Fidelis Cybersecurity
Fidelis Blog


Use the Halo API to inventory the IP addresses of your servers

In this API example, we’ll look at how to pull out useful information about your servers.  I’d like to get a list of all IP addresses used by my cloud servers, so let’s take a look at how to do that.

** NOTE ** Halo API has changed since this blog post was written – please see Halo API Developer Guide and Using the Halo API for details

We’ve put together a few library functions that make that easier, so please install the api-lib library V0.19 or higher (install script), in /usr/local/bin/ .  As with all commands using the library, make sure you run the following two commands first:

. /usr/local/bin/api-lib
resty '*'


The first command loads a library of support tools into your shell.  The second command tells the support tools to always put the “” URL in front of any API calls.

First, go to the portal and get the name of a group with some servers; we’ll use “Test group” in this example.  The API is case-sensitive for things like server and server groups.
Let’s start with just a list of the servers.  We’ll use the ActiveHostnamesInGroup function from the library you just loaded:

Now, let’s grab all their IP addresses, one line per server:

$ ListServerIPs `ActiveHostnamesInGroup 'Test group'`

That’s a start, but it’s a little hard to match up with the particular host.  If you want the hostname as the first parameter on the line, add “–show-host”:


$ ListServerIPs --show-host `ActiveHostnamesInGroup 'Test group'`

Finally, if you want to see the interface names too, add “–show-interface”.

$ ListServerIPs --show-host --show-interface `ActiveHostnamesInGroup 'Test group'`
cloud-test6 Connecting_IP_Address/ eth1/ eth0/
cloud-test7 Connecting_IP_Address/ eth1/ eth0/
cloud-test5 Connecting_IP_Address/ eth1/ eth0/
cloud-test2 Connecting_IP_Address/ eth1/ eth0/

This shows you the particular IP address for each interface, and also shows why we are seeing duplicate IP addresses.  The first IP address is always the IP address that’s used for outgoing connections.  If your cloud server is given a private address that starts with 10., 192.168., or 172.16.-172.31., this isn’t the IP address that is used for real-world communication.  The IP used for real-world communication is the first IP on the list.

Finally, if you only want details on specific systems, you can put those right on the command line instead of asking for an entire group:

ListServerIPs --show-interface cloud-test6 'Test group'
Connecting_IP_Address/ eth1/ eth0/

Many thanks to Apurva for his help in setting this up.
Cheers!  — Bill

Stay up to date on all things security

Subscribe to the Threat Geek Blog