Registrations to Open-AudIT forums are now closed. To ask any new questions please visit Opmantek Community Questions.

Open-AudIT

What's on your network?
It is currently Wed Apr 17, 2024 4:48 am

View unanswered posts | View active topics


Board index » Feature Requests

All times are UTC + 10 hours




Forum locked This topic is locked, you cannot edit posts or make further replies.  Page 2 of 4
  [ 60 posts ]  Go to page Previous  1, 2, 3, 4  Next
  Print view Previous topic | Next topic 
Author Message
A_Hull
PostPosted: Wed Sep 23, 2009 7:54 pm 
Offline
Moderator
User avatar

Joined: Tue Jan 25, 2005 3:09 am
Posts: 2140
Location: Scotland
8) This looks too good to leave out of the SVN, can we give it a good testing, and I will incorporate it.

_________________
Andrew

[size=85]OA Server: Windows XP/ XAMPP, Mandriva/Apache, Ubuntu
Auditing: 300+ Wstns, 20+ Srvrs, Thin clients, Linux boxes, Routers, etc
OS's: Windows XP , W2K Srvr, W2K3 Srvr, W2K8, Vista, Windows 7, Linuxes (and a Mac at home)
LDAP: Active Directory[/size]
Top
 Profile  
Reply with quote  
NickBrown
PostPosted: Wed Sep 23, 2009 9:03 pm 
Offline
Contributor

Joined: Fri Jul 28, 2006 6:30 am
Posts: 157
Location: London
Agree - this is good stuff. Hope to get some testing done with it this week.

_________________
Cheers, Nick.

[size=85]OA Server: Windows Server 2003 / Apache 2
Auditing: 1600 Workstations, 200 Servers
OS's: Windows XP / Windows 2000 / Windows 2003 Server / Windows Vista
LDAP: Active Directory[/size]
Top
 Profile  
Reply with quote  
NickBrown
PostPosted: Wed Sep 23, 2009 10:50 pm 
Offline
Contributor

Joined: Fri Jul 28, 2006 6:30 am
Posts: 157
Location: London
Following the Linux install instructions in the README. Have a couple of questions:
[quote]2. run the 'visudo' command, as root, and add the following line to the file ...

www-data ALL= NOPASSWD: /usr/bin/nmap, /var/www/openaudit/scripts/init.d/openaudit-deb

What file am I adding this line to?

[quote]5. Configure/manage Web-Schedule settings from the "Audits" menu in OpenAudIT.
I don't seem to have an "Audits" menu - I downloaded the additional files only - not the full install?

[quote]To force the web interface to use the audit.pl file, and not the binary, rename the binary. If
on linux, rename the 'scripts/audit' file
I don't have an audit file - I have audit.exe, audit.pl (and audit.vbs and audit.config of course)?

_________________
Cheers, Nick.

[size=85]OA Server: Windows Server 2003 / Apache 2
Auditing: 1600 Workstations, 200 Servers
OS's: Windows XP / Windows 2000 / Windows 2003 Server / Windows Vista
LDAP: Active Directory[/size]
Top
 Profile  
Reply with quote  
Chad
PostPosted: Thu Sep 24, 2009 12:33 am 
Offline
Contributor

Joined: Fri Jul 04, 2008 6:46 am
Posts: 153
Location: USA - WI
[quote="NickBrown"]Following the Linux install instructions in the README. Have a couple of questions:
[quote]2. run the 'visudo' command, as root, and add the following line to the file ...

www-data ALL= NOPASSWD: /usr/bin/nmap, /var/www/openaudit/scripts/init.d/openaudit-deb

What file am I adding this line to?

[quote]5. Configure/manage Web-Schedule settings from the "Audits" menu in OpenAudIT.
I don't seem to have an "Audits" menu - I downloaded the additional files only - not the full install?

[quote]To force the web interface to use the audit.pl file, and not the binary, rename the binary. If
on linux, rename the 'scripts/audit' file
I don't have an audit file - I have audit.exe, audit.pl (and audit.vbs and audit.config of course)?

Thanks for the feedback! A few mistakes on my part. The file you need to edit to add that line for linux is the '/etc/sudoers' file. Running visudo from the shell is the safe way to edit this file so you don't bork your user rights since it checks the syntax of the file before actually saving it.

