Open-AudIT :: View topic - Client-issued timestamp can be problematic

Open-AudIT https://www.open-audit.org/phpBB3/

Client-issued timestamp can be problematic https://www.open-audit.org/phpBB3/viewtopic.php?f=8&t=3756	Page 1 of 1

Author:	rsaavedra [ Mon Aug 16, 2010 11:08 pm ]
Post subject:	Client-issued timestamp can be problematic
Not sure if in some cases or scenarios it might be useful or important to keep a timestamp issued by the audited clients, but in my case, it is not useful at all. For the network I work on, the "All Audited Systems" query/report always had some annoying entries that allegedly had been audited in the future! :S This was due to OA saving a timestamp issued by the PCs that run the .vbs (Win) or the .sh (linux) scripts themselves, and not a timestamp issued by the OA server. If the PC had a messed-up date-time setting, then that useless date and time ended up in the OA database and reports. I modified the admin_pc_add_2.php script on the server, so that a server timestamp is stored in the database, and the timestamp sent by the audited PC is completely ignored. After this change, sorting the report of audited systems by date finally makes some sense. Here's the code I added to admin_pc_add_2.php. The $server_timestamp variable is initialized right at the very beginning of the script, and I assign $server_timestamp to $timestamp right after the foreach ($input as $split) loop: [code] //================================================================= // Use a server-issued timestamp, ignore the audited PC's timestamp // By Raul Saavedra, Aug-13, 2010 //================================================================= $now = getdate(); $server_timestamp = $now["year"]; $server_timestamp .= str_pad($now["mon"],2,'0',STR_PAD_LEFT); $server_timestamp .= str_pad($now["mday"],2,'0',STR_PAD_LEFT); $server_timestamp .= str_pad($now["hours"],2,'0',STR_PAD_LEFT); $server_timestamp .= str_pad($now["minutes"],2,'0',STR_PAD_LEFT); $server_timestamp .= str_pad($now["seconds"],2,'0',STR_PAD_LEFT); ... foreach ($input as $split) { ... } $timestamp = $server_timestamp; [/code]

Page 1 of 1	All times are UTC + 10 hours
Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/