Open-AudIT

What's on your network?
It is currently Mon Jan 22, 2018 3:01 am

All times are UTC + 10 hours




Post new topic Reply to topic  [ 48 posts ]  Go to page 1, 2, 3, 4  Next
Author Message
 Post subject: Mac Audit
PostPosted: Fri Jun 04, 2010 3:44 pm 
Offline
Newbie

Joined: Fri Jun 04, 2010 3:33 pm
Posts: 3
Hi Everyone,

I thought you might be interested in an objective C script that runs on mac os x. It's an xcode project so you'll need to download xcode to compile it on your platform but after that it should run on similar platforms without issue...

There are still a few key things missing - mostly hardware and networking items.
But it's a good start for the basics:
system name, chassis, os, uuid, ip, subnet, processor, memory, software names and versions, ip routes, users & groups...

This script produces a file called mac.txt which I upload with a little bash script to our server:

#!/bin/sh
./mac_audit
curl --data-urlencode add@mac.txt "http://ourhost/openaudit/admin_pc_add_2.php"

You may need to upgrade curl to use '--data-urlencode'...

Thanks!


Attachments:
mac_audit_.zip [25.67 KiB]
Downloaded 383 times
Top
 Profile  
Reply with quote  
 Post subject: Re: Mac Audit
PostPosted: Mon Aug 30, 2010 4:26 am 
Offline
Helper

Joined: Wed Apr 07, 2010 8:04 am
Posts: 99
Location: Boston, MA
Hi Genloz,
I have been waiting for a Mac audit for a long time. I've been running OA for 6 months now with 400+ Windows clients, but I have about 50 Mac computers that I would love to have audited. My only approach has been to install bootcamp and run an audit under window to at least capture hardware information... yeah pretty labor intensive for not much real gain.

I'm not a programmer, but I'll give this code a try and compile it :?, but if you have instructions it would be better :D . I will give you feedback as soon as possible.

_________________
OA v1.5.2 on Windows Server 2003 and WAMP 2.0 (Apache 2.2.22, PHP 5.4.3, MySQL 5.1.36).
OA v1.5.3 on Linux
Auditing 500 Windows 7 computers via GPO, 200 Apple OSX 10.8/10.9/10.10


Top
 Profile  
Reply with quote  
 Post subject: Re: Mac Audit
PostPosted: Mon Aug 30, 2010 11:31 pm 
Offline
Helper

Joined: Wed Apr 07, 2010 8:04 am
Posts: 99
Location: Boston, MA
Hi Genloz,
I'm glad someone was able to take a step forward on creating a Mac audit. I have 400+ PC clients and have been OA for 6 months now and I love it, but I still have around 50 Macs that I have to audit manually, or install bootcamp to at least get hardware info. My love for OA will be complete if I can audit Mac OSX in OA.

I'm going on vacation for 2 weeks tomorrow, but as soon as I come back, this will be my first thing to do. Hope to be able to give you some feedback then. Really looking forward to this.

_________________
OA v1.5.2 on Windows Server 2003 and WAMP 2.0 (Apache 2.2.22, PHP 5.4.3, MySQL 5.1.36).
OA v1.5.3 on Linux
Auditing 500 Windows 7 computers via GPO, 200 Apple OSX 10.8/10.9/10.10


Top
 Profile  
Reply with quote  
 Post subject: Re: Mac Audit
PostPosted: Tue Aug 31, 2010 9:39 pm 
Offline
Helper

Joined: Thu Apr 15, 2010 12:28 am
Posts: 83
seems to work fine. I have created some additional scripts which I will post once I get them tested a bit more.


Top
 Profile  
Reply with quote  
 Post subject: Re: Mac Audit
PostPosted: Mon Sep 06, 2010 12:21 pm 
Offline
Newbie

Joined: Mon Sep 06, 2010 12:12 pm
Posts: 1
Hello all,

I am new to the Mac world and could use some help.

I'm looking for a utility that I can install on an iMac that will go through the local hardware and software pull any and all information pertaining to that system. (Hardware ID's, Serial #s, Verision #s, hardware/ software type, etc.)

