Open-AudIT

What's on your network?
It is currently Thu Jan 18, 2018 5:39 am

All times are UTC + 10 hours




Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 8 posts ] 
Author Message
 Post subject: Latest build from SVN
PostPosted: Thu Oct 19, 2006 2:37 am 
Offline
Newbie

Joined: Thu Oct 19, 2006 2:31 am
Posts: 4
Hello all, first let me start with thank you all for creating this software, I've been using and SVN'ing since the inital release. So keep up the good work.

Now to the question, with the last build I've ran an audit, and I am "re-discovering" machines that existed before, and my machine count is effectively doubling, is there either A) a way to purge the db and just reaudit my domain or B) a method of matching machines based on UUID's.

Thanks ALL!!

Aaron Navratil


Top
 Profile  
 
 Post subject:
PostPosted: Thu Oct 19, 2006 3:02 am 
Offline
Moderator

Joined: Sat Mar 04, 2006 2:44 am
Posts: 193
Have you changed the variable
uuid_type
in audit.config?

Actually I've just looked at subversion and it's been updated in subversion from uuid to mac in september.

If you were using uuid_type="uuid" before then I think your best option is to probably delete all the duplcates as follows (if you only have a few):
Admin -> Delete System

Hover the mouse over the Delete button and look at the target link shown at the bottom of the browser. Delete the one which has a mac address.

Now change your audit.config back to uuid and carry on auditing.

Hmm, hope that made sense.

If you have a lot of duplicates then let me know and I'll work out a quicker way.


Top
 Profile  
 
 Post subject:
PostPosted: Thu Oct 19, 2006 3:10 am 
Offline
Newbie

Joined: Thu Oct 19, 2006 2:31 am
Posts: 4
YES!!! you are exactly right!!!!
It was previously UUID and now of course it reads "mac" is there a preferred method of the two?

Additionally there is now 518 duplicates, so deleting 1 by 1 would be incredibly tme consuming, I'm ok with a purge or any suggestions you have to to offer, Thanks so much for the rapid response!

Aaron Navratil


Top
 Profile  
 
 Post subject:
PostPosted: Thu Oct 19, 2006 3:20 am 
Offline
Moderator

Joined: Sat Mar 04, 2006 2:44 am
Posts: 193
My first suggestion would be please take regular backups of the database so you can roll back. If you use linux setup a nightly cron job that does something like the following

Code:
/usr/bin/find /root -name openaudit-backup\* -ctime +14 -exec rm {} \;
/usr/bin/mysqldump  --host=localhost --user=openbackup --password=password openaudit > /root/openaudit-backup-`date +%F`.sql


I'll try and write you a quick script that will automatically purge the duplicates for you if you like?


Top
 Profile  
 
 Post subject:
PostPosted: Thu Oct 19, 2006 3:25 am 
Offline
Newbie

Joined: Thu Oct 19, 2006 2:31 am
Posts: 4
d.l.dave: Thanks for your rapid replies! Backups!?! You mean I'm supposed to take backups! I will now start taking them nightly, I'm running on windows, but I'll take your advice and modify your cron entries for "Windows Scheduler"

But in the mean time and if it's not too much trouble for you to whip up a script to remove duplicates I'd be forever indebted. Thanks again!

Aaron Navratil


Top
 Profile  
 
 Post subject:
PostPosted: Thu Oct 19, 2006 5:21 am 
Offline
Moderator

Joined: Sat Mar 04, 2006 2:44 am
Posts: 193
Okay. I'll see what I can put together. Give me a bit.


Top
 Profile  
 
 Post subject:
PostPosted: Thu Oct 19, 2006 6:29 am 
Offline
Moderator

Joined: Sat Mar 04, 2006 2:44 am
Posts: 193
Here's a simple hack of a page that should do it for you. It's based on the delete_system.php so I didn't have to do any work!

It basically runs a query that looks for uuid's that look like mac addresses. For each one it finds it runs pretty much the same code that delete_system.php does.

1. Backup your database. Use mysqldump or something reliable.
2. Save the code below in to a file in the open audit web directory
3. open the page from a browser
4. Check it doesn't die removing anything (if one of the queries fails it won't carry on and try to remove the rest)
5. Don't blame me if it doesn't work or the code sets your cat on fire or whatever :-)

Code:
<?php
include "include_config.php";

    $link = mysql_connect($mysql_server, $mysql_user, $mysql_password) or die("Could not connect");
    mysql_select_db("$mysql_database") or die("Could not select database");
   
    $newquery = "SELECT system_uuid from SYSTEM where system_uuid like '__:__:__:__:__:__'";
    $result = mysql_query($newquery)  or die("Query failed to retrieve uuids of systems with mac type uuid'.");
   
    while ($myrow = mysql_fetch_row($result)){
       echo "About do delete: " . $myrow[0] . "<br />";
       delete_system($myrow[0]);
       
    }
     
    function delete_system($system_uuid) {
    $query = "select system_name from system where system_uuid='$system_uuid'";
    $result = mysql_query($query) or die("Query failed at retrieve system name stage.");
    $myrow = mysql_fetch_array($result);
    $name = $myrow['system_name'];

