If you are having trouble getting your first audit started, it is best to attempt to audit a single, known machine with proper credentials before moving on to full subnets of devices. Start with this guide below on how to audit a single machine.
Not getting good data back from the audit? Unsure if it worked as intended? Check the discovery log to ensure the audit has ran successfully on the device.
If you are not getting much information back from the audit then it is possible that the credential set given was not valid or received properly. To ensure that the credential set was accepted, click on the discovery log on the device summary page and scroll towards the bottom of the window.
The discovery log, along with other logs and information open up below the summary page. Scroll down to view them.
As shown in the image above, this example is using SSH credential set. SSH is typically used on Linux devices, WMI is used by Windows machines, and SNMP is used in both Linux and Windows environments. More information on credentials and configuration can be found here: Target Client Configuration. The first underline in the image above is showing that SSH Status is true since we are using this form of authentication for the example. Notice WMI Status is shown as false as well as SNMP, if a device was using those forms of credentials then the Status should be true. Ensure which ever credential type you are using is displaying the Status as true, otherwise the audit will not successfully complete. The second underlined part of this image is confirming that the credential set is working for this device and then continues below to show that the SSH audit is starting. Check the discovery log for this information after auditing your device to see if the credentials are being accepted with no issues.
Discovery stopped working?
If you are running a RedHat or CentOS system and you have upgraded Nmap or went to a previous version sometimes it is necessary to reset the SUID on the binary. You can do this by running the following command:
The audit function of Open-AudIT is designed to work "out of the box" as much as possible with the default settings of target devices. However, this is not always the case.
Follow this link below to view requirements to get the audit to work as well as for some helpful hints about credential requirements, and items to configure when things aren't quite working as planned.
More information coming soon! The Opmantek OpenAudIT Wiki has many useful resources and guides to help you: Home