There is a utility on the Windows side called Belarc that does exactly what I want to do on the Mac but they don't make a Mac installer.

Can anyone point me in the right direction or know of something that works like this.
Thank you for any help.


Top
 Profile  
Reply with quote  
 Post subject: Re: Mac Audit
PostPosted: Tue Sep 14, 2010 12:37 am 
Offline
Helper

Joined: Thu Apr 15, 2010 12:28 am
Posts: 83
jonbendtsen wrote:
seems to work fine. I have created some additional scripts which I will post once I get them tested a bit more.

Hi

I have now had the time to test it a little more and is ready to publish my scripts.
Attachment:
File comment: Open mac AudIT installer with scripts, configuration files, and the mac_audit application from above.
published-open_mac_audit.zip [15.01 KiB]
Downloaded 407 times


The zipfile above contains 4 files:
  1. mac_audit - the compiled ready to run application posted above by genloz
  2. one_time_DOUBLE_CLICK_TO_install_open_mac_audit.command - my installer script that copies into place and adds a hourly crontab
  3. open_mac_audit.command - my script that runs mac_audit, this is started by crontab hourly, but will only submit output from mac_audit to server once every 24 hours or later.
  4. servers.cfg - my configuration file with 1 server pr. line which allows you to have multiple paths into the same server. Will stop after the first server line accepts the data.

For an OpenAudIT administrator, edit servers.cfg to suit your setup. Then rezip all the files together and email the new .zip file out to your users asking them to:
  1. save the .zip file to some place
  2. double click in Finder on the .zip file
  3. double click in Finder on the unpacked folder
  4. double click in Finder on the file called: one_time_DOUBLE_CLICK_TO_install_open_mac_audit.command
  5. say yes to run it

OR ff you put it on a shared network file system then just tell them to double click one_time_DOUBLE_CLICK_TO_install_open_mac_audit.command in Finder and say yes to run it.


Top
 Profile  
Reply with quote  
 Post subject: Re: Mac Audit
PostPosted: Fri Sep 17, 2010 10:37 pm 
Offline
Helper

Joined: Thu Apr 15, 2010 12:28 am
Posts: 83
I ran into the first quirk with open mac audit. The machines are registered in the database with their computer name. But what if the computer name changes, like on a laptop that goes to a new network.

I have setup my system such that laptops will also try to use an external ip address for accessing openaudit. This works from any network that allows httpS connections to the internet. But now i've got 2 names for the same mac computer, where as the system works fine for windows computers.


Top
 Profile  
Reply with quote  
 Post subject: Re: Mac Audit
PostPosted: Sat Sep 18, 2010 1:32 am 
Offline
Moderator

Joined: Fri Jul 20, 2007 8:27 am
Posts: 1226
I don't use macs but...

As you've found the mac audit script will only use the host.domain for the computer name. It doesn't look like it's too hard to get a UUID and change the script a bit. This expansion on the article helps a bit. Run the code to get the UUID using the tasklauncher just like the other "get hostname" "get domain name" examples. Set the UUID to the UUID you found or the hostname.domain. Then you'll need to go through the audit script looking for areas where it used hostname instead of UUID and change them.


Top
 Profile  
Reply with quote  
 Post subject: Re: Mac Audit
PostPosted: Fri Oct 01, 2010 12:03 am 
Offline
Helper

Joined: Thu Apr 15, 2010 12:28 am
Posts: 83
Thanks, I've coded something. I will test it and post it once I feel confident it works well.


Top
 Profile  
Reply with quote  
 Post subject: Re: Mac Audit
PostPosted: Tue Oct 05, 2010 9:41 pm 
Offline
Helper

Joined: Thu Apr 15, 2010 12:28 am
Posts: 83
Well, it sort of works. Occasionally I get machines posted which appears to have no UUID when I look using the websystem. I am thinking of 3 possible reasons:
  1. the UUID found using uuid=$(ioreg -rd1 -c IOPlatformExpertDevice | grep -E '(UUID)' | cut -d= -f2 | tr -d '" ') is sometimes empty?
  2. the replacement done by sed -e "s/\([0-9]\^\^\^\)$HOSTNAME\.\^\^\^/\1$uuid^^^/" mac.txt > uuid.txt doesnt work, but I can not see why it would leave the field empty? unless of course the hostname is empty or different from what is in the mac.txt file.
  3. the websystem sometimes ignores the UUID field?


