Introduction

Executables is a Linux client focused feature. It is not for Windows clients.

Executables will test directories for executable files that are not know by the package manager. This works with both rpm (Redhat, et al) and deb (Debian / Ubuntu, et al) based distributions.

Because this feature has the potential to cause some load (depending on the configuration) on the target machine, it is disabled by default. To enable it, enable the config item for 'feature_executables'.

How Does it Work?

Enterprise customers are able to define a list of directories to be scanned (we typically recommend /usr), which are recursively checked for executable files. Each file that is executable is verified against the package manager (yum / dpkg) and if it is not know, an entry is recorded. These entries are then treated just like any other component (processor, software, user groups, etc) inside Open-AudIT. Change, add's and remove's are recorded.

As well as directories to be scanned, customers can also provide exceptions not to be tested. These paths are compatible with the find (include) and grep (exclude) commands.

Database Schema

The database schema can be found in the application is the user has database::read permission by going to menu: Admin -> Database -> List Tables, then clicking on the details button for the table.

API / Web Access

You can access the collection using the normal Open-AudIT JSON based API. Just like any other collection. Please see The Open-AudIT API documentation for further details.