Open-AudIT
https://www.open-audit.org/phpBB3/

Beta 2 released
https://www.open-audit.org/phpBB3/viewtopic.php?f=20&t=5743
Page 1 of 1

Author:  Mark [ Mon Jul 11, 2011 10:35 pm ]
Post subject:  Beta 2 released

Available for testing.
As per Beta1 - I've not had much chance to test this...
No database schema changes - you can drop the code over your existing and continue to use it - obviously don't drop the entire XAMPPLITE directory over because you'll loose your database...

If you're running the XAMPPLITE download, just download the OAv2 code only beta 2 (9mb) file and place into c:\xampplite\ then rename your existing OAv2 to OAv2.old and rename the download from Open-AudIT v2.0 to OAv2. Make sure to copy the new files from the www directory into c:\XAMPPLITE\htdocs (excluding index.php), too...

https://launchpad.net/oav2/trunk/beta2

:D

NOTE - I have fixed the issue's raised by shanimal and jpa and re-uploaded the files. I have removed their posts as they are no longer relevent.

NOTE #2 - Some reports are currently "kind of" broken. Check the Installed Software report for an example. It does work, but throws errors at the top of the report (scroll down to see the actual report data). I am working on a fix for this ASAP.

Author:  shanimal [ Wed Jul 13, 2011 1:35 am ]
Post subject:  Re: Beta 2 released

I noticed that Sometimes the OS shows up as:

Microsoft Windows Server 2008 R2 Standard

But some show as:

Microsoft�® Windows Server�® 2008 Standard

Author:  jpa [ Wed Jul 13, 2011 2:01 am ]
Post subject:  Re: Beta 2 released

Those aren't the same Windows versions. The first is Server 2008 R2 which doesn't have any extended ASCII so it looks fine. The latter is Server 2008 and does have a couple extended ASCII registration marks which get mangled somewhere in the posting chain. I had this back in Alpha7 but Mark is not affected so I have some config that is different from his test machine somehow. You do too. :)

Author:  shanimal [ Wed Jul 13, 2011 4:11 am ]
Post subject:  Re: Beta 2 released

No big deal just looks odd. I always install R2, chalk this one up as another plus in it's column (vs. non-R2).

Author:  MarkD [ Wed Jul 20, 2011 1:24 am ]
Post subject:  Re: Beta 2 released

I've got it scanning machines and no problems so far. The office 2010 keys are all working now too which is great, thanks for that.

The only bug I've come across is with the reports. I can add them but the software keys one doesn't work. It's spitting out the following error:

[code]A PHP Error was encountered
Severity: Notice
Message: Undefined property: stdClass::$system_id
Filename: theme-tango/v_report.php
Line Number: 79[/code]

Have tried looking for a reason why but so far not been able to work it out.

Author:  jpa [ Wed Jul 20, 2011 3:50 am ]
Post subject:  Re: Beta 2 released

Quick hack to v_report.php to fix the system_id problem below. When Mark does a proper fix he should probably add a new column type for text that doesn't get numeric formatting applied. Something like text_noformat or text_only or something. Then the SoftwareKeys report should use this new type for the Key Text column_type identifier. Adobe Acrobat 6 (ancient) has all numeric keys which get the number formatting applied and look like "945,875,123" rather than "945875123".

My quick hack breaks the Filter Out/Filter Only popup for the SoftwareKeys report.
[code]<?php $sortcolumn = 3; ?>
<?php
# check to see if user_access_level for this group is > 7
$manual_edit = 'n';
if ( $user_access_level > '6' ) {
# check to see if "system_id" is present in report
if ( isset($query[0]->system_id) ){
# enable group manual editing column
$manual_edit = 'y';
}
}