I'm unsure if I should just make it optional to use sudo or not for running the main daemon/service. The problem is that the main script that controls the file needs to write a PID file when it starts and delete it when it's done. The standard PID location on linux cannot be written to by a normal user. So the alternate is to create a directory in the 'openaudit/scripts' then give read/write permissions on that to the web user. Then modify the init script to point to that location for the PID file.

The missing 'audit' file was an oversight on my part =/ . My two builds are scripted and I have the audit.pl file compiling to the SVN folder but I didn't have it copying to the web-schedule only folder. I've fixed this now. Later tonight or tomorrow I'll put up a new version of the files.

However, I've made some more changes lately. I modified audit.vbs to accept named command line parameters. This way you don't need to have an audit.config at all for Windows audits. Just need to put the audit.vbs on a share somewhere and put the UNC path to it in the audit configuration via the web interface.

_________________
OA Server: Debian Squeeze w/ Apache2
Auditing: 700 Workstations, 250 or so Retail Terminals, about 75 Servers
OS's: Windows XP/2003/2008/2008 R2/Vista/7, Debian
LDAP: Active Directory 2008 R2
Top
 Profile  
Reply with quote  
A_Hull
PostPosted: Thu Sep 24, 2009 2:07 am 
Offline
Moderator
User avatar

Joined: Tue Jan 25, 2005 3:09 am
Posts: 2140
Location: Scotland
[quote]
I'm unsure if I should just make it optional to use sudo or not for running the main daemon/service. The problem is that the main script that controls the file needs to write a PID file when it starts and delete it when it's done. The standard PID location on linux cannot be written to by a normal user. So the alternate is to create a directory in the 'openaudit/scripts' then give read/write permissions on that to the web user. Then modify the init script to point to that location for the PID file.


Could you write the PID to the audit server box via a web page and store it in the database? I know its a lot more hastle, but it has the advantages of being OS neutral, and not requiring write access anywhere.

Just a thought.

_________________
Andrew

[size=85]OA Server: Windows XP/ XAMPP, Mandriva/Apache, Ubuntu
Auditing: 300+ Wstns, 20+ Srvrs, Thin clients, Linux boxes, Routers, etc
OS's: Windows XP , W2K Srvr, W2K3 Srvr, W2K8, Vista, Windows 7, Linuxes (and a Mac at home)
LDAP: Active Directory[/size]
Top
 Profile  
Reply with quote  
Chad
PostPosted: Thu Sep 24, 2009 3:28 am 
Offline
Contributor

Joined: Fri Jul 04, 2008 6:46 am
Posts: 153
Location: USA - WI
[quote="A_Hull"]
Could you write the PID to the audit server box via a web page and store it in the database? I know its a lot more hastle, but it has the advantages of being OS neutral, and not requiring write access anywhere.

Just a thought.


I like that idea :) I'll take it a step further and just write the PID to the database when the daemon starts. I can do this right from the Perl script via DBI. When the script shutsdown I can have it set the PID to 0 for that field. That way I can check the field when the script tries to start and it can check if there is really an active PID or not. This would remove the need to try to maintain separate init scripts. I always seem to overlook the more elegant solutions =/

Also, in regards to Nick's question about the menus, you need something like the following in your include_menu_array.php file (I've modified the README already) ...

[code]
"55" => array("name"=>"Audits",
"link"=>"#",
"class"=>"menuparent",
"childs"=>array("10"=>array("name"=>"Manage Audits", "link"=>"./audit_manage.php", "image"=>"images/software.png", "title"=>"",),
"20"=>array("name"=>"Schedule Audit Logs", "link"=>"./list.php?view=audit_logs", "image"=>"images/notes.png", "title"=>"",),
"30"=>array("name"=>"Run Now Audit Logs", "link"=>"./list.php?view=run_now_logs", "image"=>"images/notes.png", "title"=>"",),
"40"=>array("name"=>"Perl Cron Log", "link"=>"./list.php?view=cron_log", "image"=>"images/notes.png", "title"=>"",),
"50"=>array("name"=>"Add Audit Schedule", "link"=>"./audit_schedule.php", "image"=>"images/sched_task_l.png", "title"=>"",),
"60"=>array("name"=>"Add Audit Configuration", "link"=>"./audit_configuration.php", "image"=>"images/o_specialized.png", "title"=>"",),
"70"=>array("name"=>"Edit Audit Commands", "link"=>"./audit_commands.php", "image"=>"images/o_specialized.png", "title"=>"",),
"80"=>array("name"=>"Edit Cron Daemon Settings", "link"=>"./audit_cron_settings.php", "image"=>"images/o_specialized.png", "title"=>"",),
),
),
[/code]

