Versions Compared

Old Version 1

changes.mady.by.user Mark Unwin

Saved on

compared with

New Version 2

changes.mady.by.user Mark Unwin

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

sha256sum:

Linux only release.

Table of Contents

Important Caveats

- We now only support Redhat 8/9, Debian 11/12, and Ubuntu 20.04/22.04. Upgraders please read all the documentation below.

For version 5.0.0, we do not have OKTA authentication in place. This will be coming ASAP.


The Important Stuff

Version 5 of Open-AudIT. Wow, what a ride. Underneath the skin, it is huge. We have upgraded the underlying framework and brought the code itself up to current best practices. As a result, we now install on current Redhat, Debian, and Ubuntu and we need a minimum of PHP 7.4. Hence, the following are the officially supported distributions: Redhat 8/9, Debian 11/12, and Ubuntu 20.04/22.04. We also deprecated the omkd daemon and associated Perl framework. So now there is a single interface and a single website. Obviously, this makes for less code. Which means fewer errors. And less work. All in all, I'm very happy with the result. Party popper

But that's all underneath - you don't care about that! You just want the new features. Well, to be honest, there aren't a lot. We have upgraded the front end to use Bootstrap 5. Community users will notice that the most. We have also moved on from the Tango icons set. Now in use is the Newaita Reborn set. Tango has been awesome, but after almost 20 years, it's time for a change! SurprisedImage Added

If you download the package from FirstWave, you'll get the Enterprise functionality which includes the javascript library for charting. If you download, build, and install from Github you won't get the Enterprise functionality, nor the javascript charting library. Those pieces are not open source. Them's the breaks - a guy's gotta eat! Wink

...

The format of the JSON response for included has changed. Previously it was a single array of objects, each of which could be any type. Now we have included being an object, with each attribute being an array. Each included attribute is the $collection. So now we have included->orgs[{},{}]. This saves time enumerating the entire included array when you need a specific type of item. They're now all neatly grouped together. An example is at the bottom of this page. Warning

We have removed the /devices?sub_resource=$component URL and replaced it with /components?components.type=$component. If you're calling this URL, you should supply a type, i.e. - /components?components.type=bios. The components collection covers the following database tables: bios, certificate, disk, dns, file, ip, log, memory, module, monitor, motherboard, netstat, network, nmap, optical, pagefile, partition, policy, print_queue, processor, radio, route, san, scsi, server, server_item, service, share, software, software_key, sound, task, usb, user, user_group, variable, video, vm, windows. Electric light bulb

...

Logging is now on the filesystem, rather than in the database. All-access is logged by default. You can find daily logs at /open-audit/writeable/logs/

For version 5.0.0, we do not have OKTA authentication in place. This will be coming ASAP. Soon arrowImage RemovedSession data is no longer stored in the database. You can find it on the filesystem at /open-audit/writeable/session/

We are incredibly proud of what we have achieved with this release, even if outwardly not a lot is visible. High five

Going forward this will enable us to improve the code and add new features at a much faster pace - and we have some ideas for killer features. Stay tuned for those. My lips are sealed


Upgrading From an Unsupported Distribution

This is not difficult. Perform the below steps to upgrade from (say) Centos 7 to Debian 12.

On your new server, install a new distribution of your choice (from our new list of supported ones as above). You will need SSH on this machine.

On your new server, install Open-AudiT v5.0.0 as per a regular fresh install.

On your new server, verify it is working (you can get to the GUI and log in).

On your original Open-AudIT server, take a backup of the database. Note you may need to substitute your MySQL root user password if it is not the default).

Code Block
mysql -u root -popenauditrootuserpassword -e "DELETE FROM oa_user_sessions;"
mysqldump -u root -popenauditrootuserpassword --extended-insert=FALSE --routines openaudit > /tmp/openaudit.sql

On your new server, copy the database backup from the original server along with a couple of other directories. Run the below (obviously substitute the items in CAPITAL letters).

Code Block
scp YOUR_USERNAME@ORIGINAL_OPEN_AUDIT_SERVER:/tmp/openaudit.sql /usr/local/open-audit/
scp YOUR_USERNAME@ORIGINAL_OPEN_AUDIT_SERVER:/var/www/html/open-audit/custom_images/* /usr/local/open-audit/public/custom_images/
scp YOUR_USERNAME@ORIGINAL_OPEN_AUDIT_SERVER:/usr/local/open-audit/code_igniter/application/attachments/* /usr/local/open-audit/app/Attachments/

On your new server, restore the database.

Code Block
cd /usr/local/open-audit
mysql -u root -popenauditrootuserpassword -e "DROP DATABSE openaudit; CREATE DATABASE openaudit;"
mysql -u root -popenauditrootuserpassword openaudit < openaudit.sql

On your new server, log in. You should be asked to upgrade the database. Obviously, please do so.

On your new server, if you're happy, delete the database backup.

Code Block
rm /usr/local/open-audit/openaudit.sql

As a bonus, you now know how to backup and restore your Open-AudIT server going forward. Take a backup of the database and copy the mentioned directories somewhere safe. If the worst case happens, you can spin up a new server and restore the database and directories - easy YesImage Added



VersionTypeCollectionDescription
AllImprovementAllUpdated icons, we now use the Newaita Reborn set. Tango has been awesome, but after about 15 years, it's time for a change!
CommunityImprovementDevicesIn the linux audit script, use systemd-escape for service names.





Example included response

...


Code Block
"included":
{
    "audit_log":
    [
        {
            "debug": "",
            "device_id": "332",
            "devices.name": "heimdall",
            "id": "185",
            "ip": "127.000.000.001",
            "timestamp": "2023-06-26 13:08:23",
            "type": "audit",
            "username": "",
            "version": "4.4.2",
            "wmi_fails": ""
        },
        {
            "debug": "",
            "device_id": "332",
            "devices.name": "heimdall",
            "id": "186",
            "ip": "127.000.000.001",
            "timestamp": "2023-06-26 14:58:38",
            "type": "audit",
            "username": "",
            "version": "4.4.2",
            "wmi_fails": ""
        }
    ],
    "bios": 
    [
        {
            "asset_tag": "",
            "current": "y",
            "date": "12/12/2018",
            "device_id": "332",
            "first_seen": "2023-06-26 13:08:23",
            "id": "31",
            "last_seen": "2023-10-02 20:07:51",
            "manufacturer": "Phoenix Technologies LTD",
            "model": "Phoenix BIOS - Firmware Rev. 6.00",
            "name": "Phoenix BIOS - Firmware Rev. 6.00",
            "revision": "4.6",
            "serial": "VMware-56 4d bd 9b 23 af 49 f8-c7 b4 bc 06 39 fd 99 62",
            "smversion": "2.7",
            "version": "6.00"
        }
    ]
 }

...