if ($manual_edit == 'y') {
echo "<div style=\"float:left; width:100%;\">\n";
$attributes = array('id' => 'change_form', 'name' => 'change_form');
echo form_open('main/edit_systems', $attributes) . "\n";
echo "<input type=\"hidden\" name=\"group_id\" value=\"" . $group_id . "\" />\n";
}
echo "<table cellspacing=\"1\" class=\"tablesorter\">\n";
echo "\t<thead>\n";
echo "\t\t<tr>\n";
foreach($column as $key):
if ($key->column_type > '') {
if ($key->column_align == 'right') {
$style = 'style="padding-right: 20px;"';
} else {
$style = '';
}
echo "<th align=\"" . $key->column_align . "\" $style>" . $key->column_name . "</th>";
}
endforeach;
if ( $manual_edit == 'y') {
echo "<th align=\"center\" class=\"{sorter: false}\"><button onClick=\"document.alertform.submit();\">Edit</button>";
echo "<input type=\"checkbox\" id=\"system_id_0\" name=\"system_id_0\" onchange=\"check_all_systems();\"/></th>";
}
echo "\t\t</tr>\n";
echo "\t</thead>\n";
if (count($query) > 0) {
echo "\t<tbody>\n";
foreach($query as $key):
echo "\t\t<tr>\n";
foreach($column as $col):
$colname = $col->column_variable;
$colname_sec = $col->column_secondary;
$colname_ter = $col->column_ternary;
$collink = $col->column_link;
$colalign = $col->column_align;
if ($colalign == '') { $colalign = 'left'; }
switch($col->column_type) {
case "":
break;

case "link":
if (isset($key->system_id)) {
echo "\t\t\t<td align=\"$colalign\"><a class=\"SystemPopupTrigger\" rel=\"" . $key->system_id . "\" href=\"" . site_url() . "/" . $col->column_link . $key->system_id . "\">" . $key->$colname . "</a></td>\n";
} else {
$col->column_link = str_replace('$group_id', $group_id, $col->column_link);
echo "\t\t\t<td align=\"$colalign\"><a href=\"" . site_url() . "/" . $col->column_link . $key->$colname_sec . "\">" . $key->$colname . "</a></td>\n";
}
break;

case "text":
switch($colname)
{
case "tag":
echo "\t\t\t<td align=\"center\"><a class=\"TagPopupTrigger\" rel=\"" . $key->system_id . "\" href=\"#\"><img src=\"" . $image_path . "16_emblem-symbolic-link.png\" style='border-width:0px;' title=\"\" alt=\"\" /></a></td>\n";
break;



default:
$output = $key->$colname;
if (is_numeric($output)){
echo "\t\t\t<td align=\"$colalign\"><span style=\"display: none;\">" . mb_substr("0000000000" . $output, -10) . "</span>" . number_format($output) . "</td>\n";
} else {
// echo "\t\t\t<td align=\"$colalign\">" . replace_amp($output) . "</td>\n";
if ($key->$colname == ''){ $key->$colname = ' '; }
if (isset($key->system_id)) {
echo "\t\t\t<td align=\"$colalign\"><span id=\"" . $colname . "-" . $key->system_id . "-a\" onMouseOver=\"show_modifier('" . $colname . "','" . $key->system_id . "');\" >" . htmlentities($key->$colname) . "</span><span id=\"" . $colname . "-" . $key->system_id . "\">&nbsp;&nbsp;&nbsp;</span></td>\n";
} else {
echo "\t\t\t<td align=\"$colalign\"><span style=\"display: none;\">" .$output . "</span>" . $output . "</td>\n";
}
}
break;
}
break;

case "image":
if ( $key->$colname == "") { $key->$colname = "gtk-dialog-question"; }
echo "\t\t\t<td align=\"center\"><img src=\"" . $image_path . "16_" . $key->$colname . ".png\" style='border-width:0px;' title=\"" . $key->$colname_sec . "\" alt=\"" . $key->$colname_sec . "\" /></td>\n";
break;

case "ip_address":
echo "\t\t\t<td align=\"$colalign\"><span style=\"display: none;\">" . $key->man_ip_address . "&nbsp;</span>" . ip_address_from_db($key->man_ip_address) . "</td>\n";
break;

case "timestamp":
echo "\t\t\t<td align=\"$colalign\">" . $key->$colname . "</td>\n";
break;