_________________
OA Server: Debian Squeeze w/ Apache2
Auditing: 700 Workstations, 250 or so Retail Terminals, about 75 Servers
OS's: Windows XP/2003/2008/2008 R2/Vista/7, Debian
LDAP: Active Directory 2008 R2
Top
 Profile  
Reply with quote  
Chad
PostPosted: Fri Sep 25, 2009 2:32 am 
Offline
Contributor

Joined: Fri Jul 04, 2008 6:46 am
Posts: 153
Location: USA - WI
Ok, a new version is available at ....

http://chadsikorra.com/dl/oa-ws

Choose one of the ones dated 9-24. I changed the main script so that it doesn't need to write a PID file for linux. This way sudo is not needed to initially configure it or get it working. Both windows and Linux write the PID of the daemon/service to the database now, so they both use the same process to check if the script is already running.

Other notable changes ...

- The default install location of Nmap is checked when the script looks for nmap.exe.
- Altered audit.vbs to allow for named arguments so I don't need to use an audit.config file. I tried to make the change in a way so as to not disrupt any other way audit.vbs would be used
- Included all the patches I've applied against svn in a 'patches' directory.

I'm open to any other suggestions or feedback.

Edit: I currently don't have anything in my code that upgrades the DB when I've altered fields, so you have to manually create/remove the fields if you're going to use the same DB and not start fresh. Sorry about that. Probably something I should change.

_________________
OA Server: Debian Squeeze w/ Apache2
Auditing: 700 Workstations, 250 or so Retail Terminals, about 75 Servers
OS's: Windows XP/2003/2008/2008 R2/Vista/7, Debian
LDAP: Active Directory 2008 R2
Top
 Profile  
Reply with quote  
Chad
PostPosted: Sat Sep 26, 2009 9:22 am 
Offline
Contributor

Joined: Fri Jul 04, 2008 6:46 am
Posts: 153
Location: USA - WI
*sigh* I always forget some mundane detail. It just occured to me that since I changed my audit commands to use audit.vbs with command arguments that I had one of my arguments wrong =/ I had non_ie_url instead of non_ie_page. Was a little confusing looking at my audit logs and seeing that they all seemed to complete and then wondering why my audit activity on my main page was non-existent...lol. Well, fixed that now. Once I finish with some other changes I'll post a copy that works a little better ;)

_________________
OA Server: Debian Squeeze w/ Apache2
Auditing: 700 Workstations, 250 or so Retail Terminals, about 75 Servers
OS's: Windows XP/2003/2008/2008 R2/Vista/7, Debian
LDAP: Active Directory 2008 R2
Top
 Profile  
Reply with quote  
A_Hull
PostPosted: Sun Sep 27, 2009 11:55 pm 
Offline
Moderator
User avatar

Joined: Tue Jan 25, 2005 3:09 am
Posts: 2140
Location: Scotland
Silly question.... does this work with windows, if not could we use cronw or something similar to provide cron for windows....
(http://cronw.sourceforge.net/ the downside is its a bit difficult to install).

I ask because up till now I was experimenting with a linux install, but I just tried it on my Windoze laptop at home... everything was fine till I tried to start the cron daemon... but of course I dont have one...

Also would anybody object if I added the current code to the SVN as is, partly to allow us to use the Ajaxy bits elsewhere.

_________________
Andrew

[size=85]OA Server: Windows XP/ XAMPP, Mandriva/Apache, Ubuntu
Auditing: 300+ Wstns, 20+ Srvrs, Thin clients, Linux boxes, Routers, etc
OS's: Windows XP , W2K Srvr, W2K3 Srvr, W2K8, Vista, Windows 7, Linuxes (and a Mac at home)
LDAP: Active Directory[/size]
Top
 Profile  
Reply with quote  
Chad
PostPosted: Mon Sep 28, 2009 2:04 pm 
Offline
Contributor

Joined: Fri Jul 04, 2008 6:46 am
Posts: 153
Location: USA - WI
[quote="A_Hull"]Silly question.... does this work with windows, if not could we use cronw or something similar to provide cron for windows....
(http://cronw.sourceforge.net/ the downside is its a bit difficult to install).

