Registrations to Open-AudIT forums are now closed. To ask any new questions please visit Opmantek Community Questions.

Open-AudIT

What's on your network?
It is currently Tue Mar 19, 2024 5:39 pm

All times are UTC + 10 hours




Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 10 posts ] 
Author Message
 Post subject: new stats and bugfix.
PostPosted: Wed Sep 30, 2009 4:09 am 
Offline
Newbie

Joined: Wed Sep 05, 2007 1:20 am
Posts: 23
Hi,

Added software statistics for Java, OpenOffice.org, Adobe Flash Player and Adobe Reader like there already are statistics for IE, Firefox and Thunderbird.

Keeping these products up to date is a priority as they are most targeted by various exploits. A good overview helps.

I also fixed the issue I reported here [1] in both delete_missed_audits.php and delete_systems.php.

Attached is the svn diff for all the changes as well a zip file containing all the modified and added files.

Please apply the changes to the trunk ASAP or notify me of any problems with these changes here so I can fix them.

The png files were taken from the internet or my Fedora installation, the openoffice icon was converted from the homepage's favicon.ico. I assume there are no copyright issues as these are just 16x16 icons.

Regards,
kilgor

1 - [url]http://www.open-audit.org/phpBB3/viewtopic.php?f=8&t=3414[/url]

[code]
$ svn status | sort
A images/adobe_flash_player.png
A images/adobe_reader.png
A images/java.png
A images/oo.org.png
A list_viewdef_statistic_adobe_flash_player.php
A list_viewdef_statistic_adobe_reader.php
A list_viewdef_statistic_java.php
A list_viewdef_statistic_openoffice.org.php
M delete_missed_audits.php
M delete_systems.php
M include_menu_array.php
[/code]


[code]
$ svn diff
Index: list_viewdef_statistic_openoffice.org.php
===================================================================
--- list_viewdef_statistic_openoffice.org.php (revision 0)
+++ list_viewdef_statistic_openoffice.org.php (revision 0)
@@ -0,0 +1,54 @@
+<?php
+
+$query_array=array("headline"=>__("Statistic for OpenOffice.org Versions"),
+ "sql"=>"
+ SELECT
+ DISTINCT software_name, software_version,
+ COUNT( * ) AS count_item,
+ round( 100 / (
+ SELECT count(software_uuid) FROM software, system
+ WHERE
+ software_name LIKE 'OpenOffice.org%' AND
+ software_timestamp=system_timestamp AND
+ software_uuid=system_uuid
+ )
+ * COUNT( * )
+ ,$round_to_decimal_places ) AS percentage
+ FROM
+ software, system
+ WHERE
+ software_name LIKE 'OpenOffice.org%' AND
+ software_timestamp=system_timestamp AND
+ software_uuid=system_uuid
+ GROUP BY software_version
+ ",
+ "sort"=>"count_item",
+ "dir"=>"DESC",
+ "get"=>array("file"=>"list.php",
+ "title"=>__("Systems installed this Version of this Software"),
+ "var"=>array("name"=>"%software_name",
+ "version"=>"%software_version",
+ "view"=>"systems_for_software_version",
+ "headline_addition"=>"%software_name",
+ ),
+ ),
+ "fields"=>array("10"=>array("name"=>"software_version",
+ "head"=>__("Version"),
+ "show"=>"y",
+ "link"=>"y",
+ ),
+ "20"=>array("name"=>"count_item",
+ "head"=>__("Count"),
+ "show"=>"y",
+ "link"=>"n",
+ "search"=>"n",
+ ),
+ "30"=>array("name"=>"percentage",
+ "head"=>__("Percentage"),
+ "show"=>"y",
+ "link"=>"n",
+ "search"=>"n",
+ ),
+ ),
+ );
+?>
Index: images/adobe_flash_player.png
===================================================================
Cannot display: file marked as a binary type.
svn:mime-type = application/octet-stream

Property changes on: images/adobe_flash_player.png
___________________________________________________________________
Added: svn:mime-type
+ application/octet-stream

Index: images/adobe_reader.png
===================================================================
Cannot display: file marked as a binary type.
svn:mime-type = application/octet-stream

Property changes on: images/adobe_reader.png
___________________________________________________________________
Added: svn:mime-type
+ application/octet-stream

