When we execute a discovery in 3.3.0, the global configuration item discovery_exclude_ip is not being honored.
A work-around is to add these excluded IPs into the individual discovery (Enterprise users). Other users will have to apply the below patch.
In the file open-audit/code_igniter/application/helpers/discoveries_helper.php Lines 245 - 247 are as below.
$CI->db->query($sql, $data);
$all_ip_list = all_ip_list($discovery);
In between these lines insert the below.
if ( ! empty($CI->config->config['discovery_ip_exclude'])) {
$exclude_ip = str_replace(' ', ',', $CI->config->config['discovery_ip_exclude']);
if ( ! empty($discovery->attributes->other->nmap->exclude_ip)) {
$discovery->attributes->other->nmap->exclude_ip .= ',' . $exclude_ip;
} else {
$discovery->attributes->other->nmap->exclude_ip = $exclude_ip;
}
}
So the section of file now looks like
$CI->db->query($sql, $data);
if ( ! empty($CI->config->config['discovery_ip_exclude'])) {
$exclude_ip = str_replace(' ', ',', $CI->config->config['discovery_ip_exclude']);
if ( ! empty($discovery->attributes->other->nmap->exclude_ip)) {
$discovery->attributes->other->nmap->exclude_ip .= ',' . $exclude_ip;
} else {
$discovery->attributes->other->nmap->exclude_ip = $exclude_ip;
}
}
$all_ip_list = all_ip_list($discovery);
That code will combine any excluded IPs from the configuration with those specified in the individual discovery.
You can find a patched file on github at https://github.com/Opmantek/open-audit/blob/master/code_igniter/application/helpers/discoveries_helper.php
Apologies for the inconvenience.