"Error with http request(2). Audit not submitted." (caused by Class 'SimpleXMLElement' not found, but how do we fix that?)

 
1
0
-1

I have just installed a new version 2 Open Audit server (previously version 1 on a different server). I have attempted to run my first audit using the new server and get an error. I tried running it in verbose mode but it didn't give any additional error details. I'm hoping someone can advise where I should look to resolve the problem. Audit output is below.

I should add, as you can see in the audit below, the openaudit web server is on port 81, not the usual port 80, because it would clash with another server we have running there and cannot move.  We used version 1 Open Audit server on port 81 without any problems.  I'm therefore assuming that they wouldn't have introduced problems when upgrading it to version 2.

Thanks,
Stephen

Microsoft (R) Windows Script Host Version 5.812
Copyright (C) Microsoft Corporation. All rights reserved.

starting audit - .
----------------------------
Open-AudIT Windows audit script
Version: 2.1.1
----------------------------
audit_dns: y
audit_mount_point: y
audit_netstat: s
audit_software: y
create_file: n
debugging: 3
details_to_lower: y
discovery_id:
hide_audit_window: n
ldap:
org_id:
ping_target: n
self_delete: n
strcomputer: .
strpass:
struser:
submit_online: y
system_id:
url: http://toolsdev.iam-afghanistan.org:81/open-audit/index.php/input/devices
use_proxy: n
windows_user_work_1: physicalDeliveryOfficeName
windows_user_work_2: company
-------------------
LocalNet: 10.0.0.4 fe80::d4f1:6b53:7ca4:d13c 192.168.3.46 fe80::a904:e8ed:9362:2cb6 
MYCOMPUTERNAME
Target: .
Match: Auditing localhost.
Not pinging target because we're auditing localhost.
My PID is : 6320
Audit Start Time : 2018-03-04 09:46:54
Audit Location: local

-------------------
system info
....abridged....
Audit Generated in 107 seconds.
Submitting audit online
Error with http request(2). Audit not submitted.
Total Execution Time: 144 seconds.

    CommentAdd your comment...

    9 answers

    1.  
      1
      0
      -1

      Done. I assume you're planning to see if that audit result will upload to a known working test server to see if it is the client that is causing the failure or the server.

      1. Mark Unwin

        Stephen, Thanks for that. FWIW, the audit result itself is fine. The software most definitely does work, so I can only assume this is an environment issue. I'm about at the end of my usefulness here. If you were a paying customer, the next step would be to retrieve your configuration and then a screen sharing session so I could attempt to further narrow it down. Mark.

      2. Stephen Wilkey

        Thanks for that Mark. I decided to rule out the port being an issue and temporarily stopped the service on port 80 so I could put apache back there. With apache working normally on port 80 the audit submission still failed at exactly the same place. I had previously wondered if it was a permission problem, but as the url is a virtual url (index.php/input/devices) that can't be the case. I'm now wondering if it is a unique problem caused by Ubuntu 16.04 that hasn't yet been experienced widely.

      3. Stephen Wilkey

        I believe I have found the source of the fault. This is from /var/log/error.log: [Sat Mar 10 08:51:05.382453 2018] [:error] [pid 2905] [client 103.41.8.2:65047] PHP Fatal error: Uncaught Error: Class 'SimpleXMLElement' not found in /usr/local/open-audit/code_igniter/application/controllers/include_input_devices.php:129\nStack trace:\n#0 /usr/local/open-audit/code_igniter/application/controllers/input.php(186): include()\n#1 /usr/local/open-audit/code_igniter/application/controllers/input.php(164): input->devices()\n#2 /usr/local/open-audit/code_igniter/system/core/CodeIgniter.php(325): input->_remap('devices', Array)\n#3 /var/www/html/open-audit/index.php(324): require_once('/usr/local/open...')\n#4 {main}\n thrown in /usr/local/open-audit/code_igniter/application/controllers/include_input_devices.php on line 129, referer: http://toolsdev.iam-afghanistan.org/open-audit/index.php/input/devices Having found the fault though, I am unsure what to do about it as it appears that the code is somehow missing SimpleXMLElement

