Registrations to Open-AudIT forums are now closed. To ask any new questions please visit Opmantek Community Questions.

Open-AudIT

What's on your network?
It is currently Thu Mar 28, 2024 6:41 pm

All times are UTC + 10 hours




Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 6 posts ] 
Author Message
 Post subject: FAQ Topic Added
PostPosted: Sun Dec 07, 2008 4:57 am 
Offline
Newbie

Joined: Sat Nov 22, 2008 1:26 am
Posts: 12
Request for the addition of a brief description for looking up custom registry keys, specifically dealing with the audit_custom_software.inc file.

I spent three days re-writing and tweaking the audit.vbs and admin_pc_add_2.php to read a few registry keys. I got everything working, and then stumbled on audit_custom_software.inc! It was already done by others. :o

I learned a ton about the scripts and sql queries, but I'd like to save others the same "oh crap no way" experience.


Top
 Profile  
Reply with quote  
 Post subject: Re: FAQ Topic Added
PostPosted: Sun Dec 07, 2008 11:45 pm 
Offline
Moderator
User avatar

Joined: Tue Jan 25, 2005 3:09 am
Posts: 2140
Location: Scotland
If you have the time, now that you are a bit of an expert :wink: could you draft me your experiences, and I will stick them in the FAQ section, with any additional info I can think of. Thanks.

_________________
Andrew

[size=85]OA Server: Windows XP/ XAMPP, Mandriva/Apache, Ubuntu
Auditing: 300+ Wstns, 20+ Srvrs, Thin clients, Linux boxes, Routers, etc
OS's: Windows XP , W2K Srvr, W2K3 Srvr, W2K8, Vista, Windows 7, Linuxes (and a Mac at home)
LDAP: Active Directory[/size]


Top
 Profile  
Reply with quote  
 Post subject: Re: FAQ Topic Added
PostPosted: Tue Dec 09, 2008 6:23 am 
Offline
Newbie

Joined: Sat Nov 22, 2008 1:26 am
Posts: 12
I'll definitely write up a guide on this. Will have it posted here in a few days.


Top
 Profile  
Reply with quote  
 Post subject: Re: FAQ Topic Added
PostPosted: Tue Dec 09, 2008 7:53 am 
Offline
Newbie

Joined: Sat Nov 22, 2008 1:26 am
Posts: 12
Subject: Custom Software Registry Searching

Open-Audit contains a simple method for logging registry keys as software. This uses existing code to read a registry key and place it into the database under the Software table. This topic covers what's going on, how to do it ourself, and how to view the data.

1. WHAT'S HAPPENING / DO IT OURSELF.
In the scripts folder of your open-audit you should find a file named audit_custom_software.inc, by default it contains two examples. Around line 2578 of the audit.vbs is a section (' Include customer specific audits) that calls the code in the audit_custom_software.inc to run. As such, our audit_custom_software.inc needs to be stored in the same directory as our audit.vbs. To get started, I've listed the code to log a key for Mcafee's Network Associates Engine Definition.

[code]
' McAffe Engine-Version to the Software Register
strKeyPath = "SOFTWARE\Network Associates\TVD\VirusScan Enterprise\CurrentVersion"
strValueName = "szEngineVer"
display_name = "McAfee Engine-Definition-Version"
oReg.GetStringValue HKEY_LOCAL_MACHINE,strKeyPath,strValueName,McAfeeVirEng_Version
form_input = "software^^^" & display_name & "^^^" _
& McAfeeVirEng_Version & "^^^" _
& "" & "^^^" _
& "" & "^^^" _
& OSInstall & "^^^" _
& "McAfee^^^^^^^^^^^^^^^^^^" _
& "" & "^^^" _
& "" & "^^^" _
& "http://www.mcafee.com" & "^^^ "
entry form_input,comment,objTextFile,oAdd,oComment
form_input = ""
[/code]

[color=#0000BF]strKeyPath[/color] is our base key folder.
[color=#0000BF]szEngineVer[/color] is the registry key we want.
[color=#0000BF]display_name[/color] is what we will register the key's label as in our database.
[color=#0000BF]oReg.GetString...[/color] simply pulls the key from the registry.
The rest formats the data into a string and adds it to our xml. The software table has numerous columns, which is why we have so many blank sections. If desired, you could move the data into a different column.

[color=#00BF00](TIP - ^^^ is what open-audit uses to keep the data seperated)[/color]

From here, you can just edit what values you want to read into the database, save the file, and test it on something. I like to have the database open in a viewer like phpmyadmin so I can verify it copied the data correctly. Just browse the software category.

2. VIEWING THE DATA

No point in writing data to the database without viewing it. You need two things to view it in open-audit; a query to read the data and a link in the menu to use the query. Both are explained at [url]http://www.open-audit.org/phpBB3/viewtopic.php?f=6&t=2545[/url].

[color=#00BF00]Tip: Define the correct path in the menu link.

(Example)
CORRECT: link.view=all_systems_virus_uptodate_test
INCORRECT: link.view=list_viewdef_all_systems_virus_uptodate_test.php[/color]


Top
 Profile  
Reply with quote  
 Post subject: Re: FAQ Topic Added
PostPosted: Tue Feb 03, 2009 8:52 am 
Offline
Newbie

Joined: Sat Nov 22, 2008 1:26 am
Posts: 12
Andrew, in this viewtopic.php?f=10&t=3134 thread we found an issue with the custom registry FAQ post you created for me.

Could you change the FAQ's section above the first tip...
[quote]oReg.GetString... simply pulls the key from the registry.
The rest formats the data into a string and adds it to our xml. The software table has numerous columns, which is why we have so many blank sections. If desired, you could move the data into a different column.


to...
[quote]oReg.GetStringValue... pulls the string from the registry. If you are pulling a different data value (IE DWORD, Binary) then you will need to tweak this.
Strings = GetSTRINGValue
Dword = GetDWORDValue
Binary = GetBINARYValue

The rest formats the data into a string and adds it to our xml. The software table has numerous columns, which is why we have so many blank sections. If desired, you could move the data into a different column.

Top
 Profile  
Reply with quote  
 Post subject: Re: FAQ Topic Added
PostPosted: Tue Feb 03, 2009 11:32 pm 
Offline
Moderator
User avatar

Joined: Tue Jan 25, 2005 3:09 am
Posts: 2140
Location: Scotland
Thanks, changed the FAQ, can you check it over for me now. :D

_________________
Andrew

[size=85]OA Server: Windows XP/ XAMPP, Mandriva/Apache, Ubuntu
Auditing: 300+ Wstns, 20+ Srvrs, Thin clients, Linux boxes, Routers, etc
OS's: Windows XP , W2K Srvr, W2K3 Srvr, W2K8, Vista, Windows 7, Linuxes (and a Mac at home)
LDAP: Active Directory[/size]


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 6 posts ] 

All times are UTC + 10 hours


Who is online

Users browsing this forum: No registered users and 2 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group