I've written a How-to to help myself with disaster recovery. Someone else may find it helpful, so I've posted it below using the "code" designation to maintain formatting.
[code]Installing Open-AudIT
Table of Contents
Preface
1. Installation of PHP
Manual Installation Steps Set Up a Valid Configuration File For PHP Enable Necessary Extensions Set the Environment for PHP Microsoft Internet Information Server IIS
2. Installation of MySQL
Download Install Configure
3. Verifying the Installation
PHPINFO Error Reporting
4. Download and install Open-AudIT
Release Version SVN Version SVN Client Copy Files to doc_root
5. Configuration of Open-AudIT Config File Permissions Setup
6. Auditing a Computer Available Options in Audit.config Running an Audit
7. Access Control (optional)
Create a Group to Contain Authorized Users Revoke rights Grant Access rights to Groups Grant Access Rights for Audit Restrict Configuration Changes Configure IIS to Use Authentication
8. Database Maintenance Backup of the MYSQL Database Restore of a MYSQL Database Optimize Database Manage MYSQL Users
9. Miscellanous Fixes and customizations _____________________________________________________________________
Preface
This installation is specific to installation of Open-AudIT on the Windows Server 2003 SE SP2 platform running Internet Informattion Server (IIS). Open-AudIT SVN 748 was used in making this guide.
You will need to have a fully functional IIS web server before continuing. If you haven't installed IIS, go to Control Panel --> Add or Remove Programs --> Add/Remove Windows COmponents then check Application Server and click next. _____________________________________________________________________
Chapter 1. Installation Of PHP
There are two main ways to install PHP for Windows; either manually or by using the installer. Due to problems encountered with the installer, the manual method is best and is the method discussed here.
Once you have PHP installed on your Windows system, you must enable several of extensions for complete functionality.
Manual Installation Steps
To get started, go to http://www.php.net/downloads.php and download the zip package under Windows Binaries.
Extract the zip to C:\php.
The directory structure extracted from the zip is as follows:
PHP 5 package structure
c:\php | +--dev | | | |-php5ts.lib | +--ext -- extension DLLs for PHP | | | |-php_bz2.dll | | | |-php_cpdf.dll | | | |-.. | +--extras | | | +--mibs -- support files for SNMP | | | +--openssl -- support files for Openssl | | | +--pdf-related -- support files for PDF | | | |-mime.magic | +--pear -- initial copy of PEAR | | |-go-pear.bat -- PEAR setup script | |-fdftk.dll | |-.. | |-php-cgi.exe -- CGI executable | |-php-win.exe -- executes scripts without an opened command prompt | |-php.exe -- CLI executable - ONLY for command line scripting | |-.. | |-php.ini-dist -- default php.ini settings | |-php.ini-recommended -- recommended php.ini settings | |-php5activescript.dll | |-php5apache.dll | |-php5apache2.dll | |-.. | |-php5ts.dll -- core PHP DLL | |-...
Set Up a Valid Configuration File For PHP
The next step is to set up a valid configuration file for PHP, php.ini. There are two ini files distributed in the zip file, php.ini-dist and php.ini-recommended. Use php.ini-recommended, because the default settings in this file are optimized for performance, and security. To make this your active configuration file, rename php.ini-recommended to php.ini.
Note: Make sure that the user running the web server has read permissions to your php.ini. Right-click php.ini and select Properties. In the Security tab make sure that the user group "Users" has Read and Read & Execute permissions to this file. Repeat this step for the C:\PHP directory so the "Users" user group has Read and Read & Execute permissions.
Edit your new php.ini file. Set the doc_root to point to your web servers document_root. For example:
doc_root = "c:\inetpub\wwwroot"
Enable Necessary Extensions
The location of extensions is C:\php\ext. You will need to change the extension_dir setting in your php.ini to point to the this directory. For example:
extension_dir = "C:\php\ext"
Enable the extension(s) in php.ini you want to use by uncommenting the extension=php_*.dll lines in php.ini. This is done by deleting the leading ; from the extension you want to load.
All extensions required by Open-AudIT are included in the binary zip file. You must uncomment the following lines in php.ini in order to load each extension: extension=php_gd2.dll extension=php_ldap.dll extension=php_mysql.dll
Set the Environment for PHP
Set the PHPRC environment variable so PHP can find your php.ini file.