Index: images/java.png
===================================================================
Cannot display: file marked as a binary type.
svn:mime-type = application/octet-stream

Property changes on: images/java.png
___________________________________________________________________
Added: svn:mime-type
+ application/octet-stream

Index: images/oo.org.png
===================================================================
Cannot display: file marked as a binary type.
svn:mime-type = application/octet-stream

Property changes on: images/oo.org.png
___________________________________________________________________
Added: svn:mime-type
+ application/octet-stream

Index: list_viewdef_statistic_adobe_flash_player.php
===================================================================
--- list_viewdef_statistic_adobe_flash_player.php (revision 0)
+++ list_viewdef_statistic_adobe_flash_player.php (revision 0)
@@ -0,0 +1,54 @@
+<?php
+
+$query_array=array("headline"=>__("Statistic for Adobe Flash Player Versions"),
+ "sql"=>"
+ SELECT
+ DISTINCT software_name, software_version,
+ COUNT( * ) AS count_item,
+ round( 100 / (
+ SELECT count(software_uuid) FROM software, system
+ WHERE
+ software_name LIKE 'Adobe Flash Player%' AND
+ software_timestamp=system_timestamp AND
+ software_uuid=system_uuid
+ )
+ * COUNT( * )
+ ,$round_to_decimal_places ) AS percentage
+ FROM
+ software, system
+ WHERE
+ software_name LIKE 'Adobe Flash Player%' AND
+ software_timestamp=system_timestamp AND
+ software_uuid=system_uuid
+ GROUP BY software_version
+ ",
+ "sort"=>"count_item",
+ "dir"=>"DESC",
+ "get"=>array("file"=>"list.php",
+ "title"=>__("Systems installed this Version of this Software"),
+ "var"=>array("name"=>"%software_name",
+ "version"=>"%software_version",
+ "view"=>"systems_for_software_version",
+ "headline_addition"=>"%software_name",
+ ),
+ ),
+ "fields"=>array("10"=>array("name"=>"software_version",
+ "head"=>__("Version"),
+ "show"=>"y",
+ "link"=>"y",
+ ),
+ "20"=>array("name"=>"count_item",
+ "head"=>__("Count"),
+ "show"=>"y",
+ "link"=>"n",
+ "search"=>"n",
+ ),
+ "30"=>array("name"=>"percentage",
+ "head"=>__("Percentage"),
+ "show"=>"y",
+ "link"=>"n",
+ "search"=>"n",
+ ),
+ ),
+ );
+?>
Index: list_viewdef_statistic_adobe_reader.php
===================================================================
--- list_viewdef_statistic_adobe_reader.php (revision 0)
+++ list_viewdef_statistic_adobe_reader.php (revision 0)
@@ -0,0 +1,54 @@
+<?php
+
+$query_array=array("headline"=>__("Statistic for Adobe Reader Versions"),
+ "sql"=>"
+ SELECT
+ DISTINCT software_name, software_version,
+ COUNT( * ) AS count_item,
+ round( 100 / (
+ SELECT count(software_uuid) FROM software, system
+ WHERE
+ software_name LIKE 'Adobe Reader%' AND
+ software_timestamp=system_timestamp AND
+ software_uuid=system_uuid
+ )
+ * COUNT( * )
+ ,$round_to_decimal_places ) AS percentage
+ FROM
+ software, system
+ WHERE
+ software_name LIKE 'Adobe Reader%' AND
+ software_timestamp=system_timestamp AND
+ software_uuid=system_uuid
+ GROUP BY software_version
+ ",
+ "sort"=>"count_item",
+ "dir"=>"DESC",
+ "get"=>array("file"=>"list.php",
+ "title"=>__("Systems installed this Version of this Software"),
+ "var"=>array("name"=>"%software_name",
+ "version"=>"%software_version",
+ "view"=>"systems_for_software_version",
+ "headline_addition"=>"%software_name",
+ ),
+ ),
+ "fields"=>array("10"=>array("name"=>"software_version",
+ "head"=>__("Version"),
+ "show"=>"y",
+ "link"=>"y",
+ ),
+ "20"=>array("name"=>"count_item",
+ "head"=>__("Count"),
+ "show"=>"y",
+ "link"=>"n",
+ "search"=>"n",
+ ),
+ "30"=>array("name"=>"percentage",
+ "head"=>__("Percentage"),
+ "show"=>"y",
+ "link"=>"n",
+ "search"=>"n",
+ ),
+ ),
+ );
+?>
Index: include_menu_array.php
===================================================================
--- include_menu_array.php (revision 1186)
+++ include_menu_array.php (working copy)
@@ -177,8 +177,12 @@
"class"=>"menuparent",
"childs"=>array("10"=>array("name"=>"OS Type", "link"=>"./list.php?view=statistic_os", "image"=>"images/os.png", "title"=>"OS Type",),
"20"=>array("name"=>"IE Versions", "link"=>"./list.php?view=statistic_ie", "image"=>"images/browser.png", "title"=>"Internet Explorer Versions",),
- "25"=>array("name"=>"Firefox Versions", "link"=>"./list.php?view=statistic_firefox", "image"=>"images/browser_ff.png", "title"=>"Mozilla Firefox Versions",),
- "27"=>array("name"=>"Thunderbird Versions", "link"=>"./list.php?view=statistic_thunderbird", "image"=>"images/mail_tb.png", "title"=>"Mozilla Thunderbird Versions",),
+ "21"=>array("name"=>"Firefox Versions", "link"=>"./list.php?view=statistic_firefox", "image"=>"images/browser_ff.png", "title"=>"Mozilla Firefox Versions",),