I ask because up till now I was experimenting with a linux install, but I just tried it on my Windoze laptop at home... everything was fine till I tried to start the cron daemon... but of course I dont have one...

Also would anybody object if I added the current code to the SVN as is, partly to allow us to use the Ajaxy bits elsewhere.


My choice of wording is a bit confusing I think. I changed most of the pages to simply refer to it as a "Web-Schedule Service" or something similar instead of Cron. It may not have started correctly on the windows laptop for a few reasons though. The most likely being that it couldn't start the service it creates. Did it at least create a service correctly, if you ran 'audit.exe --install' ?

I've actually changed it now so that using a windows service to launch the script that manages the schedules is not necessary on Windows. So basically there should be no external configuration necessary if you just want to test it or use it on Linux or Windows. Simply copy the files over and start it up. I've also fixed quite a few issues I found =/

Cronw is actually a project written in Perl based off the Win32::Daemon module. The bad part is that the Win32::Daemon module seems to have been abandoned by its author. It has some pretty big issues that keep it from working correctly with forked processes/threads, and there is no source code to be found for the DLL that controls it all. So, unfortunately, Cronw wont help much =/

If you're looking to just get the little notification box I use, you'll want to commit the async_alerts.js file. It overrides the javascript alert() function to get a neat looking notification box :twisted:

_________________
OA Server: Debian Squeeze w/ Apache2
Auditing: 700 Workstations, 250 or so Retail Terminals, about 75 Servers
OS's: Windows XP/2003/2008/2008 R2/Vista/7, Debian
LDAP: Active Directory 2008 R2
Top
 Profile  
Reply with quote  
Chad
PostPosted: Wed Sep 30, 2009 11:43 am 
Offline
Contributor

Joined: Fri Jul 04, 2008 6:46 am
Posts: 153
Location: USA - WI
Ok, this version seems pretty stable now :) I'd be interested to know how this one works for others.

Full Download (Easiest to test) : http://chadsikorra.com/dl/oa-ws/oa-webs ... 86.tar.bz2
The Web-Schedule files only : http://chadsikorra.com/dl/oa-ws/oa-webs ... 29.tar.bz2

I've tested on Linux and Windows with Apache and it seems to work fine on both. The install process is now very easy, as it only needs external configuration if you want to install audit.exe as a windows service and manage the schedules that way. Otherwise just copy over the files and away you go. One warning though...I modified audit.vbs to accept named arguments. It had support for basic arguments before, but I needed to be able to specify more than it previously allowed. So if you test make sure to use the audit.vbs I've included, otherwise audits won't work. I've included a patches folder with any patches I made to current OpenAudit files.

Full list of changes I made ...


  • Used net_mac_uuid in audit.vbs instead of uuid_type. Fixed so it takes uuid_type as the named argument

  • audit.pl was using argument 'non_ie_url' instead of 'non_ie_page' when calling audit.vbs, this has been fixed

  • audit.pl was using argument 'software' instead of 'software_audit' whencalling audit.vbs, this has been fixed *sigh*

  • Copy-paste error for named arg software_audit in audit.vbs modification

  • audit.pl logs if an audit doesn't post corectly to admin_add_pc_2.php

  • When doing Windows audits you can specify the UUID type (mac,name,uuid)

  • Modified open_audit.sql so it creates tables during setup

  • Modified upgrade.php so it creates tables if someone is upgrading

  • Revamped the audit_command.php page to use the same logic that adding a mysql query on the config page uses.

  • Removed cron_log_level field, as I never ended up using it for what I inteded to

  • Running the script as a service on Windows is now optional. If not checked, the script will launch as a separate process via the start command. This makes the install process for linux and windows pretty much the same. It also makes it possible to run the service using just the audit.pl file and not audit.exe

  • audit.pl mysql logging functions now escape characters that would otherwise cause issues with logging

  • Added smarter logging of commands run against computers. Checks the exit status and logs which commands exited correctly or not

  • The config/schedule tables on audit_manage.php now clear as expected when they are all deleted and are replaced with a link to the page to re-add one

