Child pages
  • How to use Open-AudIT Discovery on an Active Directory Domain
Skip to end of metadata
Go to start of metadata

Discovery Overview

Discovery is a new feature in Open-AudIT version 1.2. Discovery will audit Windows and Linux computers, SNMP scan network devices and record active target addresses if no SNMP is active. Discovery runs entirely from the web interface regardless of the Open-AudIT server running on Linux or Windows.

NOTE - You will need the ports for WMI on the Windows firewall opened on each target Windows computer. For Windows Core servers, ensure you allow the firewall connections as per - http://blogs.technet.com/b/brad_rutkowski/archive/2007/10/22/unable-to-remotely-manage-a-server-core-machine-mmc-wmi-device-manager.aspx

How to use Discovery

Setting Default Attributes

To use Discovery, first a few default attributes should be set.

As an Open-AudIT admin level user, go to Menu -> Admin -> Config.

The single most important attribute to set the the "default_network_address" attribute. This is used for Discovery so that when we send an audit script to a remote machine we can also provide the URL of the Open-AudIT server for the remote machine to send it's data back to. We set this manually because your Open-AudIT server may have multiple network addresses. Rather than try and work out the correct address, we ask you to complete this step manually so there can be no mistakes.

For an Active Directory Discovery, you should also set the following fields:

  • default_windows_username
  • default_windows_domain
  • default_windows_password

For completeness, the following fields are also best set:

  • default_snmp_community
  • default_ssh_username
  • default_ssh_password

Once these have been completed you can go to Menu -> Admin -> Discovery -> Discover a Subnet.

 

This form will pre-populate with your defaults (which you have just configured), but you can also over ride them with specific attributes for any given Discovery run.

Fill the form details and click the Discover button.

Results

You will be redirected to the Logging page. You can refresh this page and see the progress of the Discovery run. 

Once the initial list of target devices has been obtained you should see details of each target as it is scanned and input into Open-AudIT.

Logging

NOTE - The logging is quite verbose so there is now a feature to purge the log file at Menu -> Admin -> Logs -> Purge Log.

You can set the log level in the configuration (menu -> System > Open-AudIT Basic Configuration). By default it is set to 5, but you may wish to temporarily increase it to 7 for debugging purposes.

You should see logging similar to the below (if set to level 7). In the below instance, a Discovery run was performed on the open-audit.com domain and the two computers win2k8dc and winxp-pro were audited.

How Does it Work

When running a Discovery against an Active Directory domain, the process is different depending on if your Open-AudIT server is installed on a Windows or Linux machine.

Windows Discovery of AD

The discover_domain.vbs script is run locally with the values provided as per the form. The Open-AudIT server will then talk to the domain controller, obtain a list of computers and audit them.

Linux Discovery of AD

The discover_domain.vbs and audit_windows.vbs are copied to the nominated Active Directory server and the discover_domain.vbs script is started on that Active Directory server. The Active Directory server will obtain a list of computers, audit them and then submit the result to the Open-AudIT server. The linux programs smbclient and winexe are used to enable Linux to copy the scripts and start them on the Windows server.

  • No labels