+ "22"=>array("name"=>"Thunderbird Versions", "link"=>"./list.php?view=statistic_thunderbird", "image"=>"images/mail_tb.png", "title"=>"Mozilla Thunderbird Versions",),
+ "23"=>array("name"=>"Adobe Flash Player Versions", "link"=>"./list.php?view=statistic_adobe_flash_player", "image"=>"images/adobe_flash_player.png", "title"=>"Adobe Flash Player Versions",),
+ "24"=>array("name"=>"Adobe Reader Versions", "link"=>"./list.php?view=statistic_adobe_reader", "image"=>"images/adobe_reader.png", "title"=>"Adobe Reader Versions",),
+ "25"=>array("name"=>"OpenOffice.org Versions", "link"=>"./list.php?view=statistic_openoffice.org", "image"=>"images/oo.org.png", "title"=>"OpenOffice.org Versions",),
+ "26"=>array("name"=>"Java Versions", "link"=>"./list.php?view=statistic_java", "image"=>"images/java.png", "title"=>"Java Versions",),
"30"=>array("name"=>"Memory Size", "link"=>"./list.php?view=statistic_memory", "image"=>"images/memory.png", "title"=>"Memory Size",),
"40"=>array("name"=>"Processor Types", "link"=>"./list.php?view=statistic_processor", "image"=>"images/processor.png", "title"=>"Processor Types",),
"50"=>array("name"=>"Hard Drive", "link"=>"./list.php?view=statistic_harddrive", "image"=>"images/harddisk.png", "title"=>"Hard Drive",),
Index: delete_systems.php
===================================================================
--- delete_systems.php (revision 1186)
+++ delete_systems.php (working copy)
@@ -227,7 +227,7 @@
do {
$bgcolor = change_row_color($bgcolor,$bg1,$bg2);
echo "<tr style=\"bgcolor:" . $bgcolor . ";\">
- <td width=\"5%\"><input type=\"checkbox\" name=" . $myrow["system_uuid"] . " id=" . $myrow["system_uuid"] . " value=" . $myrow["system_uuid"] . "></td>
+ <td width=\"5%\"><input type=\"checkbox\" name=\"" . $myrow["system_uuid"] . "\" id=\"" . $myrow["system_uuid"] . "\" value=\"" . $myrow["system_uuid"] . "\"></td>
<td><a href=\"system.php?pc=".$myrow["system_uuid"]."&amp;view=summary\">" . ip_trans($myrow["net_ip_address"]) . "</a></td>
<td><a href=\"system.php?pc=".$myrow["system_uuid"]."&amp;view=summary\">" . $myrow["system_name"] . "</a></td>
<td>" . $myrow["net_domain"] . "</td>
Index: list_viewdef_statistic_java.php
===================================================================
--- list_viewdef_statistic_java.php (revision 0)
+++ list_viewdef_statistic_java.php (revision 0)
@@ -0,0 +1,56 @@
+<?php
+
+$query_array=array("headline"=>__("Statistic for Java Versions"),
+ "sql"=>"
+ SELECT
+ DISTINCT software_name, software_version,
+ COUNT( * ) AS count_item,
+ round( 100 / (
+ SELECT count(software_uuid) FROM software, system
+ WHERE
+ (software_name LIKE 'Java%' OR
+ software_name LIKE 'J2SE%') AND
+ software_timestamp=system_timestamp AND
+ software_uuid=system_uuid
+ )
+ * COUNT( * )
+ ,$round_to_decimal_places ) AS percentage
+ FROM
+ software, system
+ WHERE
+ (software_name LIKE 'Java%' OR
+ software_name LIKE 'J2SE%') AND
+ software_timestamp=system_timestamp AND
+ software_uuid=system_uuid
+ GROUP BY software_version
+ ",
+ "sort"=>"count_item",
+ "dir"=>"DESC",
+ "get"=>array("file"=>"list.php",
+ "title"=>__("Systems installed this Version of this Software"),
+ "var"=>array("name"=>"%software_name",
+ "version"=>"%software_version",
+ "view"=>"systems_for_software_version",
+ "headline_addition"=>"%software_name",
+ ),
+ ),
+ "fields"=>array("10"=>array("name"=>"software_version",
+ "head"=>__("Version"),
+ "show"=>"y",
+ "link"=>"y",
+ ),
+ "20"=>array("name"=>"count_item",
+ "head"=>__("Count"),
+ "show"=>"y",
+ "link"=>"n",
+ "search"=>"n",
+ ),
+ "30"=>array("name"=>"percentage",
+ "head"=>__("Percentage"),
+ "show"=>"y",
+ "link"=>"n",
+ "search"=>"n",
+ ),
+ ),
+ );
+?>
Index: delete_missed_audits.php
===================================================================
--- delete_missed_audits.php (revision 1186)
+++ delete_missed_audits.php (working copy)
@@ -229,7 +229,7 @@
do {
$bgcolor = change_row_color($bgcolor,$bg1,$bg2);
echo "<tr style=\"bgcolor:" . $bgcolor . ";\">
- <td width=\"5%\"><input type=\"checkbox\" name=" . $myrow["system_uuid"] . " id=" . $myrow["system_uuid"] . " value=" . $myrow["system_uuid"] . "></td>
+ <td width=\"5%\"><input type=\"checkbox\" name=\"" . $myrow["system_uuid"] . "\" id=\"" . $myrow["system_uuid"] . "\" value=\"" . $myrow["system_uuid"] . "\"></td>
<td><a href=\"system.php?pc=".$myrow["system_uuid"]."&amp;view=summary\">" . ip_trans($myrow["net_ip_address"]) . "</a></td>
<td><a href=\"system.php?pc=".$myrow["system_uuid"]."&amp;view=summary\">" . $myrow["system_name"] . "</a></td>
<td>" . $myrow["net_domain"] . "</td>