case "url":
$href = '';
if ($colname_ter > '') {
$image = $image_path . "16_" . $colname_ter . ".png";
} else {
$image = $image_path . "16_browser.png";
}

if (isset($key->$colname)) {
$href = str_replace("&", "&amp;", str_replace("&amp;", "&", $key->$colname));
}
if (($colname == '') && ($collink > '')) {
$href = str_replace("&", "&amp;", str_replace("&amp;", "&", $collink));
}
if ($colname_sec > '') {
$href .= str_replace("&", "&amp;", str_replace("&amp;", "&", $key->$colname_sec));
}
$href = str_replace(" ", "%20", $href);
if ($href > '') {
echo "\t\t\t<td align=\"$colalign\"><a href=\"" . $href . "\"><img src=\"" . $image . "\" border=\"0\" title=\"\" alt=\"\" /></a></td>";
} else {
echo "\t\t\t<td align=\"$colalign\"></td>\n";
}
break;

}
endforeach;
if ( $manual_edit == 'y') {
echo '<td align="center"><input type="checkbox" id="system_id_' . $key->system_id . '" name="system_id_' . $key->system_id . '" /></td>';
}
echo "\t\t</tr>\n";
endforeach;
echo "\t</tbody>\n";
} else {
echo "\t\t<tr><td></td><td></td><td></td><td></td><td></td><td></td></tr>\n";
}
echo "</table>\n";
if ($manual_edit == 'y') {
echo "</form>\n";
echo "</div>\n";
}
?>

<script type="text/javascript">
var x = new Array(<?php echo count($query); ?>);

function show_modifier_new(info)
{
var settings = info.split('|||');
var system = settings[0];
var attr = settings[1];
if (cell_id != attr + "-" + system) {
if (cell_id > "") {
document.getElementById(cell_id).innerHTML = cell_value;
}
system_id = system;
attribute = attr;
cell_id = attribute + "-" + system_id;
cell_value = document.getElementById(cell_id).innerHTML;
cell_icon = " <a class='ModifierPopupTrigger' rel='" + system_id + "' href='<?php echo site_url(); ?>/main/system_display/" + system_id + "'><img src='/theme-tango/tango-images/16_gnome-run.png' /></a>";
cell_icon = " <a class='ModifierPopupTrigger' href='#'><img src='/theme-tango/tango-images/16_gnome-run.png' /></a>";
cell_icon = " <a class='ModifierPopupTrigger' href='#'>***</a>";
cell_text = cell_value + cell_icon;
document.getElementById(cell_id).innerHTML = cell_text;
}
}

function show_modifier(attr, system)
{
oa_new_cell_id = attr + "-" + system;
if (oa_cell_id == oa_new_cell_id) {

} else {
if (oa_cell_id > "") {
document.getElementById(oa_cell_id).innerHTML = oa_cell_value;
}
system_id = system;
oa_attribute = attr;
oa_cell_id = oa_attribute + "-" + system_id;
oa_cell_value = document.getElementById(oa_cell_id).innerHTML;
oa_cell_icon = " <a class='ModifierPopupTrigger' rel='" + system_id + "' href='<?php echo site_url(); ?>/main/system_display/" + system_id + "'><img src='/theme-tango/tango-images/16_gnome-run.png' /></a>";
oa_cell_icon = " <a class='ModifierPopupTrigger' href='#'><img src='/theme-tango/tango-images/16_gnome-run.png' /></a>";
oa_cell_icon = " <a class='ModifierPopupTrigger' rel='" + oa_attribute + "___" + document.getElementById(oa_cell_id+"-a").innerHTML +"' href='#'>***</a>";
oa_cell_text = oa_cell_value + oa_cell_icon;
document.getElementById(oa_cell_id).innerHTML = oa_cell_text;
}
}

function check_all_systems()
{
if (document.getElementById("system_id_0").checked == true)
{
<?php
foreach($query as $key):
echo "\tdocument.getElementById(\"system_id_" . $key->system_id . "\").checked = true;\n";
endforeach;
?>
} else {
<?php
foreach($query as $key):
echo "\tdocument.getElementById(\"system_id_" . $key->system_id . "\").checked = false;\n";
endforeach;
?>
}
}
</script>


