Registrations to Open-AudIT forums are now closed. To ask any new questions please visit Opmantek Community Questions.

Open-AudIT

What's on your network?
It is currently Thu Mar 28, 2024 6:29 pm

All times are UTC + 10 hours




Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 68 posts ]  Go to page Previous  1, 2, 3, 4, 5  Next
Author Message
PostPosted: Thu Jun 12, 2008 8:41 pm 
Offline
Contributor

Joined: Fri Jul 28, 2006 6:30 am
Posts: 157
Location: London
Update: I have got most of this coded - just need to do some work on the GUI, but have been snowed under with work lately. Hopefully I should have a bit more free time starting next week so should be able to make further progress.

Cheers, Nick.

_________________
Cheers, Nick.

[size=85]OA Server: Windows Server 2003 / Apache 2
Auditing: 1600 Workstations, 200 Servers
OS's: Windows XP / Windows 2000 / Windows 2003 Server / Windows Vista
LDAP: Active Directory[/size]


Top
 Profile  
Reply with quote  
PostPosted: Thu Jun 12, 2008 9:54 pm 
Offline
Moderator
User avatar

Joined: Tue Jan 25, 2005 3:09 am
Posts: 2140
Location: Scotland
Look forward to seeing that. :D

_________________
Andrew

[size=85]OA Server: Windows XP/ XAMPP, Mandriva/Apache, Ubuntu
Auditing: 300+ Wstns, 20+ Srvrs, Thin clients, Linux boxes, Routers, etc
OS's: Windows XP , W2K Srvr, W2K3 Srvr, W2K8, Vista, Windows 7, Linuxes (and a Mac at home)
LDAP: Active Directory[/size]


Top
 Profile  
Reply with quote  
PostPosted: Fri Jul 25, 2008 11:02 am 
Offline
Newbie

Joined: Tue Jun 17, 2008 2:11 pm
Posts: 9
this look great, looking forward to what you come up with..


Top
 Profile  
Reply with quote  
PostPosted: Fri Oct 17, 2008 12:17 am 
Offline
Contributor

Joined: Fri Jul 28, 2006 6:30 am
Posts: 157
Location: London
This feature has now been included in the latest SVN (version 1070). I've got some ideas on how to integrate the LDAP functions throughout OpenAudit, but I want to let the dust settle on this update first - a few bugs have already come to light and I'm sure more will follow.

To use the LDAP auditing you'll need to configure LDAP connections and paths on the Admin -> Config -> LDAP page. Then run ldap_audit_script.php from the command-line/shell (make sure your working/current directory is your OpenAudit install directory). For regular auditing I recommend using a scheduled task (or cron).

The results of your audit can be seen using Queries -> All LDAP systems or All LDAP users.

Additionally, you can view changes to your LDAP directories by enabling the option "Display 'LDAP Directory changes' on homepage" on the Admin -> Config -> Homepage page.

Thanks to Andrew (Hull) for helping me get this ironed out.

Cheers, Nick.

_________________
Cheers, Nick.

[size=85]OA Server: Windows Server 2003 / Apache 2
Auditing: 1600 Workstations, 200 Servers
OS's: Windows XP / Windows 2000 / Windows 2003 Server / Windows Vista
LDAP: Active Directory[/size]


Top
 Profile  
Reply with quote  
PostPosted: Fri Oct 17, 2008 12:59 am 
Offline
Contributor

Joined: Fri Sep 28, 2007 12:07 am
Posts: 189
Hi Nick,

Questions by me:

1. What is this used for? Is it only more info on users?
2. Can it query multiple domains?
3. Please define the requirements. I setup a new LDAP connection (which is the same as the one used by OA for details on user/machines). But then I am trying to figure out what a LDAP path is?
4. How often do you recommend running the ldap_audit.script.php? how would you recommend scheduling this with a Windows host?

looking forward to giving this a whirl.

Thanks

Jason

_________________
OA Deployment:
Windows 2003 with XAMPP install
80 Windows Servers
250 Windows workstations (mixed XP and 2000)
5 MACs
Multiple printers, switches, routers, firewalls, and other servers (ESX, AIX etc.)


