Versions Compared

Old Version 1

changes.mady.by.user Mark Unwin

Saved on

compared with

New Version Current

changes.mady.by.user Mark Unwin

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.


Excerpt

Released 2014-02-19


LINUX UPGRADERS - PLEASE NOTE. There are now some additional dependencies you will need to install using your package manager. These are screen, ssh-pass and smb-client. Details are in the pre-requisites pages. We also need to install winexe. It is not in repositories, but available for most distributions via the SuSe Build Service. Go to the URL http://download.opensuse.org/repositories/home:/ahajda:/winexe/ and download the relevant package for your distribution. Install it using "sudo dpkg -i PACKAGENAME" (Debian/Ubuntu) or "yum install PACKAGENAME" (RedHat/CentOS) and you should be good to go.

Discovery on a linux based Open-AudIT server will not work without these packages installed.

The big new feature in 1.2 is the new discovery engine. From the web interface, regardless of running Open-AudIT on Windows or Linux, you can audit Windows, audit an Active Directory Domain, audit Linux and SNMP query and nmap discover devices. Discovery will create a Network Group if you provide it a slash separated subnet (ie - 192.168.0.0/24) and that Network Group does not already exist.

...

  1. Accept the required items via a the Discovery web form in Open-AudIT at Menu -> Admin -> Discovery -> Discover Subnet. The items also in that menu for Discover SNMP, Windows , and Linux all use the same functionality as below, but are designed for a single device.
  2. Run a script and Nmap the target subnet to ping scan all ip addresses. For any responding ip addresses, nmap it and test for ports open for WMI, SNMP, SSH, Telnet, HHTP and HTTPS (only SNMP, WMI and SSH are currently actually used). Return the result to Open-AudIT.
  3. Open-AudIT server accepts the result (for an individual ip address). If SNMP is running on the target it will attempt:

        a - To connect using any device specific credentials already stored in Open-AudIT (if they exist).
        b - To connect using the credentials provided via the Discovery web form.
        c - To connect using the default Open-AudIT credentials stored via Menu -> Admin -> Config. 

  4. If Open-AudIT can connect via SNMP it will gather what information it can about the device.
  5. Open-AudIT determines if it has the device in it's database. If not insert it, if so update it. Store the credentials used (if any worked) to access SNMP against the individual device.
  6. If WMI is open and the Open-AudIT server is Windows. Run the audit_windows script against the target.
  7. If WMI is open and the Open-AudIT server is Linux, copy the script to the target and start it.
  8. If Windows audit is successfully started, store credentials used against the individual device.
  9. If SSH is open, copy the script to the target (Linux targets only at the moment) and start it.
  10. If SSH audit is successfully started, store credentials used against the individual device.
  11. Done.

NOTE - Some Linux distributions will not allow (by default) an SSH command to be sent that uses sudo. We rely on the linux audit script being run with root (or sudo) level access. At the present time, the script should still actually run and complete but you will not retrieve all details as you would if you had root (or sudo) access. If you provide the root user, it will work. If you provide a user with sudo access, it will work on Debian/Ubuntu. If you provide a non-root user (even if they have sudo) on RedHat/CentOS, you will receive a reduced audit result (but you should still receive one).

NOTE - On the Discovery web form is a check box to run using "debug". This should only be used to troubleshoot an individual device (or very small subnet - say a device or two) and the web interface will hang until such time as the discovery process is complete. Do not use this in normal operation. It is provided as a convenience only.

Discovery is quite verbose and creates quite a few log lines in (linux) /usr/local/open-audit/other/open-audit.log or (windows) c:\xampplite\open-audit\other\open-audit.log. In order to have "some" management over this file, a new menu item is provided at Menu -> Admin -> Logs -> Purge Log to simply delete the contents of that file. If you find you need to view more lines than are shown in the web interface, simply add /#LINES (ie - /50) to the end of the URL.

You should first setup the default credentials for Open-AudIT in Menu -> Admin -> Config, but you can also provide these on a per Discovery basis.

...

The individual details of changes are below. 



FIX - audit_linux, in network card section of audit_linux script. Model , model and Description description fields were reversed.

FIX - audit_windows, When running audit_windows, correctly rettrieve retrieve the bios Asset asset tag as per reported in the forums.

...