      4. Stephen Wilkey

        Sorry, correction, that was found in /var/log/apache2/error.log

      5. Stephen Wilkey

        I tried grep -ir 'SimpleXMLElement' . to search all files in /usr/local/open-audit and found the following: grep: ./other/scripts: Permission denied ./code_igniter/application/controllers/db_upgrades/db_1.08.04.php: // $xml = new SimpleXMLElement(utf8_encode($contents)); ./code_igniter/application/controllers/db_upgrades/db_1.08.04.php: // $xml = new SimpleXMLElement(utf8_encode($contents)); ./code_igniter/application/controllers/san.php: $xml = new SimpleXMLElement('<root/>'); ./code_igniter/application/controllers/san.php: $xml = new SimpleXMLElement('<root/>'); ./code_igniter/application/controllers/san.php: $xml = new SimpleXMLElement('<root/>'); ./code_igniter/application/controllers/san.php: $xml = new SimpleXMLElement('<root/>'); ./code_igniter/application/controllers/include_input_devices.php: $xml = new SimpleXMLElement($input, LIBXML_NOCDATA); ./code_igniter/application/controllers/include_input_discoveries.php: $xml = new SimpleXMLElement($xml_input); ./code_igniter/application/controllers/include_input_discoveries.php: $esx_xml = new SimpleXMLElement($esx_input); ./code_igniter/application/controllers/input.php: $xml = new SimpleXMLElement($xml_input); But those all appear to be trying to use SimpleXMLElement, not defining it. So it looks to me like it really is missing. I looked in other/scripts and found that it has drwxrwx permission so I couldn't see in it without sudo. Inside it was a readme.txt that said that it was a temporary script directory used by the server, but there was nothing else there. So I'm really not sure where else to look for this missing class. Does anyone have any ideas?

