Child pages
  • How to Schedule Discovery using a script
Skip to end of metadata
Go to start of metadata



NOTE - This has been made largely redundant by the inclusion of Scheduled Task setup in Open-AudIT Enterprise v1.5.1.

Introduction

To enable discovery on a regular basis, you need to be able to schedule the Open-AudIT discovery to run at the required frequency, e.g. every day.  To do this using a series of discover a subnet using a script can be useful to setup scheduled Discovery runs. These can be created using the cron scheduler on Linux. The script named discover_subnet_cron.sh is designed for this purpose and is included with Open-AudIT Enterprise. You can supply individual arguments on the command line or set them inside the script. Both ways have benefits.

Argument options

If you set the arguments inside the script:

  • Credentials will not appear on the command line or in the cron schedule.
  • Multiple copies of the script can be created with different arguments for each.

If you set the arguments on the command line:

  • Only a single script is required for (potentially) multiple Discovery runs.

The script arguments can be set on the command line by (for example):

./discover_subnet_cron.sh option=value

Argument Types

The script has two basic types of arguments - required and optional.

The required arguments are:

  • openaudit_user, this is the username of a valid Open-AudIT administrator level user (set to 'admin' by default). This is not the unix user running the script.
  • openaudit_pass, the corresponding password for the above user (set to 'password' by default).
  • openaudit_url, this is usually left at the default supplied value (set to 'http://localhost/open-audit/index.php/discovery/discover_subnet' by default).
  • local_address, this is the ip address of the Open-AudIT server upon which the Discovery is run. This must be an address visible to remote devices if they are to be audited using an audit script (audit_windows.vbs or audit_linux.sh).
  • subnet, this is the nmap style subnet (no default). Valid examples are:
    192.168.0.1 (a single address)"
    192.168.1.2/32 (a single address with mask)"
    192.168.3.0/24 (a 24 bit mask - 192.168.3.0 to 192.168.3.255)"
    198.168.0-255.1-127 (a range of ip addresses)

The optional arguements are:

  • snmp_community, the SNMP community string for any devices discovered on this subnet (set to 'public' by default).
  • ssh_user, the SSH username for any devices discovered on this subnet (no default).
  • ssh_password, the password for the above SSH user (no default).
  • windows_user, the Windows username to be used in this discovery run. This should have local administrator rights on any discovered Windows PCs (no default).
  • windows_domain, the Windows domain for the above user (no default).
  • windows_password, the Windows password for the above user (no default).
  • debugging, the command line output level. 0 = none, 1 = debug (set to '1' by default).
  • quiet, no need to specify a value. using this is the equivalent to debugging=0.
  • verbose, no need to specify a value. using this is the equivalent to debugging=1.
  • syslog, if set, will log to this file (set to /usr/local/open-audit/other/open-audit.log by default).

Even though the credentials are optional, not providing them will limit Discovery to only those that are provided. hence, providing no Windows credentials will prevent an audit script from being run upon any Windows computers, etc.

Debugging

If the option is set "debugging=1" or the "verbose" option is provided, command line output will occur. If "debugging=0" or "quiet" are set, no output will occur.

If output is set to occur, a list of variables will be provided, along with any generated log file entries.

A typical example is below:

 

Help

If help is invoked with "help" or "help=y", or if an incorrect command line option is provided, output to the console will occur providing an overview of the script and it's options. If an incorrect argument is provided, debugging will also be enabled. The output is below:

 

 

Example

A valid example to run Discovery on the 192.168.0.1/24 subnet using some defaults would be:

Scheduling using Cron

Because of file permissions, it may be easiest to set the crontab schedule using root. This is not necessary though and the script can be run (assuming file execute other permission is set) by any valid user, it is advisable that these files be restricted in their access, as they contain passwords.

A valid crontab line to schedule the Discovery job to run at 1:00 am each day would look like:

As previously stated, the options above may be set in a copy of the script which can be copied and renamed as required.

If you wanted to include multiple subnets you might like to use an intermediate script like discover_many_subnets.sh, and schedule that in cron.  For example discovery_many_subnets.sh might include:

Then in the crontab schedule the discovery using the intermediate script:

You might like to run infrastructure subnets at night, and user subnets during the day, there are many options available with this flexible solution.

