Open-AudIT
https://www.open-audit.org/phpBB3/

SQL Server versions in audit v1.5.2
https://www.open-audit.org/phpBB3/viewtopic.php?f=20&t=6388
Page 1 of 1

Author:  waxwurx [ Mon Dec 15, 2014 7:03 pm ]
Post subject:  SQL Server versions in audit v1.5.2

I noticed that my audit results were missing some versions of SQLServer. The list of SQL Server versions doesn't seem to be reflecting the current state of releases from Microsoft. This isn't such a big deal, I updated the code in m_database.php to reflect the current version numbers. I edited the series of if cases at the top of the process_database($input, $details) function:
>>
[code]$version_string = "unknown";


if ((mb_strpos($input->db_version, "12.00.2000.8") === 0) or (mb_strpos($input->db_version, "12.0.2000.8") === 0)) { $version_string = "SQL Server 2014 RTM"; }
if ((mb_strpos($input->db_version, "12.00.1524") === 0) or (mb_strpos($input->db_version, "12.0.1254") === 0)) { $version_string = "SQL Server 2014 Community Technology Preview 2 (CTP2)"; }
if ((mb_strpos($input->db_version, "11.00.9120") === 0) or (mb_strpos($input->db_version, "11.0.9120") === 0)) { $version_string = "SQL Server 2014 Community Technology Preview 1 (CTP1)"; }

// SQL Server 2012
if ((mb_strpos($input->db_version, "11.0.5058.0") === 0) or (mb_strpos($input->db_version, "11.2.5058.0") === 0)) { $version_string = "SQL Server 2012 Service Pack 2"; }

if ((mb_strpos($input->db_version, "11.0.3000.0") === 0) or (mb_strpos($input->db_version, "11.1.3000.0") === 0)) { $version_string = "SQL Server 2012 Service Pack 1"; }
if ((mb_strpos($input->db_version, "11.00.2100.60") === 0) or (mb_strpos($input->db_version, "11.0.2100.60") === 0)) { $version_string = "SQL Server 2012 RTM"; }

// SQL Server 2008
if ((mb_strpos($input->db_version, "10.50.6000.34") === 0) or (mb_strpos($input->db_version, "10.53.6000.34") === 0)) { $version_string = "SQL Server 2008 R2 Service Pack 3"; }
if ((mb_strpos($input->db_version, "10.50.4000.0") === 0) or (mb_strpos($input->db_version, "10.52.4000.0") === 0)) { $version_string = "SQL Server 2008 R2 Service Pack 2"; }
if ((mb_strpos($input->db_version, "10.50.2500.0") === 0) or (mb_strpos($input->db_version, "10.51.2500.0") === 0)) { $version_string = "SQL Server 2008 R2 Service Pack 1"; }
if (mb_strpos($input->db_version, "10.50.1600.1") === 0) { $version_string = "SQL Server 2008 R2 RTM"; }

if ((mb_strpos($input->db_version, "10.0.6000.29") === 0) or (mb_strpos($input->db_version, "10.4.6000.29") === 0)) { $version_string = "SQL Server 2008 Service Pack 4"; }
if ((mb_strpos($input->db_version, "10.0.5500.0") === 0) or (mb_strpos($input->db_version, "10.3.5500.0") === 0)) { $version_string = "SQL Server 2008 Service Pack 3"; }
if ((mb_strpos($input->db_version, "10.0.4000.0") === 0) or (mb_strpos($input->db_version, "10.2.4000.0") === 0)) { $version_string = "SQL Server 2008 Service Pack 2"; }
if ((mb_strpos($input->db_version, "10.0.2531.0") === 0) or (mb_strpos($input->db_version, "10.1.2531.0") === 0)) { $version_string = "SQL Server 2008 Service Pack 1"; }
if ((mb_strpos($input->db_version, "10.00.1600.22") === 0) or (mb_strpos($input->db_version, "10.0.1600.22") === 0)) { $version_string = "SQL Server 2008 RTM"; }

// SQL Server 2005
if ((mb_strpos($input->db_version, "9.00.5000.00") === 0) or (mb_strpos($input->db_version, "9.0.5000.0") === 0)) { $version_string = "SQL Server 2005 Service Pack 4"; }
if (mb_strpos($input->db_version, "9.00.4035") === 0) { $version_string = "SQL Server 2005 Service Pack 3"; }
if (mb_strpos($input->db_version, "9.00.3042") === 0) { $version_string = "SQL Server 2005 Service Pack 2"; }
if (mb_strpos($input->db_version, "9.00.2047") === 0) { $version_string = "SQL Server 2005 Service Pack 1"; }
if (mb_strpos($input->db_version, "9.00.1399") === 0) { $version_string = "SQL Server 2005 RTM"; }[/code]
<<