      6. Mark Unwin

        apt-get install php-simplexml

      7. Stephen Wilkey

        Thanks Mark! We're up and running now. Your instruction gave the necessary clue, though the problem was much more complex. I'm reproducing the solution here to help others who might encounter something similar in future. My recommendation to anyone installing OpenAudit is to keep a copy of the output from the installation script as I did. And then to review it, and not to rely on the final statement of: ++++++++++++++++++++++++++++++++++++++++++++++++++++++ installation complete. ++++++++++++++++++++++++++++++++++++++++++++++++++++++ I assumed, incorrectly that this meant it had successfully installed and that any issues encountered along the way were either not critical issues or had been resolved by the installation script. That is an incorrect assumption. The script had detected some missing packages, and reported this with the words "Some required packages are missing!" And then it tried to install them. It succeeded with some packages but then failed with "-------COMMAND RETURNED EXIT CODE 100--------" for some of them. These actually should have indicated to me that the installation had failed, but because the installation script continued and appeared to be ok I didn't recognise it as a failure. So this was the solution I followed: *** As you can see, installing simplexml wasn't the ultimate problem - it wouldn't install: ubuntu@ip-172-30-0-230:~$ sudo apt-get install php-simplexml Reading package lists... Done Building dependency tree Reading state information... Done Note, selecting 'php7.0-xml' instead of 'php-simplexml' You might want to run 'apt-get -f install' to correct these: The following packages have unmet dependencies: libsnmp30 : Depends: libsensors4 (>= 1:3.0.0) but it is not going to be install ed php7.0-xml : Depends: libxslt1.1 (>= 1.1.25) but it is not going to be installe d E: Unmet dependencies. Try 'apt-get -f install' with no packages (or specify a s olution). ubuntu@ip-172-30-0-230:~$ sudo apt-get -f install Reading package lists... Done Building dependency tree Reading state information... Done Correcting dependencies... Done The following additional packages will be installed: libsensors4 Suggested packages: lm-sensors The following NEW packages will be installed: libsensors4 0 upgraded, 1 newly installed, 0 to remove and 6 not upgraded. 4 not fully installed or removed. Need to get 0 B/28.4 kB of archives. After this operation, 114 kB of additional disk space will be used. Do you want to continue? [Y/n] y (Reading database ... 88825 files and directories currently installed.) Preparing to unpack .../libsensors4_1%3a3.4.0-2_amd64.deb ... Unpacking libsensors4:amd64 (1:3.4.0-2) ... dpkg: error processing archive /var/cache/apt/archives/libsensors4_1%3a3.4.0-2_a md64.deb (--unpack): trying to overwrite shared '/etc/sensors.d/.placeholder', which is different fr om other instances of package libsensors4:amd64 Errors were encountered while processing: /var/cache/apt/archives/libsensors4_1%3a3.4.0-2_amd64.deb E: Sub-process /usr/bin/dpkg returned an error code (1) *** Google advised to delete the file that was blocking it. So I moved it. ubuntu@ip-172-30-0-230:~$ sudo mv /etc/sensors.d/.placeholder /etc/sensors.d/.placeholderold *** Running apt-get again showed that it wasn't the only problem. I had to remove other files too. ubuntu@ip-172-30-0-230:~$ sudo apt-get -f install Reading package lists... Done Building dependency tree Reading state information... Done Correcting dependencies... Done The following additional packages will be installed: libsensors4 Suggested packages: lm-sensors The following NEW packages will be installed: libsensors4 0 upgraded, 1 newly installed, 0 to remove and 6 not upgraded. 4 not fully installed or removed. Need to get 0 B/28.4 kB of archives. After this operation, 114 kB of additional disk space will be used. Do you want to continue? [Y/n] y (Reading database ... 88825 files and directories currently installed.) Preparing to unpack .../libsensors4_1%3a3.4.0-2_amd64.deb ... Unpacking libsensors4:amd64 (1:3.4.0-2) ... dpkg: error processing archive /var/cache/apt/archives/libsensors4_1%3a3.4.0-2_amd64.deb (--unpack): trying to overwrite shared '/etc/sensors3.conf', which is different from other instances of package libsensors4:amd64 Errors were encountered while processing: /var/cache/apt/archives/libsensors4_1%3a3.4.0-2_amd64.deb E: Sub-process /usr/bin/dpkg returned an error code (1) ubuntu@ip-172-30-0-230:~$ sudo mv /etc/sensors3.conf /etc/sensors3.confold ubuntu@ip-172-30-0-230:~$ sudo apt-get -f install Reading package lists... Done Building dependency tree Reading state information... Done Correcting dependencies... Done The following additional packages will be installed: libsensors4 Suggested packages: lm-sensors The following NEW packages will be installed: libsensors4 0 upgraded, 1 newly installed, 0 to remove and 6 not upgraded. 4 not fully installed or removed. Need to get 0 B/28.4 kB of archives. After this operation, 114 kB of additional disk space will be used. Do you want to continue? [Y/n] y (Reading database ... 88825 files and directories currently installed.) Preparing to unpack .../libsensors4_1%3a3.4.0-2_amd64.deb ... Unpacking libsensors4:amd64 (1:3.4.0-2) ... Setting up libsnmp-base (5.7.3+dfsg-1ubuntu4) ... Setting up libsensors4:amd64 (1:3.4.0-2) ... Setting up libsnmp30:amd64 (5.7.3+dfsg-1ubuntu4) ... Setting up php7.0-snmp (7.0.25-0ubuntu0.16.04.1) ... Creating config file /etc/php/7.0/mods-available/snmp.ini with new version Setting up php-snmp (1:7.0+35ubuntu6.1) ... Processing triggers for libc-bin (2.23-0ubuntu10) ... Processing triggers for libapache2-mod-php7.0 (7.0.25-0ubuntu0.16.04.1) ... ubuntu@ip-172-30-0-230:~$ sudo apt-get install php-simplexml Reading package lists... Done Building dependency tree Reading state information... Done Note, selecting 'php7.0-xml' instead of 'php-simplexml' The following additional packages will be installed: libxslt1.1 The following NEW packages will be installed: libxslt1.1 php7.0-xml 0 upgraded, 2 newly installed, 0 to remove and 6 not upgraded. Need to get 259 kB of archives. After this operation, 957 kB of additional disk space will be used. Do you want to continue? [Y/n] y Get:1 http://us-east-1.ec2.archive.ubuntu.com/ubuntu xenial-updates/main amd64 libxslt1.1 amd64 1.1.28-2.1ubuntu0.1 [145 kB] Get:2 http://us-east-1.ec2.archive.ubuntu.com/ubuntu xenial-updates/main amd64 php7.0-xml amd64 7.0.25-0ubuntu0.16.04.1 [113 kB] Fetched 259 kB in 0s (10.4 MB/s) Selecting previously unselected package libxslt1.1:amd64. (Reading database ... 88833 files and directories currently installed.) Preparing to unpack .../libxslt1.1_1.1.28-2.1ubuntu0.1_amd64.deb ... Unpacking libxslt1.1:amd64 (1.1.28-2.1ubuntu0.1) ... Selecting previously unselected package php7.0-xml. Preparing to unpack .../php7.0-xml_7.0.25-0ubuntu0.16.04.1_amd64.deb ... Unpacking php7.0-xml (7.0.25-0ubuntu0.16.04.1) ... Processing triggers for libc-bin (2.23-0ubuntu10) ... Processing triggers for libapache2-mod-php7.0 (7.0.25-0ubuntu0.16.04.1) ... Setting up libxslt1.1:amd64 (1.1.28-2.1ubuntu0.1) ... Setting up php7.0-xml (7.0.25-0ubuntu0.16.04.1) ... Creating config file /etc/php/7.0/mods-available/dom.ini with new version Creating config file /etc/php/7.0/mods-available/simplexml.ini with new version Creating config file /etc/php/7.0/mods-available/wddx.ini with new version Creating config file /etc/php/7.0/mods-available/xml.ini with new version Creating config file /etc/php/7.0/mods-available/xmlreader.ini with new version Creating config file /etc/php/7.0/mods-available/xmlwriter.ini with new version Creating config file /etc/php/7.0/mods-available/xsl.ini with new version Processing triggers for libc-bin (2.23-0ubuntu10) ... Processing triggers for libapache2-mod-php7.0 (7.0.25-0ubuntu0.16.04.1) ... *** Then you must restart apache2 ubuntu@ip-172-30-0-230:/var/www/html$ sudo systemctl restart apache2 *** Having successfully resolved this I took a look at the output of the installation of OpenAudit - which I had fortunately captured during the installation process. I found several occurrences of exit code 100. One of them was for simplexml. As a precaution I therefore tried to install each of the other failed installations manually, this time they all worked. Then I restarted apache2 again.

