What are the default credentials to log into the web interface?
For Open-AudIT, the following users are set up by default.
| Username | Password | Level | Used For |
|---|---|---|---|
| admin | password | Administrator | default logon |
| nmis | nm1888 | Administrator | For users matching the nmis default user. |
| open-audit_enterprise | openaudit1234567890 | User | List view access on "All Devices" group only. |
You should use the admin or nmis users to log on to the web interface.
For Open-AudIT Enterprise, the admin and nmis users (as above) exist. The open-audit_enterprise user is used internally by Open-AudIT Enterprise to retrieve data from Open-AudIT. If you change the password for this user in Open-AudIT, you should also insert the updated password in the conf/opCommon.nmis file inside Open-AudIT Enterprise. This file will be in c:\omk for Windows or /usr/local/omk for Linux installations.
My AntiVirus is prompting me to deny/allow things.
If you have Anti Virus software running, allowing the services of Opmantek (omkd), Apache (apache2.2) and MySQL (mysql) to auto start and run is essential. These services are used by Open-AudIT. You should only need to do this once. If your Anti Virus program keeps prompting you about Open-AudIT, please post to the forums or send an email to support with the name and version of your Anti Virus software.
Open-AudIT won't accept my password on the Config page
The CodeIgniter PHP framework (by default) will only allow certain characters to be sent via a GET HTTP request. The list of characters it will accept is defined in the /open-audit/code_igniter/application/config/config.php file in the $config['permitted_uri_chars'] variable. You can check this string and add the characters you need to it, or even remove the contents of the string altogether and accept any character via the URL. The CodeIgniter developers do not recommend doing this. It is far better to add the characters you need to the string. The current default value for this variable as per Open-AudIT version 1.2 is -
$config['permitted_uri_chars'] = 'a-z 0-9~%.:|(),_\-!=&[]@*';
How can I add another user to Open-AudIT?
In the Open-AudIT web interface, as an admin user, select the menu item menu -> Users -> Add a User.
Complete at least the username and password fields and allow access to at least one Group.
How can I get some dummy data in Open-AudIT?
There is code in Open-AudIT for generating dummy data, however it is disabled by default.
NOTE - You should not run this function on a database containing valid data.
To enable to dummy data generation, you must edit the file:
Windows - c:\xampplite\open-audit\code_igniter\application\controllers\admin_test.php
Linux - /usr/local/open-audit/code_igniter/application/controllers/admin_test.php
Locate the line that contains redirect('/'); - it should be just below the line function data() {
Comment out the line by placing a hash # at the start of the line.
Now in the Open-AudIT web interface - as an Admin level user - call the URL http://<SERVER>/index.php/admin_test/data or (if you have the Opmantek VM) http://<SERVER>/open-audit/index.php/admin_test/data
It may take a few seconds to return to the homepage, but when it does you should have data for 1,000 devices, multiple locations and organisations in your database.
NOTE - This is dummy data and is not equivalent to a complete "audit" of Windows or Linux computers. The data inserted is very basic and intended as a demonstration only.
To remove the inserted data, you a couple of options (I recommend the second option):
1 - Delete the location and organisations via the web interface, then bulk edit all devices and set their status to "deleted". Once done, to go Admin -> Database -> Database Maintenance and click the delete icon for "All Non Production Devices".
2 - Run the openaudit_mysql.sql script.
On linux, open a shell and type : mysql -u openaudit -popenauditpassword openaudit < /usr/local/open-audit/other/openaudit_mysql.sql
On Windows, open a command prompt and type - c:\xampplite\mysql\bin\mysql -u openaudit -popenauditpassword openaudit < c:\xampplite\mysql\bin\openaudit_mysql.sql
How can I access the Open-AudIT Community application?
The default URL for accessing Open-AudIT Community is http://<SERVER>/index.php/main/list_groups (where <SERVER> is your computer name or IP Address).
NOTE - if you have the Opmantek VM, the URL will be http://<SERVER>/open-audit/index.php/main/list_groups (where <SERVER> is your computer name or IP Address).
Open-AudIT is not displaying discovered devices.
You may need to manually update the Groups to have them populate devices. To do this, go to Menu -> Admin -> Groups -> List Groups and click the 'update' icon next to the group in question. Usually the best place to start is the 'All Devices' group. If this does then display the missing devices, you can run http://<SERVER>/index.php/admin_groups/update_groups - this will update ALL groups within Open-AudIT. Be aware that this may take some time.
An Open-AudIT Community page is not displaying and all I am seeing is a white screen.
If you open the file (for Windows) c:\xampplite\htdocs\index.php or (for Debian/Ubuntu) /var/www/index.php or (for RedHat/Centos) /var/www/html/index.php and then change the line:
define('ENVIRONMENT', 'production');
to
define('ENVIRONMENT', 'development');
You should then have any errors displayed on the web page.
My time is off in Open-AudIT.
This is likely due to PHP not being set to the correct time zone. Go to Menu -> Help -> About and you should see some basic information about your install - including the time zone. If it is not set correctly, check the PHP configuration file. For Windows it is c:\xampplite\php\php.ini Make sure you have your correct time zone on line 1013 (or thereabouts):
date.timezone = "Australia/Brisbane"
This should be set to YOUR timezone as per http://php.net/date.timezone.