Top
 Profile  
Reply with quote  
PostPosted: Fri Oct 17, 2008 1:06 am 
Offline
Helper

Joined: Thu Dec 08, 2005 6:33 pm
Posts: 87
Location: Germany, BaW
how should I add a LDAP-Path?
in which format?
I tested it with "ou=1-User", but the path is not shown, still "no LDAP path defined ..."

_________________
OA Deployment:
w2k3 R2 with XAMPP install
Windows Servers incl. VM
Windows workstations (XP and Vista, 7)
Multiple printers, switches, routers, firewalls
ADS 1HQ and 20 branches
-------------------
OAv2
w2k8 R2 with XAMPP install


Top
 Profile  
Reply with quote  
PostPosted: Fri Oct 17, 2008 1:30 am 
Offline
Contributor

Joined: Fri Jul 28, 2006 6:30 am
Posts: 157
Location: London
[quote="jsingh"]Hi Nick,

Questions by me:

1. What is this used for? Is it only more info on users?
2. Can it query multiple domains?
3. Please define the requirements. I setup a new LDAP connection (which is the same as the one used by OA for details on user/machines). But then I am trying to figure out what a LDAP path is?
4. How often do you recommend running the ldap_audit.script.php? how would you recommend scheduling this with a Windows host?

looking forward to giving this a whirl.

Thanks

Jason


1. At this moment its use is to audit changes to your LDAP (Active Directory) accounts - users & computers currently. i.e. what accounts currently exist or have been recently added or deleted.

2. Yes - click on the "New Connection" button to add each domain

3.
An LDAP Connection defines the connection to your LDAP source (domain controller) i.e. sever name and login credentials - click on "New Connection" button to create.
An LDAP path defines which part(s) of your (Active) directory you want to audit - Use "Add New Path" from the drop-down menu that appears as you move over the LDAP Connection that you have created.
In a small environment you might want audit the whole domain, but in my environment I only want to audit a few sub-sections of the whole directory.

An Active Directory example: Domain Name = mydomain.company.com
To audit the whole domain, the LDAP path would be "dc=mydomain,dc=company,dc=com"

Now lets say you have two top-level OUs, US & EMEA, each with a Sales OU and a Marketing OU beneath them.
To audit US Sales and EMEA Marketing only, you would need to add two paths to your connections.
The first would be "ou=sales,ou=us,dc=mydomain,dc=company,dc=com"
The second would be "ou=marketing,ou=emea,dc=mydomain,dc=company,dc=com"

4. I run it twice a day. The command should be <path to PHP.EXE><space><path to ldap_audit_script.php> (mine is "C:\PHP5\php.exe C:\OpenAudit\ldap_audit_script.php"). The "Start in" directory should be the path to your OpenAudit directory.

hope this helps.

Cheers, Nick.

_________________
Cheers, Nick.

[size=85]OA Server: Windows Server 2003 / Apache 2
Auditing: 1600 Workstations, 200 Servers
OS's: Windows XP / Windows 2000 / Windows 2003 Server / Windows Vista
LDAP: Active Directory[/size]


Top
 Profile  
Reply with quote  
PostPosted: Fri Oct 17, 2008 2:11 am 
Offline
Contributor

Joined: Fri Sep 28, 2007 12:07 am
Posts: 189
There is a bug in the Admin>Config>LDAP page

Browser: Firefox 3.0.3

1. If I add one connection, then one path
2. Add another connection

if i select the second connection to add another path, it changes the path for the first connection.

Jason

_________________
OA Deployment:
Windows 2003 with XAMPP install
80 Windows Servers
250 Windows workstations (mixed XP and 2000)
5 MACs
Multiple printers, switches, routers, firewalls, and other servers (ESX, AIX etc.)


