| Table of Contents |
|---|
Introduction
As at version 1.12.8, Open-AudIT can now retrieve details about a file or directory of files and monitor these files for changes as per other attributes in the Open-AudIT database.
...
To create an entry to track either a single file or a directory of files, use Open-AudIT Enterprise and go to menu: Discover-> Views Files -> Create Files and click the Create button.
Create . Create a file by providing values for the path (either the file or a directory with a trailing slash) and an optional description. Click Submit.
Once Once you have created the file you will see it appear in the list at menu Discover -> Views Files -> List Files.
An entry will be create in the Open-AudIT database, in the "files" table.
Viewing File Details
File details will appear under the "Settings" menu item for a device. They are displayed as below. This is from a Linux machine using our /etc/init.d/ entry from earlier.
Go to menu: Discover -> Files -> List Files.
Database Schema
The schema for the database is below. It can also be found in the application if the user has database::read permission by going to menu: Admin -> Database -> List Tables, then clicking on the "files" table.
| Code Block | ||||
|---|---|---|---|---|
| ||||
CREATE TABLE `files` (
`id` int(10) unsigned NOT NULL AUTO_INCREMENT,
`name` varchar(200) NOT NULL DEFAULT '',
`org_id` int(10) unsigned NOT NULL DEFAULT '1',
`path` text NOT NULL,
`description` text NOT NULL,
`edited_by` varchar(200) NOT NULL DEFAULT '',
`edited_date` datetime NOT NULL DEFAULT '2000-01-01 00:00:00',
PRIMARY KEY (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8; |
Example Database Entry
Files are stored in the database in the "files" table. A typical The database entry will look as below (for a single file).
id: 48...
| Code Block | ||||
|---|---|---|---|---|
| ||||
id: 48 system_id: 8 |
...
current: y |
...
first_seen: 2016-08-04 00:56:35 |
...
last_seen: 2016-08-04 00:56:35 |
...
files_id: NULL |
...
name: single |
...
full_name: /etc/init.d/single |
...
size: 590 |
...
directory: /etc/init.d |
...
hash: 27579d05edbd1b71307d2059a6c3370a00823c54 |
...
last_changed: 2014-03-13 11:33:14 |
...
meta_last_changed: 2014-08-22 17:42:38 |
...
permission: 755 |
...
owner: root |
...
group: root |
...
type: version: ...
type: version: inode: 5374232 |
Enabling the Feature Under Windows
...
Navigate to the Service list.
Double click the apache 2.2 service.
Click the tab for logon and then click the "this account" option. You might want to click the Browse button and search for the account. Click OK and then restart the service.
Apache will now be running under an account with network access and Open-AudIT will now be able to copy the audit script to the target Windows machine and run it, hence retrieving file details.
...
You can access the /files collection using the normal Open-AudIT JSON based API. Just like any other collection. Please see the API documentation for further details.
API Routes
| Request Method | ID | Action | Resulting Function | URL Example | Notes | Example Response |
|---|---|---|---|---|---|---|
| GET | n |
| collection | /files | Returns a list of files. | files_collection.json | |
| GET | y |
| read | /files/{id} | Returns a file's details. | files_read.json | ||
| PATCH | y |
| update | /files/{id} | Update an attribute of a file entry. |
| files_patch.json | |
| POST | n |
| create | /files | Insert a new file entry. | files_create.json | ||
| DELETE | y | delete | /files/{id} | Delete a file entry. |
| files_delete.json |
Web Application Routes
Only available under Open-AudIT Enterprise
| Request Method | ID | Action | Resulting Function | URL Example | Notes |
|---|---|---|---|---|---|
| GET | n | create | create_form | /files/create | Displays a standard web form for submission to POST /files. |
| GET | y | update | update_form | /files/{id}/update | Show the script details with the option to update attributes using PATCH to /files/{id} |
...