* Go to Control Panel and open Start -> Control Panel -> System * Go to the Advanced tab * Click on the 'Environment Variables' button * Look into the 'System variables' pane. (NOT user variable) * Click on 'New' and enter 'PHPRC' as the variable name and the directory where php.ini is located as the variable value (e.g. C:\php) Modify the Windows PATH environment variable to include the PHP directory. This way the PHP DLL files and PHP executables can all remain in the PHP directory without cluttering up the Windows system directory.
* Add the C:\PHP directory to your system's PATH variable. * Choose Start and right-click My Computer. * From the shortcut menu, select Properties. * On the Properties page, select the Advanced tab. * Click the Environment Variables button. * From the list of System variables double-click the Path variable. * To the end of the Path variable, add ";C:\PHP".(No quotes!) * Restart your server.
PHP is now setup on your system. The next step is to enable IIS to run PHP content.
Microsoft Internet Information Server IIS
PHP should be installed as a ISAPI module. Do the following:
* Go to Control Panel -> Administrative Tools --> Internet Information Services Manager * Right click on your Web server node (this will most probably appear as 'Default Web Site'), and select 'Properties'. * Under ISAPI Filters - Add a new ISAPI filter. Use PHP as the filter name, and supply a path to the php5isapi.dll. * Under 'Home Directory', do the following: - Change the Execute Permissions to 'Scripts only' - Click on the 'Configuration' button, and choose the Application Mappings tab. - Click Add and set the Executable path to the PHP ISAPI DLL C:\php\php5isapi.dll. Supply .php as the extension. - Check the 'Script engine' checkbox. * Now, click OK a few times. * Stop IIS completely (NET STOP iisadmin) * Start IIS again (NET START w3svc)
Add .php as a new Web service extension as follows:
* Go to Control Panel -> Administrative Tools --> * Internet Information Services Manager * Go to Web Service Extensions * Choose "Add a new Web service extension" * enter PHP as the name * Choose the Add button * For the value browse to the ISAPI file php5isapi.dll * Check "Set extension status to Allowed" * Click OK.
Set index.php to be your default content page as follows:
* Go to Control Panel -> Administrative Tools --> Internet Information Services Manager * Right click on your Web server node (this will most probably appear as 'Default Web Site'), and select 'Properties'. * Under the Documents tab, choose Add. Type in index.php * click OK. * Adjust the order so that index.php is at the top by choosing Move Up.
_____________________________________________________________________
Chapter 2. Installation of MySQL
Download
To get started you'll need to go to http://dev.mysql.com/downloads and download MySQL 5.0 Community Server - Generally Available (GA) Release. Get the Windows ZIP/Setup.EXE (x86). Do not download the beta version.
Install
Extract the contents of the zip file to a temporary location and run setup.exe.
* Click Next * Click Typical Setup * Click Install * Click next, next, next * Check Configure the MYSQL Server now * Click Finish
Configure
In the MYSQL Server Instance Configuration Wizard: * Click Next * Choose Standard Configuration and click next * Check "Install as Service" and "Include Bin Directory in Windows Path" * Click Next * Check "Modify Security Settings" and enter a root password * Unselect "Create anonymous account" * Click Next * Click Execute * Click Finish
_____________________________________________________________________
Chapter 3. Verifying the Installation
PHPINFO
At this point you need to verify PHP operation. This involves a test to see if IIS recognizes the .php file extension and is able to load the appropriate dll extensions commented out in the php.ini file.
Using notepad, create a file name php.php and place it in the doc_root folder c:\inetpub\wwwroot. The file should contain the following:
<?php phpinfo(); ?>
On the server hosting IIS, using your browser, go to http://localhost/php.php. The PHP configuration options should be displayed in your browser. Verify that under PHP Core your have GD, LDAP and MYSQL listed. If PHP is configured correctly and these extensions are properly enabled, these extensions will be listed.
Error Reporting
If you have trouble getting the extensions to list properly, enable error reporting to help troubleshooting. To enable error reporting change the following lines in your php.ini.
display_errors = on display_startup_errors = on
_____________________________________________________________________
Chapter 4. Download and install Open-AudIT
Release Version
You can download Open-AudIT from http://sourceforge.net/projects/Open-AudIT using the "Download Open-AudIT" link. The version linked here is the latest release version.
