If you are having issues auditing a Windows PC, see our page that specifies the client configuration and provides some hints for configuration, here - Target Client Configuration.
To do this, go to the Open-AudIT logon page at http://YOUR-SERVER/omk/open-audit (but do not log in) using your browser on a Windows PC. You should see a page as below. Click the "Audit My PC" button and run the script. You should see your computer being audited and the data should be posted to the Open-AudIT server.
You should now be able to log in and see the details from your Windows PC.
First, ensure you have added the credentials for this device in Discover -> Credentials -> Create Credentials.
Then go to Discover -> Discoveries -> Create Discoveries. You will see the below form.
If you have set the "Local Network Address" in the config (Menu -> Admin -> Community -> Discovery Configuration) the Network Address will be pre-populated. This should be the URL of your Open-Audit server. You can use HTTPS if preferred (and you have installed a SSL certificate).
Add the IP address of the target computer.
Click the "Submit" button and you will be directed to the Discovery list page. Click the Execute button and the Discovery will start and you will be directed to the Discovery details page.
Assuming you have an XAMPP install of Open-AudIT on a Microsoft Windows machine.
Copy the file c:\xampp\open-audit\other\audit_windows.vbs to a suitable location. Do not remove this file from it's original location as it is needed by the web interface.
You can also download the scripts using the GUI by going to menu → Discover → Scripts → List Scripts, and choosing the download button on the right side.
Open your copy of audit_windows.vbs in a text editor. Check the following variables are set as below:
Open a command prompt and run the script with cscript audit_windows.vbs. Do not double click the script to run it as this will use wscript instead of cscript and spawn many popup windows.
It should run and post the result to the database. Go back to your web browser and load Open-AudIT. You should have a group or two created. Go into one of them and click the machine name. You should see the machine details.
NOTE - To prevent any output to the command window you can set debugging = "0" and run the script with cscript //nologo audit_windows.vbs .
We have unix based (bash. ksh, etc) scripts for Linux, AIX, OSX, Solaris computers.
You can download the scripts using the GUI by going to menu → Discover → Scripts → List Scripts, and choosing the download button on the right side.
To use the Unix audit script located at /usr/local/open-audit/other/audit_linux.sh:
The script has variables that can be set the same as the variables in audit_windows.vbs. You could (for example) dynamically set the $url variable when you run the script by:
chmod 777 audit_linux.sh sudo ./audit_linux.sh url=http://your_server/open-audit/index.php/input/devices submit_online=y create_file=n |
The variables that are accepted on the command line are:
submit_online - Defaults to "n". If set to "y" it will submit the audit result to the URL as specified by the url variable.
create_file - Defaults to "y". If set to "y", an XML file will be created and saved as per the audit_windows.vbs script. This file can be manually copied and submitted to the server at a later stage if desired.
Sample output on the console when the script has been run.
mark@dev:/usr/local/open-audit/other$ sudo ./audit_linux.sh url=http://your_server/open-audit/index.php/input/devices submit_online=y create_file=n
[sudo] password for mark:
Starting audit
----------------------------
Open-AudIT Linux audit script
Version: 4.3.0
----------------------------
My PID is 13869
Audit Start Time 2021-11-26 13:22:33
Create File y
Submit Online n
Debugging Level 2
Discovery ID
Org Id
Script Name audit_linux.sh
URL http://your_server/open-audit/index.php/input/devices
File /usr/local/open-audit/other/dev-20211126132233.xml
----------------------------
System Info
USB Info
Policy Info
BIOS Info
Processor Info
Memory Info
Motherboard Info
Optical Drives Info
Video Cards Info
Sound Cards Info
Shares Info
Network Cards Info
Hard Disk Info
Guest (Docker, Proxmox, LXC) Info
Docker Info
Log Info
Environment Variable Info
Swap Info
User Info
Group Info
Software Info
Service Info
systemd services
upstart services
init.d services
Server Info
apache
mysql
mongo
Server Items
mysql using /etc/mysql/my.cnf
mariadb using /etc/mysql/mariadb.conf.d
apache using apachectl for VirtualHosts
mongod using /etc/mongod.conf
Certificate Info
Route Info
Netstat Info
Custom Files Info
Audit Generated in '17' seconds.