Top
 Profile  
Reply with quote  
 Post subject: Re: Mac Audit
PostPosted: Tue Oct 05, 2010 10:53 pm 
Offline
Helper

Joined: Thu Apr 15, 2010 12:28 am
Posts: 83
I got another mac doing this. It seems to be related to not having a real ip address? 169.254.57.244


Top
 Profile  
Reply with quote  
 Post subject: Re: Mac Audit
PostPosted: Wed Oct 06, 2010 2:55 am 
Offline
Moderator

Joined: Fri Jul 20, 2007 8:27 am
Posts: 1226
This would be so much easier if I had Macs at my office. :)

Maybe a dumb question but is the sed stuff necessary? I was thinking something more like the original audit.vbs where they grab the UUID, MAC address and host name then sanity check the data and pick one as the "UUID" variable value. Then change the post file like

Original
Code:
   //form initial string
    NSString *auditLine = [NSString stringWithFormat:@"audit%@%@%@%@%@%@%@%@%@y%@y%@\n", sep, hostName, sep, theDate, sep, [NSString stringWithFormat:@"%@.%@", hostName, domainName], sep, whoami, sep, sep, sep];


New uuid value instead of hostname.domain
Code:
   //form initial string
    NSString *auditLine = [NSString stringWithFormat:@"audit%@%@%@%@%@%@%@%@%@y%@y%@\n", sep, hostName, sep, theDate, sep, UUID, sep, whoami, sep, sep, sep];


But I don't have Macs and I'm not much of a coder so maybe you shouldn't listen to me.


Top
 Profile  
Reply with quote  
 Post subject: Re: Mac Audit
PostPosted: Wed Oct 06, 2010 9:07 pm 
Offline
Helper

Joined: Thu Apr 15, 2010 12:28 am
Posts: 83
sed is needed because the UUID is not present in the output from mac_audit or in the mac.txt file.

Here are the output from running mac_audit on my own mac.
Code:
audit^^^JonMBP.local^^^20101005135127^^^JonMBP.local.^^^jonbendtsen^^^y^^^y^^^
audit^^^JonMBP.local^^^20101005135127^^^JonMBP.local.^^^jonbendtsen^^^y^^^y^^^
audit^^^JonMBP.local^^^20101005135127^^^JonMBP.local.^^^jonbendtsen^^^y^^^y^^^

And yes, there are 3 audit lines, my sed changes all of them.

If I compare to a php capture from one of my windows machines I only get 1 audit line
Code:
audit^^^SRV007^^^20100930152832^^^35313038-594B-5A44-3150-202020202020^^^administrator^^^n^^^y^^^

It is not even the top line in either file. I long for some XML. Maybe that comes in future versions of openaudit.


Top
 Profile  
Reply with quote  
 Post subject: Re: Mac Audit
PostPosted: Thu Oct 07, 2010 1:39 am 
Offline
Moderator

Joined: Fri Jul 20, 2007 8:27 am
Posts: 1226
Sorry, I'm not being clear enough. I'm suggesting you go back to the original mac_audit.zip code drop and edit the mac_audit.m file such that it builds a correct mac.txt audit file. The code I quoted above is from the mac_audit.m file which is compiled to mac_audit.


Top
 Profile  
Reply with quote  
 Post subject: Re: Mac Audit
PostPosted: Fri Oct 08, 2010 1:39 pm 
Offline
Moderator

Joined: Fri Jul 20, 2007 8:27 am
Posts: 1226
Also it looks like the mac_audit as originally compiled only works on 64 bit machines and kernels. I get a "Bad CPU type in executable" when running in a 32bit environment. 64bit works okay.


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 48 posts ]  Go to page 1, 2, 3, 4  Next

All times are UTC + 10 hours


Who is online

Users browsing this forum: No registered users and 7 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Powered by phpBB® Forum Software © phpBB Group