the quotes
sudo make "CPP=gcc -E -ffreestanding"
## Make a copy of the wmic binary
cp bin wmic
## Copy the binary to somewhere in your path
sudo cp wmic /usr/bin/
## Test a query to a remote computer
wmic -Utestuser%tstpass //172.16.2.2 "SELECT * FROM Win32_OperatingSystem"
sudo apt-get install autoconf
## Download to your home folder
cd ~
wget http://www.openvas.org/download/wmi/wmi-1.3.14.tar.bz2
tar -xvf wmi-1.3.14.tar.bz2
## Edit the GNUMakeFile and add a line
cd wmi-1.4.14/ #or whatever version you installed
## Add "ZENHOME=../.." to the GNUMakeFile without the quotes
sudo make "CPP=gcc -E -ffreestanding"
## Make a copy of the wmic binary
cp bin wmic
## Copy the binary to somewhere in your path
sudo cp wmic /usr/bin/
## Test a query to a remote computer
wmic -Utestuser%tstpass //172.16.2.2 "SELECT * FROM Win32_OperatingSystem"
WMI-Client-Wrapper
You should now be able to query remote Windows computers. But, a common reason to query WMI in the first place is part of an automation script. In the Linux world, Python is king at that. Let's take this a step further and see how to use WMIC from within a Python script.
The first step will be to download and install a Python module called wmi-client-wrapper. This is easy to do with Python's package management application, pip.
sudo pip install wmi-client-wrapper
sudo pip install wmi-client-wrapper
Once installed, create a Python script on your Linux machine with the following contents:
#!/usr/bin/python
import wmi_client_wrapper as wmi
wmic = wmi.WmiClientWrapper(
username="localaccount",
password="localpassword",
host="<HostNameOrIpAddress>",
)
output = wmic.query("SELECT * FROM Win32_Processor")
print(output)
#!/usr/bin/python
import wmi_client_wrapper as wmi
wmic = wmi.WmiClientWrapper(
username="localaccount",
password="localpassword",
host="<HostNameOrIpAddress>",
)
output = wmic.query("SELECT * FROM Win32_Processor")
print(output)
Notice that I'm importing the Python module previously downloaded with pip and then I am using the WmiClientWrapper() method to establish a connection to the Windows computer. Once done, I can use the query() method to pass WQL queries to the machine, which will then get executed. Above, I'm querying the Win32_Processor class.
The output can be a little ugly. However, it is in JSON format which provides the administrator with plenty of other tools to parse.
As you've seen, querying WMI isn't necessarily as straightforward as doing so in PowerShell, for example, but with a little time and patience, it's still possible to bridge the Windows and Linux worlds one piece of technology at a time.
source:http://www.tomsitpro.com/
No comments:
Post a Comment