SVN Version
Because Open-AudIT is under development there are several SVN (Subversion) versions available with the latest features and bug fixes. It is recommended that you download the latest SVN in order to take advantage of these additions. To do this you must install an SVN client. Tortoise SVN is the recommended client for Windows. Download it at http://tortoisesvn.net.
SVN Client
Tortoise SVN is a shell extension. You must right click the folder you wish to to download the files to. Select "SVN Checkout." In URL of repository enter the following:
https://Open-AudIT.svn.sourceforge.net/svnroot/Open-AudIT/trunk Click OK. The the trunk files will be saved in the "checkout directory."
Copy Files to doc_root
Copy all files and folders to your doc_root folder c:\inetpub\wwwroot.
It should look something like this:
c:\inetpub\wwwroot | +--openoffice | +--Tutorials | +--backup | +--images -- web graphics | +--images-systems | +--lang -- language files | | +--lib | | | +--ezpdf -- location of classes used for PDF export | +--scripts | | | |-audit.vbs -- VBscript audit file | | | |-audit.conf -- initial copy of audit.vbs config file | |-.. | |-include_config.php | |-index.php | |-admin_pc_add_1.php | |-admin_pc_add_2.php | |-..
Chapter 5. Configuration of Open-AudIT
Once you have downloaded Open-AudIT and copied the files to your doc_root folder, there are several configuration changes that need to be made. Config File Permissions
Permissions need to be set on the configuration files so that the web interface can write to them, otherwise you will get the following error when the setup script checks for write capability:
include_config.php ... Failed. scripts/audit.config ... Failed.
Write permissions should be given to the IUSR_%COMPUTERNAME% user for these two files. By default IUSR_%COMPUTERNAME% has deny write checked. If include_config.php doesn't exist, rename include_config_defaults.php to include_config.php and set permissions as stated. Perform the following steps:
cd c:\inetpub\wwwroot ren include_config_defaults.php include_config.php cacls include_config.php /T /E /G IUSR_%COMPUTERNAME%:W cacls scripts\audit.config /T /E /G IUSR_%COMPUTERNAME%:W
Setup From the server hosting IIS, go to http://localhost and step through the setup process.
When you get to the database setup, be sure to choose "I have Root access to database." Leave default database settings and enter the root password you entered during MYSQL setup. You will also need to create a password for the "openaudit" user. They can be the same.
At the end of the setup process you will click the URL "Click here to enter Open-AudIT!" At this point you should enter and continue with configuration by selecting Admin --> Config from the left hand menu. Here you can customize how information is displayed, as well as configure LDAP support.
The Open-AudIT web site should now be operational. Once you audit your first computer you will begin to see real inventory data.
_____________________________________________________________________
Chapter 6. Auditing a Computer
Audits are performed by running the audit.vbs script. This script gets its configuration parameters from an audit.config file. These two files should be placed in the same directory and may reside on the local hard drive or on a remote share.
Available options in Audit.config
You must configure the audit.config file with the necessary options:
audit_location = "r" "l"ocal or "r"emote depending on whether the machine you are auditing from is the same machine you are posting to (local) or not (remote).
verbose = "y"
If "y" then you can see the results from the audit.vbs script as it does its work. If "n" everything is almost silent.
online = "yesxml"
This can be "yesxml" or "ie" and selects whether we submit the page via Internet explorer, or directly using XMLPOST, I would use yesxml since it doesn't waste the resource of launching ie for every audit. yesxml works for me with 80 or so machines in about ten minutes or so, depending on what else the machines are doing at the time.
strComputer = "" Set this to "." to audit just the local machine, for pretty much any other purpose, set it to ""
ie_visible = "n" only makes sense with online="ie" and lets you see the browser in operation.
ie_auto_submit = "y" Ditto, but selects whether the page submits automatically or waits for user input, I would use "y".
ie_submit_verbose = "n" Does what it says. Submits the ie page with all of the information exposed as it is gathered
ie_form_page = "http://openaudit/openaudit/admin_pc_add_1.php" This is not too obvious, as it can be almost anything. The simplest case is to use http://127.0.0.1/openaudit/admin_pc_add_1.php. This will allow the script to post to the same box as the OA web server is running on. Next we can use an IP address, something like http://192.168.0.4/openaudit/admin_pc_add_1.php. This allows us to post results from a machine other than the web server, AND from the web server. Finally this can me something like http://openaudit.mydomain.com/openaudit/admin_pc_add_1.php. This allows us to post from anywhere so long as our DNS server can resolve openaudit.mydomain.com to the correct IP address and no firewall blocks our traffic (and our web server will accept requests from the IP address running the VBS script of course). (In short this is the page that ie submits to, can be an IP or a machine name followed by the folder within htmlroot on the web server running the OA web pages.)