      CommentAdd your comment...
    2.  
      1
      0
      -1

      Can you run the below and send the resulting file and the command output to marku@opmantek.com

      cscript audit_windows.vbs submit_online=n create_file=y debugging=3
        CommentAdd your comment...
      1.  
        1
        0
        -1

        I've only tried auditing two machines but they both fail.  In version 1 of Open Audit this was no problem

          CommentAdd your comment...
        1.  
          1
          0
          -1

          I just tried submitting an audit XML to that page manually and I saw the file uploading to 100% then the page looked like it was going to take me to a success message, but instead what happened was it displayed this:

          This page isn’t working

          toolsdev.iam-afghanistan.org is currently unable to handle this request.

          HTTP ERROR 500
          And it was for exactly the same url.(http://toolsdev.iam-afghanistan.org:81/open-audit/index.php/input/devices)
          If I then press refresh it takes me to the page correctly - where you would submit the result, but the result is not submitted.
          Is this some sort of permission problem on the webserver?
          1. Mark Unwin

            I'm wondering if it's an issue running on port 81, but it shouldn't be. Do _all_ your audits fail like this, or just this machine?

          CommentAdd your comment...
        2.  
          1
          0
          -1

          Hi Mark,

          Yes, we do get a webpage with that address:

          Audit Script Input 

          If we are getting that what might the problem be?
            CommentAdd your comment...
          1.  
            1
            0
            -1

            Stephen,

            You are correct. Setting blessed_subnets_use to 'n' will allow submission from any IP.
            Submission should happen in < 10 seconds (depending on database size, server hardware, etc, etc).
            It looks like it's timing out. If you use the target machine and open a browser and go to http://toolsdev.iam-afghanistan.org:81/open-audit/index.php/input/devices do you see a web page?

            Mark.

              CommentAdd your comment...
            1.  
              1
              0
              -1

              The documentation about blessed subnets indicates that when an audit is rejected because of a blessed subnet issue then it will be reported in a log.  I've checked the logs and nothing is reported.

              Also, if the server was actually rejecting it I'd expect it to be pretty quick, however the submission failure takes quite a while 1min+ to occur, so this doesn't seem right to me.

                CommentAdd your comment...
              1.  
                1
                0
                -1

                Thanks Mark.

                I have this setting in my configuration on the server

                blessed_subnets_usen

                I expected that would be sufficient.  Is there something else I should do to accept data from ANY subnet?

                Regards,

                Stephen

                  CommentAdd your comment...
                1.  
                  1
                  0
                  -1

                  Likely Blessed Subnets

                    CommentAdd your comment...