[/code]


Attachments:
File comment: modified and added files
openaudit.kilgor.29.09.2009.zip [16.78 KiB]
Downloaded 463 times
Top
 Profile  
Reply with quote  
PostPosted: Wed Sep 30, 2009 8:19 pm 
Offline
Moderator
User avatar

Joined: Tue Jan 25, 2005 3:09 am
Posts: 2140
Location: Scotland
Thanks for that, added at revision: 1188, can we check this though, 'cos I got a strange "server went away" type error the first time I tried to post this, about half way through the process. :cry:

If there are any issue, let me know and I will roll back and re-post.

**EDIT: Seems to be fine, I checked my test SVN with this update, all pages look OK.

_________________
Andrew

[size=85]OA Server: Windows XP/ XAMPP, Mandriva/Apache, Ubuntu
Auditing: 300+ Wstns, 20+ Srvrs, Thin clients, Linux boxes, Routers, etc
OS's: Windows XP , W2K Srvr, W2K3 Srvr, W2K8, Vista, Windows 7, Linuxes (and a Mac at home)
LDAP: Active Directory[/size]


Top
 Profile  
Reply with quote  
PostPosted: Wed Sep 30, 2009 8:41 pm 
Offline
Newbie

Joined: Wed Sep 05, 2007 1:20 am
Posts: 23
Thanks, please have a look at [1] too.

