Hello Mark.
Sorry for the late response but weekend got in the way and I didn't have access to the server.
With -o add_system I get a file "add_system" created in the woking directory with this content:
Array ( [0] => stdClass Object ( [code] => ERR-0021 [status] => HTTP/1.1 400 Bad Request [severity] => 4 [title] => Required attributes not supplied (User:, Collection:input, Action:). [detail] => When attempting to create a resource, some attributes are required but missing. [status_code] => 400 [severity_text] => warning [controller] => [summary] => Required attributes not supplied (User:, Collection:input, Action:). [link] => /open-audit/index.php/errors/ERR-0021 ) )
Basically the same error.
I activated Code Igniter logs and appart from the initialization logs, I'm getting a couple notices and a warning as follows:
ERROR - 2019-07-08 08:32:57 --> Severity: Notice --> Undefined property: Input::$user /usr/local/open-audit/code_igniter/application/helpers/error_helper.php 65 ERROR - 2019-07-08 08:32:57 --> Severity: Notice --> Trying to get property of non-object /usr/local/open-audit/code_igniter/application/helpers/error_helper.php 65 ERROR - 2019-07-08 08:32:57 --> Severity: Warning --> mysqli_num_rows() expects parameter 1 to be mysqli_result, boolean given /usr/local/open-audit/code_igniter/system/database/drivers/mysqli/mysqli_result.php 38
I don't know if that's relevant to the error.
Thanks for your time Mark.
Edited for clarity.
I think I have an answer. Your XML file must have data= as the first 5 characters when submitting like this. This is because PHP accepts the input and must be able to associate the XML string with an attribute - in this case, called "data".
Hello Mark.
Indeed that fixed the issue and the server finally displays the system just created.
It also works with "-d" or "–data" argument instead of "--data-binary" and the "-o add_system" argument is not necesary.
Why authentication is not necessary to add a system?
Doesn't that beat the point of generating a cookie?
No auth required because machines can have the audit script run locally using cron or task scheduler and submit the result themselves.
The Blessed Subnets feature mitigates the risk, here - Blessed Subnets.
And if a rogue actor was to submit an audit result that changed things on a PC(s), it is all recorded in the change log anyway.
Hello Mark.
I get it then.
Thank you for your help.
What about this one?
curl -o add_system --data-binary @file.xml http://localhost/open-audit/index.php/input/devices
Hello Mark.
Thanks for your response.
I tried that and it gives me errors:
[user@server ~]# curl --data-binary @file.xml http://localhost/open-audit/index.php/input/devices Array ( [0] => stdClass Object ( [code] => ERR-0021 [status] => HTTP/1.1 400 Bad Request [severity] => 4 [title] => Required attributes not supplied (User:, Collection:input, Action:). [detail] => When attempting to create a resource, some attributes are required but missing. [status_code] => 400 [severity_text] => warning [controller] => [summary] => Required attributes not supplied (User:, Collection:input, Action:). [link] => /open-audit/index.php/errors/ERR-0021 ) )
So far i've tried without arguments and with the arguments "user", "input_type" and "upload_file" trough both GET and POST methods and always fails with either ERR-0011 or ERR-0021.
What could it be?
The linux audit script does the below:
curl --data-binary "@file.xml" http://localhost/open-audit/index.php/input/devices
There is no need for cookies.
Hello.
I've been running version 10.09.01 of Open-Audit since forever and finally decided to upgrade to the latest version.
The thing is I've been having problems adding devices with the API (I can succesfully run queries); while the script audit_linux.sh works as it should and adds the results of the scan, the commands curl and wget alone wont add a device.
So far I've tried wget and curl with countless argument combinations, but I always get errors or even no errors but nothing gets added.
curl -b cookies.txt -F 'input_type=@file.xml http://localhost/omk/open-audit/index.php/input/devices
curl -X GET -b cookies.txt --data 'upload_file=@file.xml' http://localhost/omk/open-audit/index.php/input?action=devices
curl -b cookies.txt --data-binary "@file.xml" http://localhost/open-audit/index.php/input/devices
wget -o add_system --post-file=file.xml http://localhost/open-audit/index.php/devices
So my questions are:
What is the correct command to create a device with curl?
Which one is the correct URL: localhost/omk/open-audit/ or localhost/open-audit/?
Thank you in advance.