Top
 Profile  
Reply with quote  
PostPosted: Fri Oct 17, 2008 3:11 am 
Offline
Contributor

Joined: Fri Jul 28, 2006 6:30 am
Posts: 157
Location: London
[quote="jsingh"]There is a bug in the Admin>Config>LDAP page

Browser: Firefox 3.0.3

1. If I add one connection, then one path
2. Add another connection

if i select the second connection to add another path, it changes the path for the first connection.

Jason


Try changing line 149 of admin_config.js to [code]var domainxml = new XmlRequestor('admin_config_data.php?sub=f6&ldap_connection_id=' + ldap_path_connection_id);[/code]

Cheers, Nick.

_________________
Cheers, Nick.

[size=85]OA Server: Windows Server 2003 / Apache 2
Auditing: 1600 Workstations, 200 Servers
OS's: Windows XP / Windows 2000 / Windows 2003 Server / Windows Vista
LDAP: Active Directory[/size]


Top
 Profile  
Reply with quote  
PostPosted: Fri Oct 17, 2008 6:37 am 
Offline
Contributor

Joined: Fri Jul 28, 2006 6:30 am
Posts: 157
Location: London
These are the known issues in SVN 1070 and proposed fixes:

upgrade.php - replace lines 441 to 450 with:
[code]DROP TABLE IF EXISTS `log`;
CREATE TABLE `log` (
`log_id` int(10) unsigned NOT NULL auto_increment,
`log_timestamp` varchar(45) NOT NULL,
`log_message` varchar(1024) NOT NULL,
`log_severity` int(10) unsigned NOT NULL,
`log_module` varchar(128) NOT NULL,
`log_function` varchar(128) NOT NULL,
PRIMARY KEY (`log_id`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1;";

[/code]
open_audit.sql - replace lines 1250 to 1259:
[code]DROP TABLE IF EXISTS `log`;
CREATE TABLE `log` (
`log_id` int(10) unsigned NOT NULL auto_increment,
`log_timestamp` varchar(45) NOT NULL,
`log_message` varchar(1024) NOT NULL,
`log_severity` int(10) unsigned NOT NULL,
`log_module` varchar(128) NOT NULL,
`log_function` varchar(128) NOT NULL,
PRIMARY KEY (`log_id`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1;
[/code]

Line 384 of upgrade.php reads:
[code]upgrade ($version,"08.10.07", $sql);
[/code]And needs replacing with:
[code]upgrade ($version,"08.06.06", $sql);
$sql = "ALTER TABLE `memory` ADD COLUMN `memory_tag` varchar(256) NOT NULL default '' AFTER `memory_speed`";
upgrade ($version,"08.07.23", $sql);
[/code]

Line 149 of admin_config.js needs changing to:
[code]var domainxml = new XmlRequestor('admin_config_data.php?sub=f6&ldap_connection_id=' + ldap_path_connection_id);
[/code]

Line 205 of system.php reads:
[code]$show_value = special_field_converting($myrow, $field, $db, "system");
[/code]And needs to be:
[code]$show_value = ConvertSpecialField($myrow, $field, $db, "system");
[/code]

Line 230 of system_export.php reads:
[code]$show_value_2 = special_field_converting($myrow, $field, $db, "system");
[/code]But should be:
[code]$show_value_2 = ConvertSpecialField($($myrow, $field, $db, "system");
[/code]

Bear in mind that not all these "fixes" have been fully tested yet.

Cheers, Nick.

_________________
Cheers, Nick.

[size=85]OA Server: Windows Server 2003 / Apache 2
Auditing: 1600 Workstations, 200 Servers
OS's: Windows XP / Windows 2000 / Windows 2003 Server / Windows Vista
LDAP: Active Directory[/size]


Top
 Profile  
Reply with quote  
PostPosted: Fri Oct 17, 2008 8:13 pm 
Offline
Open-AudIT Fellow

Joined: Thu May 17, 2007 5:47 pm
Posts: 568
Location: Italy
Sorry guys for not having supported your efforts. I Added all above mods to SVN 1071, plus a fix to ldap_login.php as suggested at viewtopic.php?f=8&t=3002.
Thanks to Andrew and Nick for your excellent work and to Jason for help testing.

