Open-AudIT

What's on your network?
It is currently Thu Jan 18, 2018 10:07 am

All times are UTC + 10 hours




Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 23 posts ]  Go to page 1, 2  Next
Author Message
PostPosted: Thu Sep 16, 2010 10:55 am 
Offline
Newbie

Joined: Sat Sep 11, 2010 4:53 pm
Posts: 11
Please let me know if I am offending anyone by posting this note. I am looking for someone to help me give me a hand with OA. The hourly rate is $55.00 P/hr via paypal.

The gig:
I am running win Server 08 R2 domain, with 60+ win7Pro /vistaPro/XPpro.
I installed OA, but having an issue with auditing the LAN, I only can audit my own machine.
The goal:
Is to audit all machines and be able run a report on all installed software and software keys.

Please let me know if anyone is interested in this gig...I would like to help the Open source community.


Thanks
--Sammy


Top
 Profile  
Reply with quote  
PostPosted: Fri Sep 24, 2010 2:27 am 
Offline
Newbie

Joined: Fri Sep 24, 2010 2:24 am
Posts: 6
Did you ever get your issues resolved? If not, I may be able to help. I'm not really interested in they pay, but I would be willing to take a quick stab at the issue and see if I can help you out.


Top
 Profile  
Reply with quote  
PostPosted: Wed Sep 29, 2010 7:06 am 
Offline
Contributor
User avatar

Joined: Thu Mar 02, 2006 4:41 am
Posts: 180
Location: Massachusetts
I might be able to help for free if you post more info on this thread. What are the errors you encounter? Did you install OA on a windows box? How did you get MySQL/Apache/PHP installed? xampp or WAMP server seem to be easiest way for installing OA on a Windows box.

_________________
Server Info: running on a CentOS 7 vm
OA Version: 2.0.6 @ 500 devices


Top
 Profile  
Reply with quote  
PostPosted: Wed Sep 29, 2010 7:24 am 
Offline
Newbie

Joined: Sat Sep 11, 2010 4:53 pm
Posts: 11
I'm using xampp on WinSer 2008.
All installed fine and I can audit my self (the localhost), but not the entire domain.
This is the error I got when I ran "cscript audit.vbs" from the Ms-DOS terminal:

c:\xampp\htdocs\openaudit\scripts>cscript firewall_allow.vbs
c:\xampp\htdocs\openaudit\scripts>cscript audit.vbs
Microsoft (R) Windows Script Host Version 5.7
Copyright (C) Microsoft Corporation. All rights reserved.
c:\xampp\htdocs\openaudit\scripts\audit.vbs(429, 3) Provider: Table does not exist.
c:\xampp\htdocs\openaudit\scripts>

Thanks


Top
 Profile  
Reply with quote  
PostPosted: Wed Sep 29, 2010 10:14 am 
Offline
Moderator

Joined: Fri Jul 20, 2007 8:27 am
Posts: 1224
Which version of OpenAudit are you on? SVN revision or database version. The version displays on the home screen just under the Search - Go button.

Post your audit.config file with any passwords removed.

I seem to remember a previous user with a similar error.


Top
 Profile  
Reply with quote  
PostPosted: Wed Sep 29, 2010 10:44 am 
Offline
Newbie

Joined: Sat Sep 11, 2010 4:53 pm
Posts: 11
Version 09.12.23/SVN1233

'
' Standard audit section
'
audit_location = "r"
verbose = "y"
audit_host="http://server.mydomain.net"
online = "yesxml"
strComputer = "."
ie_visible = "n"
ie_auto_submit = "y"
ie_submit_verbose = "n"
ie_form_page = audit_host + "/openaudit/admin_pc_add_1.php"
non_ie_page = audit_host + "/openaudit/admin_pc_add_2.php"
input_file = ""

'
' Email authentication
'
'

email_to = "user@domain"
email_from = "user@domain"
'email_sender = "Open-AudIT"
email_server = "aaa.bbb.ccc.ddd" ' IP address or FQDN
email_port = "25" ' The SMTP port
email_auth = "1" ' 0 = Anonymous, 1 = Clear-text Authentication, 2 = NTLM
email_user_id = "user@domain" ' A valid Email account in user@domain format
email_user_pwd = "abc123" ' The SMTP email password
email_use_ssl = "false" ' True/False
email_timeout = "60" ' In seconds
send_email = "false" ' True/False - Enable/Disable email sending

audit_local_domain = "y"
'
random_order = false ' Set true to audit in a random order to try to ensure traffic is spread if using slow WAN links.