non_ie_page = "http://openaudit/openaudit/admin_pc_add_2.php"
The page that yesxml submits to, and the page that the ie page calls next, so it has to be valid, see previous description.
nmap_subnet = "192.168.45." ' The subnet you wish to scan
Does what it says, but only used by the nmap script.
nmap_subnet_formatted = "192.168.045." ' The subnet padded with 0's Does what it says, but only used by the nmap script, bit of a fudge, 'cos we should generate this from the above nmap_subnet.
nmap_ie_form_page = "http://openaudit/openaudit/admin_nmap_input.php"
Does what it you think it does, the same as the audit page ie_form_page, but for the nmap script, see previous .. ie_form_page descriptions.
nmap_ie_visible = "n"
Likewise , also for the nmap script.
nmap_ie_auto_close = "y"
Likewise , also for the nmap script.
nmap_ip_start = 1 Start of ip range on subnet chosen above.
nmap_ip_end = 254
End of ip range on subnet chosen above.
input_file = ""
Used to supply a list of PCs and their usernames and passwords, these users must have WMI access rights via the network. Note administrators without passwords will not by default have these rights, do you may have to create a user on each machine for this purpose, or set the local administrator user password. If you are using a domain, use a somain admin user to do this, or better still audit the entire domain using the audit_local_domain option.
email_to = ""
Send failed audit emails to whoever@whateverdomain.whatever.
email_from = "" Send failed audit emails from whoever@whateverdomain.whatever.
email_server = ""
Send failed audit emails to whoever@whateverdomain.whatever, via this mail server, as yet there are no SMTP credentials supplied, so this may not work for a lot of people. You may be able to supply these credentials via your PHP .INI file.
audit_local_domain = "y"
Set this to Audit the domain chosen with the next variable.
local_domain = "LDAP://mydomain.local"
The AD domain to audit.
hfnet = "n"
Use hfnet **experimental** does anybody have this working reliably?
Count = 0
Not sure what this does? Mark?
number_of_audits = 20
Maximum number of audit processes to spawn simultaneously when doing an audit from the domain.
script_name = "audit.vbs" the name for the spawned processes, should always be audit.vbs, but you can add a path if you wish.
monitor_detect = "y"
Adds monitor type, serial number etc to database.
printer_detect = "y"
Adds printer type etc to database.
software_audit = "y"
Audits software as well as hardware.
uuid_type = "uuid"
Changes the key to the database, can be UUID, MAC Address, or System name + Domain.
Running an Audit
Once you have set the configuration options you can run an audit on a single local computer, single remote computer, an entire domain a single OU or on a list provided in a text file.
For these examples remove all nmap_ lines from the config file. NMAP scans are an advanced topic and can be disabled by removing the options from audit.config.
Configure ie_form_page and non_ie_page in audit.config with the correct server information, then make the appropriate changes below depending on the audit type you have chosen. Once you have completed customization of audit.config run "cscript audit.vbs".
Single local computer audit_location = "r" strComputer = "."
Single remote computer audit_location = "r" strComputer = "computername"
entire domain audit_location = "r" strComputer = "" audit_local_domain = "y" local_domain = "LDAP://mydomain.com"
single ou
audit_location = "r" strComputer = "" audit_local_domain = "y" local_domain = "LDAP://ou=myou,dc=mydomain,dc=com"
list provided in a text file
audit_location = "r" strComputer = "" input_file = ""
Audits can be run manually or scheduled on a reoccuring basis.
In a domain environment, you can even store the audit.config and audit.vbs files on a netlogon share and run the "single local computer" audit from a logon script.
cscript %LOGONSERVER%\NETLOGON\audit.vbs
Note: This method may slow logons considerably. _____________________________________________________________________
Chapter 7. Access Control (optional)
Open-AudIT doesn't yet include sufficient access control features. You must use file and folder security permissions to control access if you want to use individual local user accounts or Active Directory user accounts and groups.