Submitting results to server using cURL
URL: http://your_server/open-audit/index.php/input/devices
Audit Completed in '47' seconds.
|
All variables can be passed via the command line at run time. You don't need to create one audit script for each different (say) set of remote user credentials. A couple of examples -
The command line arguments are as follows, variable [default] (valid options):
| Variable | Description |
|---|---|
| create_file [n] (y|n) | create a text file names COMPUTERNAME_YYYYMMDDHHMMSS.xml in the directory the audit script is run. |
| debugging [1] (0-3) | Verbosity of the output to the command line. Set to "0" for no output. |
| ldap [] (string) | This value is passed in when running the audit_domain script. Only set this value if your audit host is on a different domain than audit targets and you are not using audit_domain.vbs - IE, you are running "cscript audit_windows.vbs COMPUTER" where COMPUTER is on a separate domain than the PC you are running the command on. This would then apply to ALL systems audited like this. This would be the exception rather than the rule. |
| org_id [] (org_id) | If set the PC will be automatically assigned to the organisation. Get the organisation id by using the web interface. |
| ping_target [n] (y|n) | Attempt to ping the target PC before attempting to audit it. |
| self_delete [n] (y|n) | Delete the audit script itself upon completion. |
| skip_printer [n] (y|n) | Do not attempt to retrieve any printer details. |
| skip_software [n] (y|n) | Do not attempt to retrieve any installed software details. |
| skip_dns [n] (y|n) | Do not attempt to retrieve any DNS details. |
| skip_mount_point [n] (y|n) | Do not attempt to retrieve mount point details. |
| strcomputer [.] (string) | The name of the target PC. "." means the local PC on which the script is running. |
| struser [] (string) | Should be of the format DOMAIN/USERNAME. Runs the script against the target PC using these credentials. |
| strpass [] (string) | Runs the script against the target PC using these credentials. |
| submit_online [y] (y|n) | Submit the audit result to the webserver upon completion. |
| url [http://localhost/open-udit/index.php/input/devices] (string) | The URL of the Open-AudIT server to submit the audit to. The variable submit_online must be set to "y". |
| use_proxy [n] (y|n) | Unused at present. |
| windows_user_work_1 [physicalDeliveryOfficeName] (string) | The Active Directory attribute to use as a first preference to determining the target PCs user work unit. |
| windows_user_work_2 [company] (string) | The Active Directory attribute to use as a second preference to determining the target PCs user work unit. |
| details_to_lower [y] (y|n) | Details like domain, hostname, username, etc are usually set to lower case for consistency. If you would like these kept as retrieved, set to "n". |
Not every Windows computer will be a simple domain connected machine. Sometimes you may have a server in a DMZ with no network connectivity to the internal network, a machine not on a domain, a standalone machine not networked at all, etc. There are various options to overcome these.
Copy the audit script to a USB drive, go to the remote computer and insert the USB drive. Open a command prompt and navigate to where you copied the script. Run the script and output to an XML file using the command
cscript audit_windows.vbs submit_online=n create_file=y
An XML file named COMPUTERNAME_DATE.xml should be created. Close the terminal window. Remove the USB drive and go to a computer with Open-AudIT connectivity. Open the XML file and copy the XML and log in to the Open-AudIT web application and go to menu -> Manage -> Devices -> Create Devices. You will see options for manually copying and pasting the file contents or uploading the file directly.
If you can see the computer on the network and it has it's firewall opened to allow remote WMI/VBscript, you can run the audit script using the remote credentials.
cscript audit_windows.vbs strcomputer=REMOTE_COMPUTER_NAME struser=REMOTE_DOMAIN/REMOTE_USERNAME strpass=REMOTE_PASSWORD
You may need to substitute the string "workgroup" or the remote computer name for REMOTE_DOMAIN above.
You can copy the audit script to the target computer and set it to run on a scheduled task and submit the result to the Open-AudIT server.