Open-AudIT
http://www.open-audit.org/phpBB3/

Latest build from SVN
http://www.open-audit.org/phpBB3/viewtopic.php?f=5&t=1563
Page 1 of 1

Author:  ANavratil [ Thu Oct 19, 2006 2:37 am ]
Post subject:  Latest build from SVN

Hello all, first let me start with thank you all for creating this software, I've been using and SVN'ing since the inital release. So keep up the good work.

Now to the question, with the last build I've ran an audit, and I am "re-discovering" machines that existed before, and my machine count is effectively doubling, is there either A) a way to purge the db and just reaudit my domain or B) a method of matching machines based on UUID's.

Thanks ALL!!

Aaron Navratil

Author:  d.l.dave [ Thu Oct 19, 2006 3:02 am ]
Post subject: 

Have you changed the variable
uuid_type
in audit.config?

Actually I've just looked at subversion and it's been updated in subversion from uuid to mac in september.

If you were using uuid_type="uuid" before then I think your best option is to probably delete all the duplcates as follows (if you only have a few):
Admin -> Delete System

Hover the mouse over the Delete button and look at the target link shown at the bottom of the browser. Delete the one which has a mac address.

Now change your audit.config back to uuid and carry on auditing.

Hmm, hope that made sense.

If you have a lot of duplicates then let me know and I'll work out a quicker way.

Author:  ANavratil [ Thu Oct 19, 2006 3:10 am ]
Post subject: 

YES!!! you are exactly right!!!!
It was previously UUID and now of course it reads "mac" is there a preferred method of the two?

Additionally there is now 518 duplicates, so deleting 1 by 1 would be incredibly tme consuming, I'm ok with a purge or any suggestions you have to to offer, Thanks so much for the rapid response!

Aaron Navratil

Author:  d.l.dave [ Thu Oct 19, 2006 3:20 am ]
Post subject: 

My first suggestion would be please take regular backups of the database so you can roll back. If you use linux setup a nightly cron job that does something like the following

Code:
/usr/bin/find /root -name openaudit-backup\* -ctime +14 -exec rm {} \;
/usr/bin/mysqldump  --host=localhost --user=openbackup --password=password openaudit > /root/openaudit-backup-`date +%F`.sql


I'll try and write you a quick script that will automatically purge the duplicates for you if you like?

Author:  ANavratil [ Thu Oct 19, 2006 3:25 am ]
Post subject: 

d.l.dave: Thanks for your rapid replies! Backups!?! You mean I'm supposed to take backups! I will now start taking them nightly, I'm running on windows, but I'll take your advice and modify your cron entries for "Windows Scheduler"

But in the mean time and if it's not too much trouble for you to whip up a script to remove duplicates I'd be forever indebted. Thanks again!

Aaron Navratil

Author:  d.l.dave [ Thu Oct 19, 2006 5:21 am ]
Post subject: 

Okay. I'll see what I can put together. Give me a bit.

Author:  d.l.dave [ Thu Oct 19, 2006 6:29 am ]
Post subject: 

Here's a simple hack of a page that should do it for you. It's based on the delete_system.php so I didn't have to do any work!

It basically runs a query that looks for uuid's that look like mac addresses. For each one it finds it runs pretty much the same code that delete_system.php does.

1. Backup your database. Use mysqldump or something reliable.
2. Save the code below in to a file in the open audit web directory
3. open the page from a browser
4. Check it doesn't die removing anything (if one of the queries fails it won't carry on and try to remove the rest)
5. Don't blame me if it doesn't work or the code sets your cat on fire or whatever :-)

Code:
<?php
include "include_config.php";

    $link = mysql_connect($mysql_server, $mysql_user, $mysql_password) or die("Could not connect");
    mysql_select_db("$mysql_database") or die("Could not select database");
   
    $newquery = "SELECT system_uuid from SYSTEM where system_uuid like '__:__:__:__:__:__'";
    $result = mysql_query($newquery)  or die("Query failed to retrieve uuids of systems with mac type uuid'.");
   
    while ($myrow = mysql_fetch_row($result)){
       echo "About do delete: " . $myrow[0] . "<br />";
       delete_system($myrow[0]);
       
