If you are using https for UPDATE - The below applies to Open-AudIT , you will need to manually edit the files /usr/local/omk/bin/open-audit_tasks.[sh|vbs]. You will need to update the URL to reflect the https prefix. To use https, there is a line below that should be uncommented, and the regular line commented out. that's all there is to it.
Default regular line
| Code Block |
|---|
curl -s -o /dev/null --data "" "http://localhost/omk/open-audit/tasks/execute" >/dev/null 2>&1 |
Commented out line
| Code Block |
|---|
# curl -s -o /dev/null --insecure --data "" "https://localhost/omk/open-audit/tasks/execute" >/dev/null 2>&1 |
versions prior to 5.0.0 As at 5.0.0, Open-AudIT is "just another website" in terms of HTTP / HTTPS. There is no configuration of Open-AudIT required for HTTPS.
Open-AudIT works perfectly fine using HTTPS. But - there's always a but... We do require http traffic be allowed from localhost / 127.0.0.1. This is for Open-AudIT to spawn more processes when discovery runs and for task execution (well, task checking for execution). As the traffic is localhost only, it never actually hits the network interface, so is never at risk of being eavesdropped upon. We also do not use these connections to send any sensitive information. They are purely to tell Open-AudIT "check if any tasks need running" or "start another discovery thread".
If your security group insists that http be disabled from absolutely everywhere (including localhost), Opmantek is always will to assist a supported customer achieve this. Having said that:
- The onus and burden of maintaining the required changes after each upgrade will fall to you.
- This work may be chargeable.
- There is no security benefit to disabling localhost http.
Configuring https is an exercise left to your System Administrator as no code or configuration changes are required in the Open-AudIT application itself.
If you are usign a self-signed certificate, edit the file -
Windows c:\omk\conf\opCommon.json
Linux - The config option oae_server located in /usr/local/omk/conf/opCommon.nmis under the openauditenterprise section will also need to be changed. The default value for this is http://127.0.0.1/open-audit/ and changing this to https://127.0.0.1/open-audit/ will allow use of https.
After these values are changed perform a omkd restart:
| Code Block |
|---|
service omkd restart |
json
In the omkd section find (or add if it's not there) omk_ua_insecure and set it to 1.
Restart the daemon for it to take effect -
Windows - restart the task in the task scheduler.
Linux - sudo systemctl restart omkdWhen creating a Discovery, but sure to select the https URL or if it does not appear, select Other, then manually enter the correct URL.