  • corrected the path for the search.php patch

_________________
OA Server: Debian Squeeze w/ Apache2
Auditing: 700 Workstations, 250 or so Retail Terminals, about 75 Servers
OS's: Windows XP/2003/2008/2008 R2/Vista/7, Debian
LDAP: Active Directory 2008 R2
Top
 Profile  
Reply with quote  
Chad
PostPosted: Sun Oct 18, 2009 7:37 am 
Offline
Contributor

Joined: Fri Jul 04, 2008 6:46 am
Posts: 153
Location: USA - WI
I've done a lot of code clean-up on this lately and I fixed a few bugs I noticed. I'm now using $TheApp object to determine the server OS, instead of the function I wrote before. I've moved the SMTP settings from the audit settings page to the admin config area. I did this because SMTP settings are a general configuration and shouldn't be specific to this. I renamed some pages and tables so their name better reflects what they're storing and they don't reference the word 'cron', because there is no need to. Unless you're digging around in the audit.pl script, there isn't really a need to know about cron, which is implemented in Perl in the Schedule::Cron module.

The last thing I want to do yet is to push the main audit settings into the normal admin config area, because there is no need for it to have a dedicated page, especially since I've moved the SMTP settings into the normal config area.

All of the other patches I had included with the previous versions I had posted for download have been merged into SVN (URL redirection at login, search GET vars, AES key fix for Linux). So, it's getting pretty close to being set.

_________________
OA Server: Debian Squeeze w/ Apache2
Auditing: 700 Workstations, 250 or so Retail Terminals, about 75 Servers
OS's: Windows XP/2003/2008/2008 R2/Vista/7, Debian
LDAP: Active Directory 2008 R2
Top
 Profile  
Reply with quote  
A_Hull
PostPosted: Fri Nov 27, 2009 7:38 pm 
Offline
Moderator
User avatar

Joined: Tue Jan 25, 2005 3:09 am
Posts: 2140
Location: Scotland
What is the status of the Linux scheduling etc, I would like to set up and test on my shiny new Ubuntu server. :P

_________________
Andrew

[size=85]OA Server: Windows XP/ XAMPP, Mandriva/Apache, Ubuntu
Auditing: 300+ Wstns, 20+ Srvrs, Thin clients, Linux boxes, Routers, etc
OS's: Windows XP , W2K Srvr, W2K3 Srvr, W2K8, Vista, Windows 7, Linuxes (and a Mac at home)
LDAP: Active Directory[/size]
Top
 Profile  
Reply with quote  
mikeyrb
PostPosted: Tue Dec 01, 2009 1:53 pm 
Now, I haven't looked at this enough to be sure, but I think you may run into issues with storing the PID in the database. Now, I'm guessing it won't be quick enough to really matter, so perhaps this isn't worth the effort, but it really should be an atomic operation to test and check the PID. If this is all manual anyhow, I don't think it will matter, because I know I'm not faster than a SQL server :lol:

Second, a major advantage of placing the PID in the standard location is tmpfs. If you happen to crash, or otherwise shut down improperly, the PID file will not exist on the next boot. As it stands now, you need to exit the script properly or you WILL run into problems. Another problem is that you then have the ability to kill some arbitrary process that is unlucky enough as to get that PID next time if you call stop.
Top
  
Reply with quote  
A_Hull
PostPosted: Wed Dec 02, 2009 12:09 am 
Offline
Moderator
User avatar

Joined: Tue Jan 25, 2005 3:09 am
Posts: 2140
Location: Scotland
If PID is in database and PID is running and PID process is our_taskname then we are OK, otherwise clear PID in database and start now our_taskname process, log new PID in database....

(I thank that covers it.... unless of course I am completely wrong) :twisted:

However I presume the answer to my first question is... its not in the SVN yet... :P

_________________
Andrew

[size=85]OA Server: Windows XP/ XAMPP, Mandriva/Apache, Ubuntu
Auditing: 300+ Wstns, 20+ Srvrs, Thin clients, Linux boxes, Routers, etc
OS's: Windows XP , W2K Srvr, W2K3 Srvr, W2K8, Vista, Windows 7, Linuxes (and a Mac at home)
LDAP: Active Directory[/size]
Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Forum locked This topic is locked, you cannot edit posts or make further replies.  Page 2 of 4
  [ 60 posts ]  Go to page Previous  1, 2, 3, 4  Next

Board index » Feature Requests

All times are UTC + 10 hours


Who is online

Users browsing this forum: No registered users and 2 guests

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Powered by phpBB® Forum Software © phpBB Group