Open-AudIT

What's on your network?
It is currently Tue Jan 23, 2018 9:42 pm

All times are UTC + 10 hours




Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 11 posts ] 
Author Message
PostPosted: Thu Nov 13, 2008 9:13 pm 
Offline
Newbie

Joined: Tue Nov 04, 2008 9:14 pm
Posts: 17
Location: France
Hello,

I realize differents trys with Open Audit in order to use it in my company.
This morning, i tried to use Ldap for Open-Audit login, it works, it's good.
But, i just wanna say it's very unsecure to use it.
Indeed, when i've launched Wireshark to look frames, I've seen my login and password which was unencrypted.
That means if someone listens my network frames, he could kept my admin_account...
As far as I'm concerned, security is the most important element to take into account on my network.
Have you got solution(s) to remedy this?

Thanks.
(I'm sorry for my english I try to improve it :wink: )


Last edited by Slyers on Wed Nov 26, 2008 7:09 pm, edited 1 time in total.

Top
 Profile  
Reply with quote  
PostPosted: Thu Nov 13, 2008 10:00 pm 
Offline
Open-AudIT Fellow

Joined: Thu May 17, 2007 5:47 pm
Posts: 568
Location: Italy
You can enable https on your web server and https login on OA, so the traffic between your workstation and the OA server would be encrypted.
Still, credentials would be passed in clear text from the OA server to the LDAP server, but assuming that your servers are in a phisically secured area (datacenter, same LAN switch with no sniffing probes connected), IMO you could have a sufficient level of security...

_________________
Edoardo


Top
 Profile  
Reply with quote  
PostPosted: Fri Nov 14, 2008 12:47 am 
Offline
Contributor

Joined: Fri Jul 28, 2006 6:30 am
Posts: 157
Location: London
Following up from ef's response, this is a known issue. The solution is simple in principle: use LDAP over SSL. However, in practice there are a number of hurdles:

- The most common LDAP directory is AD which by default isn't configured for LDAP over SSL
- The standard PHP distributions do not support LDAP over SSL functionality

If this is a real concern you could use Open Audit authentication instead of LDAP.

_________________
Cheers, Nick.

OA Server: Windows Server 2003 / Apache 2
Auditing: 1600 Workstations, 200 Servers
OS's: Windows XP / Windows 2000 / Windows 2003 Server / Windows Vista
LDAP: Active Directory


Top
 Profile  
Reply with quote  
PostPosted: Mon Nov 17, 2008 10:31 pm 
Offline
Newbie

Joined: Tue Nov 04, 2008 9:14 pm
Posts: 17
Location: France
Hello,
Thanks for the answers,
Finally, I enable https (SSL) on my web server, but I have a new problem...
Indeed, I can't use "Audit now" because a message said "A security problem appeared" (maybe the english translation is not exact because it's in french for me :wink: )
The Message box says trouble is at line 108 of "open-audit-of-...-to-...-from... .vbs" (it is the script which is temporarly executed on audited machine)
I've modified audit.conf + audit.vbs in order to put "https", but it's the same thing...

Is there someone who can resolve this trouble?
Thanks.


Top
 Profile  
Reply with quote  
PostPosted: Sat Jan 17, 2009 12:39 am 
Offline
Newbie

Joined: Tue Nov 04, 2008 9:14 pm
Posts: 17
Location: France
No one has the same problem???


Top
 Profile  
Reply with quote  
PostPosted: Sat Jan 17, 2009 3:10 am 
Offline
Moderator
User avatar

Joined: Tue Jan 25, 2005 3:09 am
Posts: 2140
Location: Scotland
Try the latest SVN (1120) at time of writing. See if the issue has gone.

_________________
Andrew

OA Server: Windows XP/ XAMPP, Mandriva/Apache, Ubuntu
Auditing: 300+ Wstns, 20+ Srvrs, Thin clients, Linux boxes, Routers, etc
OS's: Windows XP , W2K Srvr, W2K3 Srvr, W2K8, Vista, Windows 7, Linuxes (and a Mac at home)
LDAP: Active Directory


Top
 Profile  
Reply with quote  
PostPosted: Thu Jan 22, 2009 6:07 pm 
Offline
Newbie

Joined: Tue Nov 04, 2008 9:14 pm
Posts: 17
Location: France
A_Hull wrote:
Try the latest SVN (1120) at time of writing.


Thanks for your answer...
I'm really sorry but can you tell me how i can use the latest SVN (is it something to download?) :?
Can you give me more information about this?
I've posted in other place (viewtopic.php?f=10&t=3123&hilit=) in order to know how i can upgrade my Open-Audit version, is there a connection with this?
I want to specify that I work under Linux Debian Etch...

Thanks.


Top
 Profile  
Reply with quote  
PostPosted: Thu Jan 22, 2009 6:51 pm 
Offline
Moderator
User avatar

Joined: Tue Jan 25, 2005 3:09 am
Posts: 2140
Location: Scotland
This FAQ should point you in the right direction.
http://www.open-audit.org/phpBB3/viewtopic.php?f=6&t=1430
If not, let us know. :D

_________________
Andrew

OA Server: Windows XP/ XAMPP, Mandriva/Apache, Ubuntu
Auditing: 300+ Wstns, 20+ Srvrs, Thin clients, Linux boxes, Routers, etc
OS's: Windows XP , W2K Srvr, W2K3 Srvr, W2K8, Vista, Windows 7, Linuxes (and a Mac at home)
LDAP: Active Directory


Top
 Profile  
Reply with quote  
PostPosted: Mon Mar 02, 2009 11:45 pm 
Offline
Newbie

Joined: Tue Nov 04, 2008 9:14 pm
Posts: 17
Location: France
Hi,
I work under Debian Etch, i've download the subversion packet.
But when i realise: "svn-checkout https://open-audit.svn.sourceforge.net/ ... open-audit"
The first time i've seen a list of file and since this, console says only "Revision 1134 exctracted" (i've translate it to english)
Can you say me more about this?

Thanks;


Top
 Profile  
Reply with quote  
PostPosted: Fri Apr 17, 2009 10:38 am 
Offline
Newbie

Joined: Fri Apr 03, 2009 2:37 pm
Posts: 13
Seems the option to audit now has also stopped working for me now that SSL has been implemented. The issue I feel might be related to IE security configuration?


Top
 Profile  
Reply with quote  
PostPosted: Tue Mar 29, 2011 9:30 pm 
Offline
Newbie

Joined: Thu Oct 23, 2008 6:32 pm
Posts: 4
Hi guys!

What about this issue: when https is enabled & "Audit my machine" is not working? I guess there are some problem sending data back to OA server. It gave me error on line 163 which is "http.send" on audit.vbs.

Also I changed manually in OA server URL some http --> https in audit.vbs but still, same error. Cant find any help from forum :(

Thank You,
leizz


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 11 posts ] 

All times are UTC + 10 hours


Who is online

Users browsing this forum: No registered users and 2 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Powered by phpBB® Forum Software © phpBB Group