'
' Set domain_type = 'nt' for NT4 or SAMBA otherwise leave blank or set to ldap
'domain_type = "nt"

local_domain = "LDAP://server.mydomain.net"

'
' Example Set Domain name for NT ONLY for LDAP use the above format
' NOTE This is Case Sensetive. See the example below.
'
'local_domain = "WinNT://IEXPLORE"
'local_domain = "WinNT://<domainname>"
'

hfnet = "n"
Count = 0
number_of_audits = 10
script_name = "audit.vbs"
monitor_detect = "y"
printer_detect = "y"
software_audit = "y"
uuid_type = "uuid"
'
' Nmap section
'
nmap_tmp_cleanup = true ' Set this false if you want to leave the tmp files for analysis in your tmp folder
nmap_subnet = "192.168.0." ' The subnet you wish to scan
nmap_subnet_formatted = "192.168.000." ' The subnet padded with 0's
nmap_ie_form_page = audit_host + "/openaudit/admin_nmap_input.php"
nmap_ie_visible = "n"
nmap_ie_auto_close = "y"
nmap_ip_start = 1
nmap_ip_end = 254
nmap_syn_scan = "n" ' Tcp Syn scan
nmap_udp_scan = "n" ' UDP scan
nmap_srv_ver_scan = "n" ' Service version detection.
nmap_srv_ver_int = 0 ' Service version detection intensity level. Values 0-9, 0=fast


Top
 Profile  
Reply with quote  
PostPosted: Fri Oct 01, 2010 3:03 am 
Offline
Contributor
User avatar

Joined: Thu Mar 02, 2006 4:41 am
Posts: 180
Location: Massachusetts
You need to change the domain setting to your environment, like this:

local_domain = "LDAP://DC=company,DC=com"

Be sure to be logged in with domain admin account or an account that has local admin privileges on all systems in your domain

_________________
Server Info: running on a CentOS 7 vm
OA Version: 2.0.6 @ 500 devices


Top
 Profile  
Reply with quote  
PostPosted: Fri Oct 01, 2010 8:14 am 
Offline
Moderator

Joined: Fri Jul 20, 2007 8:27 am
Posts: 1224
Somehow I get away with

local_domain = "LDAP://mydomain.com"

If you're doing a domain audit anyway you can set

strComputer = ""

This way you're not auditing the host every time you run a domain audit because it should be audited in the domain audit.


Top
 Profile  
Reply with quote  
PostPosted: Mon Oct 04, 2010 4:43 pm 
Offline
Newbie

Joined: Sat Sep 11, 2010 4:53 pm
Posts: 11
Thank you all for your reply. I changed the LDAP string to my domain name. But I still get the same error.

C:\xampp\htdocs\openaudit\scripts>cscript audit.vbs
Microsoft (R) Windows Script Host Version 5.7
Copyright (C) Microsoft Corporation. All rights reserved.

C:\xampp\htdocs\openaudit\scripts\audit.vbs(429, 3) Provider: Table does not exist.


Top
 Profile  
Reply with quote  
PostPosted: Tue Oct 05, 2010 4:41 pm 
Offline
Moderator

Joined: Fri Jul 20, 2007 8:27 am
Posts: 1224
What exactly did you set local_domain equal to?

Are you sure you're auditing as a user with sufficient rights?


Top
 Profile  
Reply with quote  
PostPosted: Wed Oct 06, 2010 8:12 am 
Offline
Newbie

Joined: Sat Sep 11, 2010 4:53 pm
Posts: 11
I am auditing as a user with an admin credentials. and also tried administrator.

Here is what I have tried:
(first time) LDAP://myservername.mydomainname.net (no go)

Then I changed it to:
local_domain = "LDAP://DC=mycompanyDomainName,DC=net" (no go)
(mydomain name is .net not .com)

strComputer = ""


You know I have noticed "audit my machine" audits don't include any software keys results. I'm wondering if this is something is native to Windows Server 2008 - UAC (User Account Control) issue. Has anyone tested on Win 2008/Stdr2 server, and any issues?
-----


Top
 Profile  
Reply with quote  
PostPosted: Wed Oct 06, 2010 10:22 am 
Offline
Moderator

Joined: Fri Jul 20, 2007 8:27 am
Posts: 1224
What do you get if you put the following in a test.vbs file and cscript it on the same computer you're auditing from.

Code:
on error resume next

Const ADS_SCOPE_SUBTREE = 2

Set objRootDSE = GetObject("LDAP://RootDSE")
strDNSDomain = objRootDSE.Get("DefaultNamingContext")

wscript.echo "Domain: " & strDNSDomain & vbCrLF
local_domain = "LDAP://" & strDNSDomain

Set objConnection = CreateObject("ADODB.Connection")
Set objCommand =   CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
Set objCOmmand.ActiveConnection = objConnection
objCommand.CommandText = "Select Name, Location from '" & local_domain & "' Where objectClass='computer'"
objCommand.Properties("Page Size") = 1000
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE
objCommand.Properties("Sort On") = "name"
Set objRecordSet = objCommand.Execute

if  Err.Number <> 0 then   
    wscript.echo "Exception:" & vbCrLf & _
        "    Error number: " & Err.Number & vbCrLf & _
        "    Error description: '" & Err.Description
    wscript.quit
end if

objRecordSet.MoveFirst

Do Until objRecordSet.EOF
  On Error Resume Next
  wscript.echo "Name:" & objRecordSet.Fields("Name").Value
  objRecordSet.MoveNext
Loop


Top
 Profile  
Reply with quote  
PostPosted: Wed Oct 06, 2010 10:36 am 
Offline
Newbie

Joined: Sat Sep 11, 2010 4:53 pm
Posts: 11
Works?

