You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »


Introduction

To Discover a subnet using a script can be useful to setup scheduled Discovery runs. These can be created using the cron scheduler on Linux. The script named discover_subnet_cron.sh is designed for this purpose. You can supply individual arguements on the command line or set them inside the script. Both ways have benefits.

Argument options

If you set the arguments inside the script:

  • Credentials will not appear on the command line or in the cron schedule.
  • Multiple copies of the script can be created with different arguments for each.

If you set the arguments on the command line:

  • Only a single script is required for (potentially) multiple Discovery runs.

The script arguements can be set on the command line by (for example):

./discover_subnet_cron.sh option=value

Argument Types

The script has two basic types of arguements - required and optional.

The required arguments are:

  • openaudit_user, this is the username of a valid Open-AudIT administrator level user (set to 'admin' by default). This is not the unix user running the script.
  • openaudit_pass, the corresponding password for the above user (set to 'password' by default).
  • openaudit_url, this is usually left at the default supplied value (set to 'http://localhost/open-audit/index.php/discovery/discover_subnet' by default).
  • form_local_address, this is the ip address of the Open-AudIT server upon which the Discovery is run. This must be an address visible to remote devices if they are to be audited using an audit script (audit_windows.vbs or audit_linux.sh).
  • form_subnet, this is the nmap style subnet (no default). Valid examples are:
    192.168.0.1 (a single address)"
    192.168.1.2/32 (a single address with mask)"
    192.168.3.0/24 (a 24 bit mask - 192.168.3.0 to 192.168.3.255)"
    198.168.0-255.1-127 (a range of ip addresses)

The optional arguements are:

  • form_snmp_community, the SNMP community string for any devices discovered on this subnet (set to 'public' by default).
  • form_ssh_user, the SSH username for any devices discovered on this subnet (no default).
  • form_ssh_pass, the password for the above SSH user (no default).
  • form_windows_user, the Windows username to be used in this discovery run. This should have local administrator rights on any discovered Windows PCs (no default).
  • form_windows_domain, the Windows domain for the above user (no default).
  • form_windows_password, the Windows password for the above user (no default).
  • debugging, the command line output level. 0 = none, 1 = debug (set to '1' by default).
  • syslog, determines if logs should be written to the standard Open-AudIT logfile (set to 'y' by default).

Even though the credentials are optional, not providing them will limit Discovery to only those that are provided. hence, providing no Windows credentials will prevent an audit script from being run upon any Windows computers, etc.

Example

A valid example to run Discovery on the 192.168.0.1/24 subnet using some defaults would be:

./discover_subnet_cron.sh form_subnet=192.168.0.1/24 form_ssh_username=root form_ssh_pass=rootpass form_snmp_community=snmpsecret form_windows_user=administrator form_windows_password=testpass form_windows_domain=open-audit.com

Cron

Because of file permissions, it may be easiest to set the crontab schedule using root. This is not necessary though and the script can be run (assuming file execute other permission is set) by any valid user.

A valid crontab line to schedule the Discovery job to run at 10am each day would look like:

0 10 * * * /usr/local/open-audit/other/discover_subnet_cron.sh form_subnet=192.168.0.1/24 form_ssh_username=root form_ssh_pass=rootpass form_snmp_community=snmpsecret form_windows_user=administrator form_windows_password=testpass form_windows_domain=open-audit.com

As previously stated, the options above may be set in a copy fo the script which can be copied and renamed as required.

Logging

Once a discovery job has been run, an entry into the standard Open-AudIT log will be created. This is viewable by Menu -> Admin -> Log -> View Log, inside Open-AudIT or Menu -> Views -> Log inside Open-AudIT Enterprise. The standard file location is /usr/local/open-audit/other/open-audit.log. Typical entries into the log for a discovery run will look like:

Jul 09 15:05:50 desktop 26496 S:discover_subnet_cron U:mark Discovery for 192.168.0.15 cron job submission
Jul 09 15:05:50 desktop 26496 S:discover_subnet_cron U:mark Discovery for 192.168.0.15 cron job completed

If a submission to the Open-AudIT server fails, you will see an entry such as:

Jul 09 15:05:50 desktop 26496 S:discover_subnet_cron U:mark Discovery for 192.168.0.15 cron job submission
Jul 09 15:05:50 desktop 26496 S:discover_subnet_cron U:mark Discovery for 192.168.0.15 cron job failed wget submission

If any required arguments are not provided, a log line will be created and the script will abort. Example:

Jul 09 15:05:50 desktop 26496 S:discover_subnet_cron U:mark Discovery for 192.168.0.15 cron job submission
Jul 09 15:05:50 desktop 26496 S:discover_subnet_cron U:mark Discovery for 192.168.0.15 cron job failed Subnet to discover not provided

 If debugging is enabled, any lines written to the log file will also be printed to the screen.

 

 

 

 

  • No labels