I cannot see the details for a particular device in Open-AudIT Enterprise -> System Summary
If you can see a device has been discovered and is being counted on the Dashboard Graph and also appears in the Report for that day, but does NOT show on the System Summary page of Open-AudIT Enterprise, make sure the "status" of the device has not been set to something other than 'production'.
If this status has been set and you wish to view the device in Open-AudIT Enterprise, you will need to activate the 'Non Production Devices' Group (Admin -> Groups -> Activate Group) and assign view basic details rights to the open-audit_enterprise user (Admin -> Users -> List Users -> Edit User) on this Group.
As of version 1.2 of Open-AudIT, this Group is activated by default and the open-audit_enterprise user has been granted view basic details rights.
Testing the OMKD service/daemon is running
If you call the URL below in a browser, you should receive a logon page. Do NOT use this for logging on, only for testing the OMKD (Opmantek) service/daemon is running.
NOTE - you may need to open port 8042 on your servers firewall (if it's running a firewall). This is not normally required to be open, but testing the service from a remote client does require it be accessible.
http://<YOUR_SERVER>:8042/omk/oae
Running Apache on a different port (to the default port 80)
NOTE - This is specifically for the 1.2 release and later.
Running Apache on a port other than 80 is not recommended, but should be able to be accomplished by modifying the files below.
Open-AudIT is installed to c:\xampplite\open-audit on Windows and /usr/local/open-audit on Linux.
Open-AudIT Enterprise is installed to c:\omk on Windows and /usr/local/omk for Linux.
You will need to update the audit scripts "url" variable in the open-audit/other/ directory (both .sh and .vbs scripts). The files audit_linux.sh, audit_osx.sh, audit_subnet.sh, audit_subnet.vbs, audit_windows.vbs will all need changing.
In the configuration for Open-AudIT Enterprise change the file omk/conf/opCommon.nmis and set the oae_server variable to include the changed port number.
Changing the port Apache runs on is differnet for different installations. Some general guidelines are below.
On Debian/Ubuntu, modify the /etc/apache2/port.conf and the /etc/apache2/sites-enabled/000-default files (change the ports contained in them) then reload and restart apache with "service apache2 reload" and "service apache2 restart".
On RedHat/Centos, modify the /etc/httpd/conf/httpd.conf file (change the port contained in the Listen attribute) then restart apache with "/etc/init.d/httpd restart".
On Windows, modify the file c:\xampplite\apache\conf\httpd.conf (change the port contained in the Listen attribute) then restart apache by stopping and starting the apache2.2 Service in the Windows Services control panel item.
You should now be able to navigate to http://<SERVER>:81/ in your browser and get a response.
I cannot start the Apache service on Windows.
Have you checked that another program is not already using port 80? If you start a command prompt and type:
netstat -abn
You should get an output similar to:
C:\>netstat -abnp tcp Active Connections Proto Local Address Foreign Address State TCP 0.0.0.0:80 0.0.0.0:0 LISTENING [httpd.exe] TCP 0.0.0.0:135 0.0.0.0:0 LISTENING RpcSs [svchost.exe] TCP 0.0.0.0:443 0.0.0.0:0 LISTENING [httpd.exe] TCP 0.0.0.0:445 0.0.0.0:0 LISTENING Can not obtain ownership information TCP 0.0.0.0:554 0.0.0.0:0 LISTENING [wmpnetwk.exe] TCP 0.0.0.0:1025 0.0.0.0:0 LISTENING [wininit.exe] TCP 0.0.0.0:1026 0.0.0.0:0 LISTENING eventlog [svchost.exe] TCP 0.0.0.0:1027 0.0.0.0:0 LISTENING Schedule [svchost.exe] TCP 0.0.0.0:1028 0.0.0.0:0 LISTENING [lsass.exe] TCP 0.0.0.0:1029 0.0.0.0:0 LISTENING [services.exe] TCP 0.0.0.0:1030 0.0.0.0:0 LISTENING PolicyAgent [svchost.exe] TCP 0.0.0.0:2869 0.0.0.0:0 LISTENING Can not obtain ownership information TCP 0.0.0.0:3306 0.0.0.0:0 LISTENING [mysqld.exe] TCP 0.0.0.0:3389 0.0.0.0:0 LISTENING CryptSvc [svchost.exe] TCP 0.0.0.0:5357 0.0.0.0:0 LISTENING Can not obtain ownership information TCP 0.0.0.0:8042 0.0.0.0:0 LISTENING [opmantek_server.exe] TCP 0.0.0.0:10243 0.0.0.0:0 LISTENING Can not obtain ownership information TCP 192.168.0.86:139 0.0.0.0:0 LISTENING Can not obtain ownership information TCP 192.168.0.86:2869 192.168.0.1:3115 TIME_WAIT
Look for a program using port 80. In this case, note the output
TCP 0.0.0.0:80 0.0.0.0:0 LISTENING [httpd.exe]
That indicates port 80 is being used by the executable httpd.exe (in this case, Apache). You should not see any entries using :80.
If there is another program using port 80 either stop and remove it, change it's port (if possible) or install Open-AudIT on another machine.