Every environment is different and we understand that. We are often questioned if Open-AudIT is pcidss compliant, can audit in a DMZ (demilitarized zone) or an air gapped network. The answer to all of these questions is yes however, it is a matter of process. This How-To is designed to help you think through this process and help you implement assist in implementing Open-AudIT into a mix variety of complex network environments.
Auditing with a script
Open-AudIT can perform audits simply with the proper credential set of a device or subnet. In some cases there may be no internet access or it is a remote machine, etc. this is when auditing using a script can come in handy.
How to audit a Computer#Auditingusingascript(Windows)
Auditing using a script (Windows)
Assuming you have an XAMPPLite install of Open-AudIT on a Microsoft Windows machine.
...
NOTE - To prevent any output to the command window you can set debugging = "0" and run the script with cscript //nologo audit_windows.vbs .
Auditing using a script (Linux / SSH)
We have unix based (bash. ksh, etc) scripts for Linux, AIX, OSX, Solaris computers.
...
create_file - Defaults to "y". If set to "y", an XML file will be created and saved as per the audit_windows.vbs script. This file can be manually copied and submitted to the server at a later stage if desired.
Computer with no network connectivity to the Open-AudIT server.
Not every Windows computer will be a simple domain connected machine. Sometimes you may have a server in a DMZ with no network connectivity to the internal network, a machine not on a domain, a standalone machine not networked at all, etc. There are various options to overcome these.
...
An XML file named COMPUTERNAME_DATE.xml should be created. Close the terminal window. Remove the USB drive and go to a computer with Open-AudIT connectivity. Open the XML file and copy the XML and log in to the Open-AudIT web application and go to menu -> Manage -> Devices -> Create Devices. You will see options for manually copying and pasting the file contents or uploading the file directly.
Computer not on the domain.
If you can see the computer on the network and it has it's firewall opened to allow remote WMI/VBscript, you can run the audit script using the remote credentials.
...
You may need to substitute the string "workgroup" or the remote computer name for REMOTE_DOMAIN above.
Flow questions for chart
Can you connect to the server from another server? Yes - Audit normally No - script?
...
Is this an Active Directory discovery? Yes see link No - normal
Is this device connected to the internet? Yes - Normal, No - Script
Commands
cscript audit_windows.vbs . submit_online=n create_file=y - will run the audit on the local PC and output to a file (in the current directory). The "." can be used in place of the local machine name.
Other helpful resources
What Operating Systems will the audit scripts run on?
...