Logging

Once a discovery job has been run, an entry into the standard Open-AudIT log will be created.

This is viewable by Menu -> Admin -> Log -> View Log, inside Open-AudIT or Menu -> Views -> Log inside Open-AudIT Enterprise.

The standard file location is /usr/local/open-audit/other/open-audit.log. Typical entries into the log for a discovery run will look like:

Jul 09 15:05:50 desktop 26496 S:discover_subnet_cron U:mark Discovery for 192.168.0.15 cron job STARTED
Jul 09 15:05:50 desktop 26496 S:discover_subnet_cron U:mark Discovery for 192.168.0.15 cron job COMPLETED successfully

If a submission to the Open-AudIT server fails, you will see an entry such as:

Jul 09 15:05:50 desktop 26496 S:discover_subnet_cron U:mark Discovery for 192.168.0.15 cron job STARTED
Jul 09 15:05:50 desktop 26496 S:discover_subnet_cron U:mark Discovery for 192.168.0.15 cron job FAILED wget submission

If any required arguments are not provided, a log line will be created and the script will abort. Example:

Jul 09 15:05:50 desktop 26496 S:discover_subnet_cron U:mark Discovery for 192.168.0.15 cron job STARTED
Jul 09 15:05:50 desktop 26496 S:discover_subnet_cron U:mark Discovery for 192.168.0.15 cron job FAILED subnet to discover not provided

 If debugging is enabled, any lines written to the log file will also be printed to the screen.

 

An example of a complete Discovery run log is below. This includes the cron job submission, the web page acceptance, the discover script, the web page processing of the discover script result and the update of the database.

Jul 09 16:39:33 oa.opmantek.com 10853 C:discovery F:process_subnet Deleting credential set for 192.168.0.2 submitted on 2014-07-09 16:39:23.
Jul 09 16:39:31 oa.opmantek.com 11801 C:discovery F:process_subnet Completed processing 192.168.0.2 (System ID 320).
Jul 09 16:39:28 oa.opmantek.com 11801 C:discovery F:process_subnet SNMP credential update for 192.168.0.2 (System ID 320).
Jul 09 16:39:28 oa.opmantek.com 11801 C:discovery F:process_subnet SNMP update for 192.168.0.2 (System ID 320).
Jul 09 16:39:28 oa.opmantek.com 11801 H:snmp_helper F:get_snmp 192.168.0.2 SNMP v2c scanned.
Jul 09 16:39:28 oa.opmantek.com 11801 C:discovery F:process_subnet Attempting SNMP discovery on 192.168.0.2.
Jul 09 16:39:28 oa.opmantek.com 11801 C:discovery F:process_subnet SSH Status: true 192.168.0.2.
Jul 09 16:39:28 oa.opmantek.com 11801 C:discovery F:process_subnet SNMP Status: true 192.168.0.2.
Jul 09 16:39:28 oa.opmantek.com 11801 C:discovery F:process_subnet WMI Status: false 192.168.0.2.
Jul 09 16:39:28 oa.opmantek.com 11801 C:discovery F:process_subnet Start processing 192.168.0.2.
Jul 09 16:39:28 oa.opmantek.com 23241 S:discover_subnet U:apache Discovery for 192.168.0.2 submitted at 2014-07-09 16:39:23 completed
Jul 09 16:39:28 oa.opmantek.com 23241 S:discover_subnet U:apache Submitting online 192.168.0.2
Jul 09 16:39:23 oa.opmantek.com 23234 S:discover_subnet_cron U:marku Discovery for 192.168.0.2 cron job COMPLETED successfully
Jul 09 16:39:23 oa.opmantek.com 23241 S:discover_subnet U:apache Scanning ip address 192.168.0.2
Jul 09 16:39:23 oa.opmantek.com 23241 S:discover_subnet U:apache Discovery for 192.168.0.2 submitted at 2014-07-09 16:39:23 starting
Jul 09 16:39:23 oa.opmantek.com 12143 C:discovery F:discover_subnet U:Administrator Discovery submitted for 192.168.0.2.
Jul 09 16:39:23 oa.opmantek.com 23234 S:discover_subnet_cron U:marku Discovery for 192.168.0.2 cron job STARTED

 

 

 

 

  • No labels