Versions Compared

Old Version 6

changes.mady.by.user Paul McClendon

Saved on

compared with

New Version Current

changes.mady.by.user Paul McClendon

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Table of Contents
maxLevel2
minLevel2

Every environment is different and we understand that. We are often questioned if Open-AudIT is pcidss compliant, can audit in a DMZ (demilitarized zone) or an air gapped network. The answer to all of these questions is yes however, it is a matter of process. This How-To is designed to help you think through this process and assist in implementing Open-AudIT into a variety of complex network environments. Follow the chart and decide which audit methods are most relevant to you and your team and see instructions below on how to accomplish these complex audits.

Image Added

Link A - Audit a computer with no network connectivity

Link B - How to use Active Directory Discovery

Link C - Collector / Server

Link D - Auditing with a Script

Link E - Building your Network Discovery

Auditing with a script

Open-AudIT can perform audits simply with the proper credential set of a device or subnet. In some cases there may be no internet access or it is a remote machine, etc. this is when auditing using a script can come in handy.How to audit a Computer#Auditingusingascript

Auditing using a script (Windows)Auditing using a script

Wiki resource - How to audit a Computer#Auditingusingascript(Windows)

Assuming you have an XAMPPLite install of Open-AudIT on a Microsoft Windows machine.

...

NOTE - To prevent any output to the command window you can set debugging = "0" and run the script with cscript //nologo audit_windows.vbs .

Auditing using a script (Linux / SSH)

Wiki resource - How to audit a Computer#Auditingusingascript(Linux/SSH)

We have unix based (bash. ksh, etc) scripts for Linux, AIX, OSX, Solaris computers.

...

The script has variables that can be set the same as the variables in audit_windows.vbs. You could (for example) dynamically set the $url variable when you run the script by

Code Block
./audit_linux.sh url=http://your_server/open-audit/index.php/input/devices

The variables that are accepted on the command line are: 

...

create_file - Defaults to "y". If set to "y", an XML file will be created and saved as per the audit_windows.vbs script. This file can be manually copied and submitted to the server at a later stage if desired.

Computer with no network connectivity to the Open-AudIT server.

Not every Windows computer will be a simple domain connected machine. Sometimes you may have a server in a DMZ with no network connectivity to the internal network, a machine not on a domain, a standalone machine not networked at all, etc. There are various options to overcome these.

Copy the audit script to a USB drive, go to the remote computer and insert the USB drive. Open a command prompt and navigate to where you copied the script. Run the script and output to an XML file using the command

Code Block
cscript audit_windows strcomputer=. submit_online=n create_file=y

An XML file named COMPUTERNAME_DATE.xml should be created. Close the terminal window. Remove the USB drive and go to a computer with Open-AudIT connectivity. Open the XML file and copy the XML and log in to the Open-AudIT web application and go to menu  -> Manage -> Devices -> Create Devices. You will see options for manually copying and pasting the file contents or uploading the file directly.

Computer not on the domain.

If you can see the computer on the network and it has it's firewall opened to allow remote WMI/VBscript, you can run the audit script using the remote credentials.

Code Block
cscript audit_windows.vbs strcomputer=REMOTE_COMPUTER_NAME struser=REMOTE_DOMAIN/REMOTE_USERNAME strpass=REMOTE_PASSWORD

You may need to substitute the string "workgroup" or the remote computer name for REMOTE_DOMAIN above.

 

...

Can you connect to the server from another server? Yes - Audit normally No - script?

Can your server send audit results to any machine on your network? Yes - normal No - collector server or send info to one ip

Is your machine in a DMZ? Yes - script No - normal

Is your machine on the domain? Yes - normal No - script

Is this an air gapped network? Yes - script No - normal

...

Active Directory discovery

...

How to use Active Directory Discovery

Other Commands

This command

Is this device connected to the internet? Yes - Normal, No - Script

Commands

cscript audit_windows.vbs . submit_online=n create_file=y - will run the audit on the local PC and output the results to a file (in the current directory). The "." can be used in place of the local machine name:

Code Block
cscript audit_windows.vbs . submit_online=n create_file=y

Other helpful resources

What Operating Systems will the audit scripts run on?

How to audit a Computer

How to audit a subnet using a scriptHow to use Active Directory Discovery

Configuring Open-Audit with HTTPS/SSL

...