_________________
Edoardo


Top
 Profile  
Reply with quote  
PostPosted: Fri Oct 17, 2008 8:43 pm 
Offline
Moderator
User avatar

Joined: Tue Jan 25, 2005 3:09 am
Posts: 2140
Location: Scotland
Thanks for that, looking good now, sorry I vanished off the radar for a day or so there, was up to my neck in other stuff.

Still bug hunting (ver 08.10.09) but its looking pretty good. Will update my live install in time for the lunchtime scan if I don't find any corkers before then.

_________________
Andrew

[size=85]OA Server: Windows XP/ XAMPP, Mandriva/Apache, Ubuntu
Auditing: 300+ Wstns, 20+ Srvrs, Thin clients, Linux boxes, Routers, etc
OS's: Windows XP , W2K Srvr, W2K3 Srvr, W2K8, Vista, Windows 7, Linuxes (and a Mac at home)
LDAP: Active Directory[/size]


Top
 Profile  
Reply with quote  
PostPosted: Fri Oct 17, 2008 8:47 pm 
Offline
Contributor

Joined: Fri Sep 28, 2007 12:07 am
Posts: 189
no problemo gents, it's my pleasure, after all the work and support you guys provide :)

one other thing, this new LDAP audit just logs info to the "Event Viewer", with severity level "3", but does not show any changes. When I run the script manually it also runs in debug mode, with a result "0xff". I think a normal successful run has a result of "0x0".

thanks

Jason

_________________
OA Deployment:
Windows 2003 with XAMPP install
80 Windows Servers
250 Windows workstations (mixed XP and 2000)
5 MACs
Multiple printers, switches, routers, firewalls, and other servers (ESX, AIX etc.)


Top
 Profile  
Reply with quote  
PostPosted: Fri Oct 17, 2008 8:59 pm 
Offline
Moderator
User avatar

Joined: Tue Jan 25, 2005 3:09 am
Posts: 2140
Location: Scotland
"Nick, yer a genius!" as they say in this part of the world, and thanks to Edoardo for adding the patches to the SVN.

It all looks good, I set up the LDAP stuff first shot that time, (no password issue as before).

Ran the ldap audit script ( ldap_audit_script.php) from the browser, (http://{openaudit_server}/openaudit/ ldap_audit_script.php) and it worked like a charm.

Am going to try auditing the remote ldaps next. I'll keep you posted.

BTW can we add an "Audited" flag to the viewdef, so we can see if the machines we find in the ldap also exists in the audit database.
Also I like the logging function, was thinking of adding a log form, so the audit.vbs script can log back to the server, any thoughts?

I would also like to add a few more of the ldap details to the database (thing like department, address, phone numbers... in fact most of the useful fields) so that I can report
this info and tell if someone has been "fiddling" with things. In short ... 8) !

_________________
Andrew

[size=85]OA Server: Windows XP/ XAMPP, Mandriva/Apache, Ubuntu
Auditing: 300+ Wstns, 20+ Srvrs, Thin clients, Linux boxes, Routers, etc
OS's: Windows XP , W2K Srvr, W2K3 Srvr, W2K8, Vista, Windows 7, Linuxes (and a Mac at home)
LDAP: Active Directory[/size]


Top
 Profile  
Reply with quote  
PostPosted: Fri Oct 17, 2008 9:14 pm 
Offline
Contributor

Joined: Fri Jul 28, 2006 6:30 am
Posts: 157
Location: London
Andrew,

If you look at the system names in the viewdef - systems that have been audited are hyperlinked, those that haven't been aren't.

Cheers, Nick.

_________________
Cheers, Nick.

[size=85]OA Server: Windows Server 2003 / Apache 2
Auditing: 1600 Workstations, 200 Servers
OS's: Windows XP / Windows 2000 / Windows 2003 Server / Windows Vista
LDAP: Active Directory[/size]


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 68 posts ]  Go to page Previous  1, 2, 3, 4, 5  Next

All times are UTC + 10 hours


Who is online

Users browsing this forum: No registered users and 2 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group