Linux md5sum: 9ee450a6addf07c521f7b5fa61ec7421

Linux SHA256: 3380e6043299718f8dde22f33d6f7a07019e962152abb5bbd6d59ceafbb0bc2c

Introduction

The 2.3.1 release is generally available and improves upon the 2.3.0 release which mainly contained the new Clouds and Racks features. Both these features are for Enterprise customers.

With Open-AudIT 2.3.0 and now 2.3.1 we have introduced two queues for limiting the number of concurrent processes. These queues are both tunable using configuration items for "discovery_limit" and "discovery_scan_limit". Normal users should see any difference between the pre 2.3.0 code and now.

Discovery Queue

The discovery queue is used to limit the number of concurrently running discoveries. Note - discoveries, not devices being discovered. In general use we don't recommend more than a few discoveries running concurrently anyway, hence the default limit being set at 20 should not impact users.

Scan Queue

The scan queue is more interesting. The scan items (individual nmap results of each device) sent to the server via a discovery (using the discover_subnet scripts) are placed into a queue and spawn individual processes to process them concurrently (test passwords, retrieve basic info and possibly audit the device). The default number to be concurrently processed is 50. This queue is currently only utilised by Cloud Discovery from within Enterprise, but future plans include using it from a regular discovery.

Discovery Network Address

This configuration item has been made largely redundant in terms of a Discovery. It is still very much valid for script configuration (think "Audit my PC" from the logon page, etc). This is because we have changed discovery to now send the script, run the script AND WAIT FOR OUTPUT, which contains the filename of the generated audit result, which discovery then copies fro the target to itself and processes. This is different to how it previously worked. Previously, the script was copied and started by discovery, which the disconnected and continued on. The target had to submit the discovery result which was then processed by the server in a seperate process (and is why we REQUIRED the network address - how would the target know where to send the result, otherwise?).

As a result, when you now create a discovery, the network address is set to 127.0.0.1 as it is basically not used. It remains for historical purposes, along with backwards compatibility - for now. Future plans are to remove it from discoveries altogether.

The configuration item itself will NOT be removed. It is used on the "Audit My PC" function of the login page and also when you "download" a script using the web interface.

Gui Tweaks

Most pages within Professional / Enterprise have been revised to include appropriate action icons in the top right menu panel. These vary depending on the collection in question. You can mouse over the buttons for textual descriptions. All templates for Professional and Enterprise have been revised to be both more consistent and HTML 5 validated (with the exception of the Baselines templates - stay tuned for those). Some pages now utilise a two column layout. Reading Discoveries and Clouds being the most prominent. On the left are links to data about the item in question. The default is a basic summary about the item. For instance, Discoveries contains a Summary, Details (where you can view and change specific attributes), Devices Discovered. IP Addresses scanned and Logs. A screenshot is below (click for larger image). 

Discovery Logging

Discovery logging has been review to better reflect the item in question and make it more consistent. Any warnings or errors with a device are now shown in Professional / Enterprise on the device details page.