In addition to that I added a copy of the "SQL Server 2008" registry key lookup in audit_windows.vbs and updated it for SQL Server 2012:
>>
[code]''''''''''''''''''''''''''''''''
' SQL Svr 2012 '
''''''''''''''''''''''''''''''''
strKeyPath = "SOFTWARE\Microsoft\Microsoft SQL Server\110\Tools\Setup"
key_edition = ""
subKey = "Edition"
oReg.GetStringValue HKEY_LOCAL_MACHINE,strKeyPath,subKey,key_edition

strKeyPath = "SOFTWARE\Microsoft\Microsoft SQL Server\110\Tools\Setup"
key_name = "SQL Server 2012"
key_release = ""
subKey = "DigitalProductID"
oReg.GetBinaryValue HKEY_LOCAL_MACHINE,strKeyPath,subKey,key
if IsNull(key) then
' do nothing
else
key_text = getkey(key, 1)
result.WriteText " <key>" & vbcrlf
result.WriteText " <key_name>" & escape_xml(key_name) & "</key_name>" & vbcrlf
result.WriteText " <key_text>" & escape_xml(key_text) & "</key_text>" & vbcrlf
result.WriteText " <key_release>" & escape_xml(key_release) & "</key_release>" & vbcrlf
result.WriteText " <key_edition>" & escape_xml(key_edition) & "</key_edition>" & vbcrlf
result.WriteText " </key>" & vbcrlf
key_text = ""
key_release = ""
key_edition = ""
end if[/code]
<<
In order to test the changes, I ran an audit against a server that I know is running SQL Server 2012 (version 11.2.5058.0); this failed.

The script execution terminated at the CD Keys section reporting:
"[quote]...\audit_windows.vbs(7333, 3) Microsoft VBScript runtime error: Subscript out of range: '[number: 66]'"

Looking at the code it seems the error is occurring in the getkey(key, ver) function at the "[quote]isWin8 = (Key(66) \ 6) And 1" line. The call to this function is coming from the new section of code I added to check the registry for SQL Server 2012, so it appears that check is working. Is there a problem with getkey() that people are aware of? The system I'm testing is a Windows Server 2012 installation running under an SCVMM virtual machine using hyper-v but it also occurs on a Windows Server 2012 installation on a physical machine.

Author:  Mark [ Tue Dec 16, 2014 2:44 pm ]
Post subject:  Re: SQL Server versions in audit v1.5.2

I have updated m_database with the SQL Server version numbers and strings - thanks very much.
The getKey code works for me on a test 2012r2 VM, so maybe someone else can shed some light on why it's breaking with your code.

I can see that getKey expects an array as the first argument. Are you sure the reg return value is as expected?
Also try setting ver to something other than 1.

I don't have a SQL 2012 to test against (at the moment).

Author:  waxwurx [ Fri Dec 19, 2014 10:10 pm ]
Post subject:  Re: SQL Server versions in audit v1.5.2

My apologies for not posting sooner, I've not had the chance to look into this for a while.
The DigitalProductID for my SQLServer 2012 installation is "xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx" its equivalent on the SQLServer2008 RTM installation is MUCH longer, too long to try to copy here. Otherwise there's no glaringly obvious difference between the \Tools\Setup registry nodes for the two installations.

The call [code]"oReg.GetBinaryValue HKEY_LOCAL_MACHINE,strKeyPath,subKey,key"[/code] succeeds but when key is passed to the getkey() function a subscript out of range error occurs within the isArray(key) if block. It looks as though an array is returned but it is shorter than expected.

Author:  jpa [ Sat Dec 20, 2014 2:49 am ]
Post subject:  Re: SQL Server versions in audit v1.5.2

I'll take a look. I edited the productid out of your post as you probably didn't want that posted to the world. I have the key to test with. You should PM anyone else that volunteers to test instead of posting the productid.

If you paste your productid in the [url=http://www.ed.scherer.name/Tools/MicrosoftDigitalProductIDDecoder.html]decoder on this page[/url] does it give you the correct key?

The current getkey function tries to extract a portion of the Digitalproductid key to decode. Maybe we don't need the extract portion for SQL Server 2012.

Author:  waxwurx [ Mon Dec 22, 2014 6:07 pm ]
Post subject:  Re: SQL Server versions in audit v1.5.2

Thanks JPA,

Good thinking on the ProductID, I should have thought of that myself. I have tried the ID in the test tool that you suggested and it resolved correctly.

Page 1 of 1 All times are UTC + 10 hours
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/