C:\xampp\htdocs\openaudit\scripts>
C:\xampp\htdocs\openaudit\scripts>cscript test.vbs
Microsoft (R) Windows Script Host Version 5.7
Copyright (C) Microsoft Corporation. All rights reserved.

Domain: DC=MYdomainXXXX,DC=net

Name:ACENDITEST1
Name:ACORONA-PC
Name:ALFREDO-PC
Name:ATRAN-LAPTOP
Name:BLUE-PC
Name:BUILD1
Name:BUILD2
Name:CAL-PC
Name:CASS-PC
Name:CFRANK2-PC
Name:CHAD-PC
Name:CHRIS-PC
Name:CHRISTIAN-LAPTO
Name:CM7-LAPTOP
Name:CMD430A
Name:CM-NETBOOK
Name:CREED-PC
Name:CREIGHTON-PC
Name:CTHOMAS-PC
Name:DAN-PC
Name:DAVIDBAGA-PC
Name:DAVID-PC
Name:DB1
Name:DBAGA-PC
Name:DDS-PC
Name:DERRICK-PC
Name:DEVSERVER1
Name:DNYE-PC
Name:DSI-PC
Name:DSRINIVASAN-PC
Name:DYOO-PC
Name:ERIN-BOX
Name:EROOMC410
Name:EROOMC-INSPIRON
Name:EXCHANGE1
Name:FLOATER1-PC
Name:FRANCISCO-PC
Name:GANI-PC
Name:GARY-PC
Name:GUESTPC1
Name:HREICH-PC
Name:HYPERVISOR
Name:IGOR-LAPTOP
Name:INTRANET
Name:JENMAZZON-RL
Name:JENNY-LAPTOP
Name:JGREENHOUGH-PC
Name:JKRAFCHIN-PC
Name:JPAULUS-PC
Name:JSCHERER-PC
Name:JULIANA-LAPTOP
Name:JWHELAN-PC
Name:KKELENSON-PC
Name:KMAGUID-NB
Name:KMGUID-PC
Name:LTANG-LAPTOP
Name:LT-DESKTOP
Name:LTHOMAS-PC
Name:MARK-PC
Name:MFORD-LAPTOP
Name:MFORD-PC
Name:MICHAEL-PC
Name:MKAUFMAN-LAPTOP
Name:MONIQUE-LAPTOP
Name:OCALLEJAS-PC
Name:PETE-PC
Name:PRANAV-PC
Name:RAVI-PC
Name:RCARPENTER-PC
Name:RCARRARO-NB
Name:REPORTING01
Name:RLDC1
Name:RLDC2
Name:RL-ELOY-VM
Name:RL-LAPTOP1
Name:RL-LAPTOP-1
Name:RL-PC1
Name:RLSERVER1
Name:RLSERVER2
Name:RLSRV1
Name:RLSRV2
Name:RLSRV3
Name:RLSRV4
Name:RLTEST01
Name:RLUSER7273-PC
Name:ROB-LAPTOP
Name:SASHA-LAPTOP
Name:SCANNERPC
Name:SCHARAN-PC
Name:SHAN-PC
Name:SLAVELLE-PC
Name:SPAGE-PC
Name:SRAMAN-PC
Name:SUPPORT1
Name:SVOLKOV-PC
Name:TATTENHOFER-PC
Name:TEAMSERVER
Name:TOMERA-PC
Name:TPRICE-LAPTOP
Name:USER3-PC
Name:USER-PC
Name:VERONICA-PC
Name:VGARBER-PC
Name:W2008T01
Name:XPPROVM1
Name:YSIMMONS-PC

C:\xampp\htdocs\openaudit\scripts>


Top
 Profile  
Reply with quote  
PostPosted: Thu Oct 07, 2010 1:32 am 
Offline
Moderator

Joined: Fri Jul 20, 2007 8:27 am
Posts: 1224
That's interesting. Your audit.config file has a local_domain value of "LDAP://" followed by whatever is in the Domain line of the output from my test script?
LimeTech wrote:
Domain: DC=MYdomainXXXX,DC=net


becomes
Code:
local_domain = "LDAP://DC=MYdomainXXXX,DC=net"


Top
 Profile  
Reply with quote  
PostPosted: Sat Oct 09, 2010 4:00 am 
Offline
Newbie

Joined: Sat Sep 11, 2010 4:53 pm
Posts: 11
I changed it to local_domain = "LDAP://DC=MYdomainXXXX,DC=net"
and ran the cscript but the same results. The funny thing that I added audit.vbs on the GPL to execute on users login and it seems to work fine, but I can run from the server.

I am thinking to ditch the whole directory and reinstall open-audit. any thoughts?

Thanks!!


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 23 posts ]  Go to page 1, 2  Next

All times are UTC + 10 hours


Who is online

Users browsing this forum: No registered users and 2 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group