...
Port # | Protocol | Service Name | Connection Initiation | Application | Notes | ||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
N/A | ICMP | ping | Server to Device | Open-AudIT | Discovery - ICMP Message Types 8 and 0 | ||||||
22 | TCP | SSH | Server to Device | Open-AudIT | Discovery | ||||||
23 | TCP | Telnet | Server to Device | Open-AudIT | Discovery | ||||||
25 or 587 | TCP | SMTP | Server to Email Server | Open-AudIT | Scheduled Reports | ||||||
53 | UDP | DNS | Server to DNS Server | Open-AudIT | Discovery | ||||||
53 | TCP | DNS | Server to DNS Server | Open-AudIT | Discovery | 80 | TCP | HTTP | Device to Server | Open-AudIT | Upload of audit result |
80 | TCP | HTTP | Server to Device | Open-AudIT | Discovery | ||||||
135 | TCP | WMI | Server to Device | Open-AudIT | Discovery | ||||||
139 | TCP | File and Print Sharing | Server to Device | Open-AudIT | Discovery | ||||||
161 | UDP | SNMP | Server to Device | Open-AudIT | Discovery | 443 | TCP | HTTPS | Server to Device | Open-AudIT | Discovery |
443 | TCP | HTTPS | Device to Server | Open-AudIT | Upload of audit result | ||||||
445 | TCP | File and Print Sharing | Server to Device | Open-AudIT | Discovery | 445 | TCP | Active Directory | Server to AD Controller | Open-AudIT | Authentication and Discovery |
49152-65535 | TCP | WMI / AD | Server to Device | Open-AudIT | Discovery - MS Server 2008 and above, MS Vista and above targets | ||||||
1025-5000 | TCP | WMI / AD | Server to Device | Open-AudIT | Discovery - MS 2000, XP, 2003 targets |
...
Port # | Protocol | Service Name | Connection Initiation | Application | Notes | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
N/A | ICMP | ping | Server to Device | Open-AudIT | Discovery - ICMP Message Types 8 and 0 | ||||||||||||
22 | TCP | SSH | Server to Device | Open-AudIT | Discovery 23 | TCP | Telnet | Server to Device | Open-AudIT | ||||||||
Discovery | 25 or 587 | TCP | SMTP | Server to Email Server | Open-AudIT | Scheduled Reports | |||||||||||
53 | UDP | DNS | Server to DNS Server | Open-AudIT | Discovery | ||||||||||||
53 | TCP | DNS | Server to DNS Server | Open-AudIT | Discovery | 80 | TCP | HTTP | Device to Server | Open-AudIT | Upload of audit result | 80 | TCP | HTTP | Server to Device | Open-AudIT | Discovery |
135 | TCP | WMI | Server to Device | Open-AudIT | Discovery | ||||||||||||
139 | TCP | Samba | Server to Device | Open-AudIT | Discovery | ||||||||||||
161 | UDP | SNMP | Server to Device | Open-AudIT | Discovery | ||||||||||||
443 | TCP | HTTPS | Server to Device | Open-AudIT | Discovery | ||||||||||||
443 | TCP | HTTPS | Device to Server | Open-AudIT | Upload of audit result | ||||||||||||
445 | TCP | Samba / RPC | Server to Device | Open-AudIT | Discovery | ||||||||||||
445 | TCP | Active Directory | Server to AD Controller | Open-AudIT | Authentication and Discovery | ||||||||||||
623 | UDP | IPMI | Server to Device | Open-AudIT | Discovery |
Network Management User Traffic for Open-AudIT
...
If you use the optional LDAP Auth, you will likely need the below ports accessible from the Open-AudIT Server to the LDAP server.
OPenLDAP OpenLDAP and Microsoft Active Directory require the same ports.
| Port # | Protocol | Service Name | Connection Initiation | App | Notes |
|---|---|---|---|---|---|
| 389 | TCP | LDAP | Server to LDAP Server | OA | User authentication and/or |
| authorization | |||||
| 636 | TCP | LDAPS | Server to LDAP Server | OA | User authentication and/or |
| authorization |
Optional Collector Server traffic
If you are using Collectors for remote auditing you should consider the following.
| Port # | Protocol | Service Name | Connection Initiation | App | Notes |
|---|---|---|---|---|---|
| 80 | TCP | HTTP | Collector to Server | OA | Not secure. Use HTTPS below instead if required |
| 443 | TCP | HTTPS | Collector to server | OA | Requires HTTPS/TLS setup on the Server to operate. |
Note: You may also wish to consider the day to day administration of the operating system and open-audit configurations on the server e.g. enable ssh access to the device.
Notes
Microsoft’s DCOM/WMI services typically use a large range of random ports to function.
...
The Linux installed version of Open-AudIT does not use remote DCOM/WMI. Instead the Linux Open-AudIT server copies the audit script to the Windows target machine, then asks the Windows target machine to run the script (using RPC on port 445) and submit the result when it’s finished back to the Linux Open-AudIT servercreate an audit result file. The Linux server then copies the file from the target to itself for processing using Samba. Hence, the Linux Open-AudIT server does not require the range of ports open that the Windows Open-AudIT server does.
...