Open-AudIT
https://www.open-audit.org/phpBB3/

Audit Windows Domain
https://www.open-audit.org/phpBB3/viewtopic.php?f=10&t=5496
Page 1 of 1

Author:  cdhead13 [ Tue May 03, 2011 12:56 am ]
Post subject:  Audit Windows Domain

Hello All,
I'm having some problems running an audit on my windows domain. I am able to audit the local system without any problems. When i run audit.vbs, the only output i seem to get is "Customer specific audits". I am able to access the "ie_form_page" from any domain computer, but could there be a permission problem with writing? I'm not totally sure how i should be managing the permissions on the wwwroot. I have posted my audit.config file below.

Other info:
OS: Windows Server 2008R2, w/ IIS7, PHP 5.3.6



'
' Standard audit section
'
audit_location = "r"
verbose = "n"
audit_host="http://support"
online = "yesxml"
strComputer = ""
ie_visible = "n"
ie_auto_submit = "y"
ie_submit_verbose = "n"

'ie_form_page = audit_host + "/admin_pc_add_1.php"
ie_form_page = "http://aldenaudit/admin_pc_add_1.php"

'non_ie_page = audit_host + "/admin_pc_add_2.php"
non_ie_page = "http://aldenaudit/admin_pc_add_2.php"

input_file = ""

'
' Email authentication
'
'

email_to = "chead@aldenlab.com"
email_from = "openaudit@aldenlab.com"
email_sender = "Open-AudIT"
email_server = "gmail-smtp-in.l.google.com ' IP address or FQDN
email_port = "25" ' The SMTP port
email_auth = "0" ' 0 = Anonymous, 1 = Clear-text Authentication, 2 = NTLM
email_user_id = "example@example.com" ' A valid Email account in user@domain format
email_user_pwd = "some_password" ' The SMTP email password
email_use_ssl = "false" ' True/False
email_timeout = "60" ' In seconds
send_email = "true" ' True/False - Enable/Disable email sending

audit_local_domain = "y"
'
'Set domain_type = 'nt' for NT4 or SAMBA otherwise leave blank or set to ldap
domain_type = "LDAP"

local_domain = "LDAP://aldenlab.com"

'
' Example Set Domain name for NT ONLY for LDAP use the above format
' NOTE This is Case Sensetive. See the example below.
'
'local_domain = "WinNT://IEXPLORE"
'local_domain = "WinNT://<domainname>"
'

hfnet = "n"
Count = 0
number_of_audits = 10
script_name = "audit.vbs"
monitor_detect = "y"
printer_detect = "y"
software_audit = "y"
uuid_type = "uuid"
'
' Nmap section
'
nmap_tmp_cleanup = true ' Set this false if you want to leave the tmp files for analysis in your tmp folder
nmap_subnet = "192.168.171." ' The subnet you wish to scan
nmap_subnet_formatted = "192.168.171." ' The subnet padded with 0's
nmap_ie_form_page = audit_host + "/admin_nmap_input.php"
nmap_ie_visible = "n"
nmap_ie_auto_close = "y"
nmap_ip_start = 1
nmap_ip_end = 254
nmap_syn_scan = "y" ' Tcp Syn scan
nmap_udp_scan = "y" ' UDP scan
nmap_srv_ver_scan = "y" ' Service version detection.
nmap_srv_ver_int = 9 ' Service version detection intensity level. Values 0-9, 0=fast

Page 1 of 1 All times are UTC + 10 hours
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/