Child pages
  • Open-AudIT FAQ

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Table of Contents
maxLevel2
minLevel2

What are the default credentials to log into the web interface?

For Open-AudIT, the following users are set up by default.

UsernamePasswordLevelUsed For
adminpasswordAdministratordefault logon
nmisnm1888AdministratorFor users matching the nmis default user.
open-audit_enterpriseopenaudit1234567890UserList view access on "All Devices" group only.

You should use the admin or nmis users to log on to the web interface.

For Open-AudIT Enterprise, the admin and nmis users (as above) exist. The open-audit_enterprise user is used internally by Open-AudIT Enterprise to retrieve data from Open-AudIT. If you change the password for this user in Open-AudIT, you should also insert the updated password in the conf/opCommon.nmis file inside Open-AudIT Enterprise. This file will be in c:\omk for Windows or /usr/local/omk for Linux installations.

My AntiVirus is prompting me to deny/allow things.

If you have Anti-Virus software running, allowing the services of Opmantek (omkd), Apache (apache2.2) and MySQL (mysql) to auto start and run is essential. These services are used by Open-AudIT. You should only need to do this once. If your Anti-Virus program keeps prompting you about Open-AudIT, please post to the forums or send an email to support with the name and version of your Anti-Virus software.

Open-AudIT won't accept my password on the Config page

The CodeIgniter PHP framework (by default) will only allow certain characters to be sent via a GET HTTP request. Unfortunately, password values tend to contain abnormal characters. The list of characters it will accept is defined in the /open-audit/code_igniter/application/config/config.php file in the $config['permitted_uri_chars'] variable. You can check this string and add the characters you need to it, or even remove the contents of the string altogether and accept any character via the URL. The CodeIgniter developers do not recommend doing this. It is far better to add the characters you need to the string. The current default value for this variable as per Open-AudIT version 1.2 is -

Code Block
languagephp
$config['permitted_uri_chars'] = 'a-z 0-9~%.:|(),_\-!=&[]@*';

How can I add another user to Open-AudIT?

In the Open-AudIT web interface, as an admin user, select the menu item menu -> Manage -> Users -> Add a User.

Complete at least the username and password fields assign at least one Role and provide access to at least one Organization.

How can I access the Open-AudIT Community application?

The default URL for accessing Open-AudIT Community is http://<SERVER>/open-audit/index.php/ (where <SERVER> is your computer name or IP Address).

If you have installed on Windows, in your Start Menu you will see entries for both Open-AudIT Enterprise and Open-AudIT.

There are icons in both Community and Enterprise to switch between applications. Both icons are in the top right of the page, as below (click for larger images).

Professional / Enterprise

Community

Discovery has stopped working

If you are running a RedHat or Centos system and you have upgraded Nmap, please reset the SUID on the binary by

Code Block
languagebash
chmod u+s /usr/bin/nmap

An Open-AudIT Community page is not displaying and all I am seeing is a white screen.

If you open the file (for Windows) c:\xampplite\htdocs\open-audit\index.php or (for Debian/Ubuntu) /var/www/open-audit/index.php or (for RedHat/Centos) /var/www/open-audit/html/index.php and then change the line:

Code Block
languagephp
define('ENVIRONMENT', 'production');

to

Code Block
languagephp
define('ENVIRONMENT', 'development');

You should then have any errors displayed on the web page.

My time is off in Open-AudIT.

This is likely due to MySQL time being off. MySQL typically uses the host devices time. You can check this by:

Windows

Code Block
c:\xampplite\mysql\bin\mysql.exe -u openaudit -popenauditpassword -e "SELECT NOW() as `timestamp`;"

Linux

Code Block
mysql -u openaudit -popenauditpassword -e "SELECT NOW() as `timestamp`;"

I cannot see the details for a particular device in Open-AudIT Enterprise -> System Summary

If you can see a device has been discovered and is being counted on the Dashboard Graph and also appears in the Report for that day, but does not show on the Devices list page of Open-AudIT, make sure the "status" of the device has not been set to something other than 'production'. 

Testing the OMKD service/daemon is running

If you call the URL below in a browser, you should receive a login page. Do NOT use this for logging on, only for testing the omkd (Opmantek) service/daemon is running.

NOTE - you may need to open port 8042 on your server's firewall (if it's running a firewall). This is not normally required to be open, but testing the service from a remote client does require it be accessible.

Code Block
languagehtml/xml
http://<YOUR_SERVER>:8042/omk/open-audit

Running Apache on a different port (to the default port 80)

Running Apache on a port other than 80 is not recommended, but should be able to be accomplished by modifying the files below.

Open-AudIT is installed to c:\xampplite\open-audit on Windows and /usr/local/open-audit on Linux.