    }
     
    function delete_system($system_uuid) {
    $query = "select system_name from system where system_uuid='$system_uuid'";
    $result = mysql_query($query) or die("Query failed at retrieve system name stage.");
    $myrow = mysql_fetch_array($result);
    $name = $myrow['system_name'];

    $query = "DELETE FROM battery WHERE battery_uuid = '$system_uuid'";
    $result = mysql_query($query)  or die("Query failed at insert stage. battery");

    $query = "DELETE FROM bios WHERE bios_uuid = '$system_uuid'";
    $result = mysql_query($query)  or die("Query failed at insert stage. browser_helper_objects");

    $query = "DELETE FROM browser_helper_objects WHERE bho_uuid = '$system_uuid'";
    $result = mysql_query($query)  or die("Query failed at insert stage. browser_helper_objects");

    $query = "DELETE FROM firewall_auth_app WHERE firewall_app_uuid = '$system_uuid'";
    $result = mysql_query($query)  or die("Query failed at insert stage. firewall_auth_app");

    $query = "DELETE FROM firewall_ports WHERE port_uuid = '$system_uuid'";
    $result = mysql_query($query)  or die("Query failed at insert stage. firewall_ports");

    $query = "DELETE FROM firewire WHERE fw_uuid = '$system_uuid'";
    $result = mysql_query($query)  or die("Query failed at insert stage. firewire");

    $query = "DELETE FROM floppy WHERE floppy_uuid = '$system_uuid'";
    $result = mysql_query($query)  or die("Query failed at insert stage. floppy");

    $query = "DELETE FROM graphs_disk WHERE disk_uuid = '$system_uuid'";
    $result = mysql_query($query)  or die("Query failed at insert stage. graphs_disk");

    $query = "DELETE FROM groups WHERE groups_uuid = '$system_uuid'";
    $result = mysql_query($query)  or die("Query failed at insert stage. groups");

    $query = "DELETE FROM hard_drive WHERE hard_drive_uuid = '$system_uuid'";
    $result = mysql_query($query)  or die("Query failed at insert stage. hard_drive");

    $query = "DELETE FROM iis WHERE iis_uuid = '$system_uuid'";
    $result = mysql_query($query)  or die("Query failed at insert stage. iis");

    $query = "DELETE FROM iis_ip WHERE iis_ip_uuid = '$system_uuid'";
    $result = mysql_query($query)  or die("Query failed at insert stage. iis_ip");

    $query = "DELETE FROM iis_vd WHERE iis_vd_uuid = '$system_uuid'";
    $result = mysql_query($query)  or die("Query failed at insert stage. iis_vd");

    $query = "DELETE FROM invoice WHERE invoice_uuid = '$system_uuid'";
    $result = mysql_query($query)  or die("Query failed at insert stage. invoice");

    $query = "DELETE FROM keyboard WHERE keyboard_uuid = '$system_uuid'";
    $result = mysql_query($query)  or die("Query failed at insert stage. keyboard");

    $query = "DELETE FROM manual_software WHERE man_soft_uuid = '$system_uuid'";
    $result = mysql_query($query)  or die("Query failed at insert stage. manual_software");

    $query = "DELETE FROM mapped WHERE mapped_uuid = '$system_uuid'";
    $result = mysql_query($query)  or die("Query failed at insert stage. mapped");

    $query = "DELETE FROM media WHERE media_uuid = '$system_uuid'";
    $result = mysql_query($query)  or die("Query failed at insert stage. media");

    $query = "DELETE FROM memory WHERE memory_uuid = '$system_uuid'";
    $result = mysql_query($query)  or die("Query failed at insert stage. memory");

    $query = "DELETE FROM modem WHERE modem_uuid = '$system_uuid'";
    $result = mysql_query($query)  or die("Query failed at insert stage. modem");

    $query = "DELETE FROM monitor WHERE monitor_uuid = '$system_uuid'";
    $result = mysql_query($query)  or die("Query failed at insert stage. modem");

    $query = "DELETE FROM mouse WHERE mouse_uuid = '$system_uuid'";
    $result = mysql_query($query)  or die("Query failed at insert stage. modem");