<?php
function replace_amp($string)
{
$replaced_amp = str_replace("&amp;", "&", $string);
$replaced_amp = str_replace("&", "&amp;", $replaced_amp);
return $replaced_amp;
}
?>

<div style="display: none;" id="example" title="Edit Systems Manual Data"></div>
[/code]

Author:  jpa [ Wed Jul 20, 2011 7:25 am ]
Post subject:  Re: Beta 2 released

I also noticed a problem with the drop down menu and Firefox 5. The menu drop down goes away when it shouldn't.

To reproduce:
Start with mouse cursor below the menu item (e.g. Help)
Move mouse to hover on Help menu item
Help menu drops down but then rolls back up after a bit

This doesn't happen if you come in from the left, right or top.

Author:  Mark [ Wed Jul 20, 2011 3:54 pm ]
Post subject:  Re: Beta 2 released

[quote]The only bug I've come across is with the reports.
Oh, there's plenty of bugs, trust me :-)
This one is related to the include only / exclude column filtering. I mistakenly used the system_id field on all reports. But as you have discovered, on reports that don't contain that field (all installed software, softwar keys, etc), system_id is never set and bang - warning from PHP. My bad and am working on a fix.

Author:  Mark [ Wed Jul 20, 2011 3:58 pm ]
Post subject:  Re: Beta 2 released

[quote]I also noticed a problem with the drop down menu and Firefox 5. The menu drop down goes away when it shouldn't.
Yeah - I can replicate that - very weird. In my defence, the funky javascript stuff is plugins that use jQuery. Most of it I have NFI how it works and just fill in the blanks (so to speak). I don't think I'll chase this much, but am happy to accept a fix !!!

Author:  Mark [ Thu Jul 21, 2011 3:52 pm ]
Post subject:  Re: Beta 2 released

[quote]I noticed that Sometimes the OS shows up as:
Microsoft Windows Server 2008 R2 Standard
But some show as:
Microsoft�® Windows Server�® 2008 Standard

Just an FYI - I think I've fixed this (and other weird characters) in my unreleased code.
I couldn't find ANY way for VBScript to handle the ® symbol gracefully. And belivev me, I tried. From now on, it simply drops that character. All extended ASCII characters are now replaced. It seemed that the audit script captured (most) of them fine, but the PHP was having issue's with them. I now just "convert" them to the closest possible ASCII character.

Not sure how much this will affect non-english users though...

Author:  besofakissen [ Mon Jul 25, 2011 9:40 pm ]
Post subject:  Re: Beta 2 released

Hi Mark,

i just downloaded the beta 2 xampp and stand alone version.

In both versions i get a blank screen and nothing more, whats going wrong? I tested with a Windows 2008 R2 server with IIS and the xampp version but no difference. Anytime i get a blank screen, only the favicon loads.

Regards Alain

Author:  besofakissen [ Tue Jul 26, 2011 12:14 am ]
Post subject:  Re: Beta 2 released

Hi Mark

i try'd to install the xampp package and the stand alone package on an Windows 2k8 R2 Server with IIS. In both setups i get only a blank page. Any ideas?

Open Audit 1 works very well on that system...

Regards Alain

Author:  Mark [ Fri Aug 05, 2011 8:25 am ]
Post subject:  Re: Beta 2 released

I have not tried running the server side stuff on a Win2k8 server.
It audit's them just fine.
I only have Win2k3, WinXP and Win7 to test with (apart from Ubuntu).

Author:  jpa [ Fri Aug 05, 2011 3:18 pm ]
Post subject:  Re: Beta 2 released

You should check the php error logs under each scenario to see what's up. I seem to remember blank page being a symptom of wrong paths in the setup. The php error logs would show this.

Page 1 of 1 All times are UTC + 10 hours
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/