Create a Group to Contain Authorized Users
You must first create a group to contain your authorized users. This group can contain local users, domain users or domain groups.
* Go to All Programs --> Administrative Tools --> Computer Management. * Expand Local Users & Groups * Right click Group * Select New Group - For group name enter OPENAUDITWEB - Click Add and select the local or domain users you wish to allow access - Click Create
Revoke rights
You must first revoke access to the "Internet Guest Account" and "Users" group.
cacls c:\inetpub\wwwroot /T /E /R IUSR_%COMPUTERNAME% cacls c:\inetpub\wwwroot /T /E /R USERS
Grant Access Rights to Groups Grant change access to the users you want to allow access to the web site.
cacls c:\inetpub\wwwroot /T /E /G OPENAUDITWEB:C
Grant Access Rights for Audit You must then grant READ permissions to the "Internet Guest Account" for the files used for posting audits to the web site.
cd c:\inetpub\wwwroot cacls admin_pc_add_1.php /T /E /G IUSR_%COMPUTERNAME%:R cacls admin_pc_add_2.php /T /E /G IUSR_%COMPUTERNAME%:R cacls include_config.php /T /E /G IUSR_%COMPUTERNAME%:R cacls include_style.php /T /E /G IUSR_%COMPUTERNAME%:R cacls include_right_column.php /T /E /G IUSR_%COMPUTERNAME%:R cacls admin_nmap_input.php /T /E /G IUSR_%COMPUTERNAME%:R
Restrict Configuration Changes
Revoke access to admin_config.php, database_backup_form.php and database_restore_form.php to prevent Open-AudIT users from making configuration changes. This will keep members of the access group from making modifications to the config via the web. cd c:\inetpub\wwwroot cacls admin_config.php /T /E /R OPENAUDITWEB cacls database_backup_form.php /T /E /R OPENAUDITWEB cacls database_restore_form.php /T /E /R OPENAUDITWEB This will grant users in the local "administrators" group rights to make configuration changes.
cd c:\inetpub\wwwroot cacls admin_config.php /T /E /G Administrators:F cacls database_backup_form.php /T /E /G Administrators:F cacls database_restore_form.php /T /E /G Administrators:F
Configure IIS to Use Authentication You should enable one or more of the following: Integrated Authentication Advanced Digest Authentication Basic Authentication (With SSL)
Integrated Authentication
Integrated Authentication uses (NTLM and Kerberos) to protect the user password with a hash. It's a good option if you don't want to use SSL. Works well with both IE and Firefox.
You must configure Internet Information Services Manager to use it: * Go to Control Panel -> Administrative Tools --> Internet Information Services Manager * Right click on your Web server node (this will most probably appear as 'Default Web Site'), and select 'Properties'. * Under Document Security - Under Authentication and Access Control - Click edit - Check Integrated Windows Authentication Advanced Digest
Advanced Digest protects the user password with a MD5 hash. It's a good option if you don't want to use SSL. A Windows 2003 functional level domain is required. Works well with IE. Firefox doesn't seem to work well with this option. To enable Advanced Digest you must set the USEDigestSSP metabase property to true:
cd c:\inetpub\adminscripts cscript adsutil.vbs set w3svc/UseDigestSSP 1
In addition, you must configure Internet Information Services Manager to use it: * Go to Control Panel -> Administrative Tools --> Internet Information Services Manager * Right click on your Web server node (this will most probably appear as 'Default Web Site'), and select 'Properties'. * Under Document Security - Under Authentication and Access Control - Click edit - Check Digest Authentication for Windows Domain Servers Basic Authentication (With SSL)
Basic Authentication is the least secure but best supported among browsers. Because the password is sent unencrypted, it should only be used in combination with SSL. You must configure Internet Information Services Manager to use it: * Go to Control Panel -> Administrative Tools --> Internet Information Services Manager * Right click on your Web server node (this will most probably appear as 'Default Web Site'), and select 'Properties'. * Under Document Security - Under Authentication and Access Control - Click edit - Check Basic Authentication
You must restart the IIS Service for changes to take effect:
net stop "World Wide Web Publishing Service" net start "World Wide Web Publishing Service"
_____________________________________________________________________
Chapter 8. Database Maintenance
Backup of the MYSQL database.