    $query = "DELETE FROM ms_keys WHERE ms_keys_uuid = '$system_uuid'";
    $result = mysql_query($query)  or die("Query failed at insert stage. ms_keys");

    $query = "DELETE FROM network_card WHERE net_uuid = '$system_uuid'";
    $result = mysql_query($query)  or die("Query failed at insert stage. network_card");

    $query = "DELETE FROM nmap_ports WHERE nmap_other_id = '$system_uuid'";
    $result = mysql_query($query)  or die("Query failed at insert stage. nmap_other_ports");

    $query = "DELETE FROM notes WHERE notes_uuid = '$system_uuid'";
    $result = mysql_query($query)  or die("Query failed at insert stage. notes");

    $query = "DELETE FROM optical_drive WHERE optical_drive_uuid = '$system_uuid'";
    $result = mysql_query($query)  or die("Query failed at insert stage. optical_drive");

    $query = "DELETE FROM partition WHERE partition_uuid = '$system_uuid'";
    $result = mysql_query($query)  or die("Query failed at insert stage. partition");

    $query = "DELETE FROM passwords WHERE passwords_uuid = '$system_uuid'";
    $result = mysql_query($query)  or die("Query failed at insert stage. passwords");

    $query = "DELETE FROM processor WHERE processor_uuid = '$system_uuid'";
    $result = mysql_query($query)  or die("Query failed at insert stage. processor");

    $query = "DELETE FROM scsi_controller WHERE scsi_controller_uuid = '$system_uuid'";
    $result = mysql_query($query)  or die("Query failed at insert stage. scsi_controller");

    $query = "DELETE FROM scsi_device WHERE scsi_device_uuid = '$system_uuid'";
    $result = mysql_query($query)  or die("Query failed at insert stage. scsi_device");

    $query = "DELETE FROM service WHERE service_uuid = '$system_uuid'";
    $result = mysql_query($query)  or die("Query failed at insert stage. services");

    $query = "DELETE FROM shares WHERE shares_uuid = '$system_uuid'";
    $result = mysql_query($query)  or die("Query failed at insert stage. shares");

    $query = "DELETE FROM software WHERE software_uuid = '$system_uuid'";
    $result = mysql_query($query)  or die("Query failed at insert stage. software");

    $query = "DELETE FROM sound WHERE sound_uuid = '$system_uuid'";
    $result = mysql_query($query)  or die("Query failed at insert stage. sound");

    $query = "DELETE FROM startup WHERE startup_uuid = '$system_uuid'";
    $result = mysql_query($query)  or die("Query failed at insert stage. startup");

    $query = "DELETE FROM system WHERE system_uuid = '$system_uuid'";
    $result = mysql_query($query)  or die("Query failed at insert stage. system");

    $query = "DELETE FROM system_audits WHERE system_audits_uuid = '$system_uuid'";
    $result = mysql_query($query)  or die("Query failed at insert stage. system_audits");

    $query = "DELETE FROM system_man WHERE system_man_uuid = '$system_uuid'";
    $result = mysql_query($query)  or die("Query failed at insert stage. system_man");

    $query = "DELETE FROM system_security WHERE ss_uuid = '" . $name . "'";
    $result = mysql_query($query)  or die("Query failed at insert stage. system_security");

    $query = "DELETE FROM tape_drive WHERE tape_drive_uuid = '$system_uuid'";
    $result = mysql_query($query)  or die("Query failed at insert stage. tape_drive");

    $query = "DELETE FROM usb WHERE usb_uuid = '$system_uuid'";
    $result = mysql_query($query)  or die("Query failed at insert stage. usb");

    $query = "DELETE FROM users WHERE users_uuid = '$system_uuid'";
    $result = mysql_query($query)  or die("Query failed at insert stage. users");

    $query = "DELETE FROM video WHERE video_uuid = '$system_uuid'";
    $result = mysql_query($query)  or die("Query failed at insert stage. video");
    }
?>

Author:  ANavratil [ Thu Oct 19, 2006 7:15 am ]
Post subject: 

That worked so incredibly remarkably well, I am eternally grateful, Thanks so much! Worked like a champ.

-Thankfully
Aaron Navratil

Page 1 of 1 All times are UTC + 10 hours
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/