1 - viewtopic.php?f=5&t=3434


Top
 Profile  
Reply with quote  
PostPosted: Thu Oct 01, 2009 5:03 pm 
Offline
Open-AudIT Fellow

Joined: Thu May 17, 2007 5:47 pm
Posts: 568
Location: Italy
Useful additions: I also updated statistics for Firefox to include Frontmotion FF Community Edition (http://www.frontmotion.com/FMFirefoxCE/index.htm). SVN rev. 1189

_________________
Edoardo


Top
 Profile  
Reply with quote  
PostPosted: Fri Oct 02, 2009 5:41 pm 
Offline
Newbie

Joined: Wed Sep 05, 2007 1:20 am
Posts: 23
[quote="ef"]Useful additions: I also updated statistics for Firefox to include Frontmotion FF Community Edition (http://www.frontmotion.com/FMFirefoxCE/index.htm). SVN rev. 1189

Hi,

What is the name of the Frontmotion Firefox install? I'd like to change the query as %Firefox% returns also software that is not Firefox. For example there's a plugin for Firefox which includes the name "Firefox": "ID-kaardi tarkvara Firefoxile" meaning "ID card software for Firefox". There might be more.

Regards,
kilgor

Top
 Profile  
Reply with quote  
PostPosted: Fri Oct 02, 2009 7:12 pm 
Offline
Open-AudIT Fellow

Joined: Thu May 17, 2007 5:47 pm
Posts: 568
Location: Italy
The name is "FrontMotion Firefox Community Edition (xy)" where xy is the country.
Let me know how you want the list to be fixed to exclude your plugins.

_________________
Edoardo


Top
 Profile  
Reply with quote  
PostPosted: Fri Oct 02, 2009 7:52 pm 
Offline
Newbie

Joined: Wed Sep 05, 2007 1:20 am
Posts: 23
[quote="ef"]The name is "FrontMotion Firefox Community Edition (xy)" where xy is the country.
Let me know how you want the list to be fixed to exclude your plugins.

The WHERE clause:
[code]
WHERE (
software_name LIKE 'Mozilla Firefox%'
OR software_name LIKE 'FrontMotion Firefox Community Edition%'
)
AND (
software_name NOT LIKE 'Mozilla Firefox Extension%'
AND software_name NOT LIKE 'FrontMotion Firefox Community Edition Extension%'
)
[/code]
You might want to review and test this.

Are the extensions named 'FrontMotion Firefox Community Edition Extension%'? Are there other version of Frontmotion Firefox like a 'FrontMotion Firefox Commercial Edition' maybe?

Top
 Profile  
Reply with quote  
PostPosted: Fri Oct 02, 2009 9:41 pm 
Offline
Open-AudIT Fellow

Joined: Thu May 17, 2007 5:47 pm
Posts: 568
Location: Italy
Fixed at SVN rev. 1190. Thanks

_________________
Edoardo


Top
 Profile  
Reply with quote  
PostPosted: Fri Oct 02, 2009 10:00 pm 
Offline
Newbie

Joined: Wed Sep 05, 2007 1:20 am
Posts: 23
[quote="ef"]Fixed at SVN rev. 1190. Thanks

Cool, though you forgot to modify the same sql in the percentage calculation. I'm attaching the fixed .php file, please submit it to trunk.

Attachments:
File comment: list_viewdef_statistic_firefox.php
list_viewdef_statistic_firefox.php.zip [787 Bytes]
Downloaded 472 times
Top
 Profile  
Reply with quote  
PostPosted: Sat Oct 03, 2009 9:36 pm 
Offline
Open-AudIT Fellow

Joined: Thu May 17, 2007 5:47 pm
Posts: 568
Location: Italy
Oops... Hopefully fixed at SVN rev. 1192

_________________
Edoardo


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 10 posts ] 

All times are UTC + 10 hours


Who is online

Users browsing this forum: No registered users and 2 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Powered by phpBB® Forum Software © phpBB Group