For disaster recovery you should periodically backup the MYSQL database. You can do this manually or schedule it using the following command (remove line break _):
mysqldump -h localhost -u root --password=yourpassword _ openaudit > Backup.db3
Restore of a MYSQL Database Use the following process to delete any existing openaudit database and restore the database you wish to recover.
mysqladmin -u root --password=yourpassword drop openaudit mysqladmin -u root --password=yourpassword create openaudit mysql -u username -p yourpassword database_name < dump.sql
After you import the mysql database on the new machine, execute mysqladmin flush-privileges so that the server reloads the grant table information.
mysqladmin -u root --password=yourpassword flush-privileges
This is an excellent way to relocate your inventory to another server.
Optimize Database
Compress is a misnomer. You need to export, drop database, create database and import the database. You can also perform an optimize table for each of your tables.
Manage openaudit Database From Microsoft Access
You can allow custom queries and maintenance on the OpenAudIT database from Microsoft Access. To do this you must create a user for the connection. Create a readonly user to allow access to the database without allowing changes. Create a writable user to allow changes from Access. Add a readonly user (remove line break _):
mysql -u root --password=rootpass --execute="GRANT SELECT on _ openaudit.* TO readuser@'%.%.%.%' Identified by 'readpass';" mysql -u root --password=rootpass --execute="FLUSH PRIVILEGES;"
Here you created a new database user "readuser" with password "readpass", who has only SELECT access right to the database "openaudit". Add a writable user (remove line break _):
mysql -u root --password=rootpass --execute="GRANT ALL on _ openaudit.* TO writeuser@'192.%.%.%' Identified by 'writepass';" mysql -u root --password=rootpass --execute="FLUSH PRIVILEGES;" Here you created a new database user "writeuser" with password "writepass", who has ALL access rights to the database "openaudit". Access is restricted by IP address mask 192.*.*.*.
Connect using ODBC Connector
Follow the instruction listed below to connect using one of the users you have created:
http://www.washington.edu/computing/web/publishing/mysql-access-3.5.html
Remove a user (remove line break _):
If you need to remove a user you can do so as follows:
mysql -u root --password=rootpass --execute="delete from user _ where user='username';" mysql -u root --password=rootpass --execute="FLUSH PRIVILEGES;"
_____________________________________________________________________
Chapter 9. Miscellanous Fixes and customizations
In current user, under System Summary, you may be missing the \ in domain\username. Looks like the problem is in admin_pc_add_2.php at about line 177 Code:
foreach ($input as $split) { $split = stripslashes($split); $split = mysql_real_escape_string($split);
Comment out "$split = stripslashes($split); "
Create Temporary SSL Certificate
This is a good way to add SSL support if you don't need a real certificate. Install SELFSSL from the IIS 6.0 Resource Kit. From the server with IIS installed run the command: "selfssl /V:7300 /N:CN=hostname.domainname.topleveldomain"
Fix multiple listings in LDAP query in Computer Details
look in ldap_details.php for the following code (remove line break _).
Code:
} if ($record_type=="computer"){ _ $attributes = array("name","description","operatingsystem", _ "operatingsystemservicepack","operatingsystemversion", _ "location"); $filter = "(&(objectClass=computer)(objectCategory=computer) _ (|(samaccountname=".$name.chr(42).")(name=".$name.chr(42).") _ (displayname=".$name.chr(42).")(cn=".$name.chr(42).")))"; } Take out the .chr(42) references then it should do an exact match.
Create and Initialize database
If you have trouble creating the database through the web setup page, try creating the database by hand. To do this, connect to your mysql using the command line. Create the database using the CREATE command, see:
http://dev.mysql.com/doc/refman/5.1/en/create-database.html next USE it, see:
http://dev.mysql.com/doc/refman/5.1/en/use.html
Paste the contents of SCRIPTS\open_audit.sql to the command line interpreter. This will create all of the tables etc.
Internet Explorer 7 Disappearing Sub Menu In Internet Explorer 7, when selecting a sub menu from the left hand menu, the sub menu disappears before you can select it. This problem can be fixed by eliminating the margin and padding on the right side of the main menu.
In default.css change the following section:
Code: ul#primary-nav li a { display: block; text-decoration: none; color: #777; margin: 2px; padding: 5px; border: 1px solid #ccc; }
To this:
Code: ul#primary-nav li a { display: block; text-decoration: none; color: #777; margin: 0px; padding: 5px; padding-right: 0px; border: 1px solid #ccc; }[/code]
|