Open-AudIT

What's on your network?
It is currently Wed Jan 17, 2018 5:23 pm

All times are UTC + 10 hours




Post new topic Reply to topic  [ 4 posts ] 
Author Message
PostPosted: Thu Oct 29, 2015 9:52 pm 
Offline
Newbie

Joined: Tue Oct 27, 2015 2:18 am
Posts: 6
Location: United Kingdom
So, the way I'm running this using "audit_domain.vbs" with the option set to run the script locally... however, when I do this, it executes a "route print 0.0.0.0" on the server running the audit and seems to use it's local IP address for the "man_ip_address" field in the records for that system.

Am I the only one seeing this?

_________________
Colin


Top
 Profile  
Reply with quote  
PostPosted: Fri Oct 30, 2015 3:04 am 
Offline
Moderator

Joined: Fri Jul 20, 2007 8:27 am
Posts: 1223
It is a problem with the new code trying to set man_ip_address to the IP of the adapter with the default route. Previously it was getting it "wrong" by choosing an undesired network adapter to get the IP address. The new code assumes it's running on the machine being audited and this is not the case when called from audit_domain.

Mark will need to fix this. Instead of using a shell to run "route print" we'll probably need to use WMI or a simple nslookup like we do for ldap audits.


Top
 Profile  
Reply with quote  
PostPosted: Fri Oct 30, 2015 8:42 am 
Offline
Moderator

Joined: Fri Jul 20, 2007 8:27 am
Posts: 1223
jpa wrote:
Mark will need to fix this.
Or here's a stab at the problem. Works in my testing. May need more error checking or I've assumed things that aren't true.

This uses WMI to get the routing table, finds the default route and the associated network adapter then grabs the primary ip address from that if it can or it looks in the registry for the ip address if it can't.

Attachment:
audit_windows.txt [351.36 KiB]
Downloaded 136 times


This doesn't find an ip address if the ipv4 gateway is blank. But the previous didn't either so it's no worse that way. The WMI routing stuff is IPV4 only so it also doesn't work with IPV6 only configs. Haven't tested how it breaks. Probably just doesn't get an ip address. I also threw this together quick so it could use some pretty-ifiying.


Top
 Profile  
Reply with quote  
PostPosted: Sat Nov 21, 2015 5:56 am 
Offline
Moderator

Joined: Fri Jul 20, 2007 8:27 am
Posts: 1223
I'm bumping this because it didn't make it into 1.8.4


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 4 posts ] 

All times are UTC + 10 hours


Who is online

Users browsing this forum: No registered users and 6 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group