Open-AudIT Enterprise is installed to c:\omk on Windows and /usr/local/omk for Linux.

You will need to update the audit scripts "url" variable in the open-audit/other/ directory (both .sh and .vbs scripts). The files audit_linux.sh, audit_osx.sh, audit_subnet.sh, audit_subnet.vbs, audit_windows.vbs will all need changing.

In the configuration for Open-AudIT Enterprise change the file omk/conf/opCommon.nmis and set the oae_server variable to include the changed port number.

Changing the port Apache runs on is differnet for different installations. Some general guidelines are below.

On Debian/Ubuntu, modify the /etc/apache2/port.conf and the /etc/apache2/sites-enabled/000-default files (change the ports contained in them) then reload and restart apache with "service apache2 reload" and "service apache2 restart".

On RedHat/Centos, modify the /etc/httpd/conf/httpd.conf file (change the port contained in the Listen attribute) then restart apache with "/etc/init.d/httpd restart".

On Windows, modify the file c:\xampplite\apache\conf\httpd.conf (change the port contained in the Listen attribute) then restart apache by stopping and starting the apache2.2 Service in the Windows Services control panel item.

You should now be able to navigate to http://<SERVER>:81/ in your browser and get a response.

I cannot start the Apache service on Windows.

Have you checked that another program is not already using port 80? If you start a command prompt and type:

Code Block
languagepowershell
netstat -abn

You should get an output similar to:

Code Block
C:\>netstat -abnp tcp

Active Connections

Proto Local Address Foreign Address State
TCP 0.0.0.0:80 0.0.0.0:0 LISTENING
[httpd.exe]
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING
RpcSs
[svchost.exe]
TCP 0.0.0.0:443 0.0.0.0:0 LISTENING
[httpd.exe]
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING
Can not obtain ownership information
TCP 0.0.0.0:554 0.0.0.0:0 LISTENING
[wmpnetwk.exe]
TCP 0.0.0.0:1025 0.0.0.0:0 LISTENING
[wininit.exe]
TCP 0.0.0.0:1026 0.0.0.0:0 LISTENING
eventlog
[svchost.exe]
TCP 0.0.0.0:1027 0.0.0.0:0 LISTENING
Schedule
[svchost.exe]
TCP 0.0.0.0:1028 0.0.0.0:0 LISTENING
[lsass.exe]
TCP 0.0.0.0:1029 0.0.0.0:0 LISTENING
[services.exe]
TCP 0.0.0.0:1030 0.0.0.0:0 LISTENING
PolicyAgent
[svchost.exe]
TCP 0.0.0.0:2869 0.0.0.0:0 LISTENING
Can not obtain ownership information
TCP 0.0.0.0:3306 0.0.0.0:0 LISTENING
[mysqld.exe]
TCP 0.0.0.0:3389 0.0.0.0:0 LISTENING
CryptSvc
[svchost.exe]
TCP 0.0.0.0:5357 0.0.0.0:0 LISTENING
Can not obtain ownership information
TCP 0.0.0.0:8042 0.0.0.0:0 LISTENING
[opmantek_server.exe]
TCP 0.0.0.0:10243 0.0.0.0:0 LISTENING
Can not obtain ownership information
TCP 192.168.0.86:139 0.0.0.0:0 LISTENING
Can not obtain ownership information
TCP 192.168.0.86:2869 192.168.0.1:3115 TIME_WAIT

Look for a program using port 80. In this case, note the output 

TCP 0.0.0.0:80 0.0.0.0:0 LISTENING
[httpd.exe]

That indicates port 80 is being used by the executable httpd.exe (in this case, Apache). You should not see any entries using :80.

If there is another program using port 80 either stop and remove it, change it's port (if possible) or install Open-AudIT on another machine.

Skype uses port 80 by default. If it gets in first it prevents Apache using port 80. Completely exit Skype (on a Windows 7 machine you need to go to the taskbar and right click/quit the Skype icon) and then start the Apache service. You can then restart Skype and it will use another port. Alternatively force Skype to not use port 80 and 443: In Skype | options | advanced | connection untick the "use port 80 and 443 as alternatives for incoming connections". This should also solve the problem.

Trying to log into Open-Audit Enterprise but keep getting placed into the Community edition.

Some users may run into the issue of being unable to access Open-Audit Enterprise features even though they are licensed for it. This could be an issue with http redirect causing problems for the communication between Open-Audit Enterprise and Open-Audit itself. This is controlled by the config option oae_server located in /usr/local/omk/conf/opCommon.nmis under the openauditenterprise section. The default value for this is http://127.0.0.1/open-audit/ and changing this to https://127.0.0.1/open-audit/ will resolve this issue in many cases.