    $query = "DELETE FROM battery WHERE battery_uuid = '$system_uuid'";
    $result = mysql_query($query)  or die("Query failed at insert stage. battery");

    $query = "DELETE FROM bios WHERE bios_uuid = '$system_uuid'";
    $result = mysql_query($query)  or die("Query failed at insert stage. browser_helper_objects");

    $query = "DELETE FROM browser_helper_objects WHERE bho_uuid = '$system_uuid'";
    $result = mysql_query($query)  or die("Query failed at insert stage. browser_helper_objects");

    $query = "DELETE FROM firewall_auth_app WHERE firewall_app_uuid = '$system_uuid'";
    $result = mysql_query($query)  or die("Query failed at insert stage. firewall_auth_app");

    $query = "DELETE FROM firewall_ports WHERE port_uuid = '$system_uuid'";
    $result = mysql_query($query)  or die("Query failed at insert stage. firewall_ports");

    $query = "DELETE FROM firewire WHERE fw_uuid = '$system_uuid'";
    $result = mysql_query($query)  or die("Query failed at insert stage. firewire");

    $query = "DELETE FROM floppy WHERE floppy_uuid = '$system_uuid'";
    $result = mysql_query($query)  or die("Query failed at insert stage. floppy");

    $query = "DELETE FROM graphs_disk WHERE disk_uuid = '$system_uuid'";
    $result = mysql_query($query)  or die("Query failed at insert stage. graphs_disk");

    $query = "DELETE FROM groups WHERE groups_uuid = '$system_uuid'";
    $result = mysql_query($query)  or die("Query failed at insert stage. groups");

    $query = "DELETE FROM hard_drive WHERE hard_drive_uuid = '$system_uuid'";
    $result = mysql_query($query)  or die("Query failed at insert stage. hard_drive");

    $query = "DELETE FROM iis WHERE iis_uuid = '$system_uuid'";
    $result = mysql_query($query)  or die("Query failed at insert stage. iis");

    $query = "DELETE FROM iis_ip WHERE iis_ip_uuid = '$system_uuid'";
    $result = mysql_query($query)  or die("Query failed at insert stage. iis_ip");

    $query = "DELETE FROM iis_vd WHERE iis_vd_uuid = '$system_uuid'";
    $result = mysql_query($query)  or die("Query failed at insert stage. iis_vd");

    $query = "DELETE FROM invoice WHERE invoice_uuid = '$system_uuid'";
    $result = mysql_query($query)  or die("Query failed at insert stage. invoice");

    $query = "DELETE FROM keyboard WHERE keyboard_uuid = '$system_uuid'";
    $result = mysql_query($query)  or die("Query failed at insert stage. keyboard");

    $query = "DELETE FROM manual_software WHERE man_soft_uuid = '$system_uuid'";
    $result = mysql_query($query)  or die("Query failed at insert stage. manual_software");

    $query = "DELETE FROM mapped WHERE mapped_uuid = '$system_uuid'";
    $result = mysql_query($query)  or die("Query failed at insert stage. mapped");

    $query = "DELETE FROM media WHERE media_uuid = '$system_uuid'";
    $result = mysql_query($query)  or die("Query failed at insert stage. media");

    $query = "DELETE FROM memory WHERE memory_uuid = '$system_uuid'";
    $result = mysql_query($query)  or die("Query failed at insert stage. memory");

    $query = "DELETE FROM modem WHERE modem_uuid = '$system_uuid'";
    $result = mysql_query($query)  or die("Query failed at insert stage. modem");

    $query = "DELETE FROM monitor WHERE monitor_uuid = '$system_uuid'";
    $result = mysql_query($query)  or die("Query failed at insert stage. modem");

    $query = "DELETE FROM mouse WHERE mouse_uuid = '$system_uuid'";
    $result = mysql_query($query)  or die("Query failed at insert stage. modem");

    $query = "DELETE FROM ms_keys WHERE ms_keys_uuid = '$system_uuid'";
    $result = mysql_query($query)  or die("Query failed at insert stage. ms_keys");

    $query = "DELETE FROM network_card WHERE net_uuid = '$system_uuid'";
    $result = mysql_query($query)  or die("Query failed at insert stage. network_card");

    $query = "DELETE FROM nmap_ports WHERE nmap_other_id = '$system_uuid'";
    $result = mysql_query($query)  or die("Query failed at insert stage. nmap_other_ports");

    $query = "DELETE FROM notes WHERE notes_uuid = '$system_uuid'";
    $result = mysql_query($query)  or die("Query failed at insert stage. notes");

    $query = "DELETE FROM optical_drive WHERE optical_drive_uuid = '$system_uuid'";
    $result = mysql_query($query)  or die("Query failed at insert stage. optical_drive");

    $query = "DELETE FROM partition WHERE partition_uuid = '$system_uuid'";
    $result = mysql_query($query)  or die("Query failed at insert stage. partition");

    $query = "DELETE FROM passwords WHERE passwords_uuid = '$system_uuid'";
    $result = mysql_query($query)  or die("Query failed at insert stage. passwords");

    $query = "DELETE FROM processor WHERE processor_uuid = '$system_uuid'";
    $result = mysql_query($query)  or die("Query failed at insert stage. processor");

    $query = "DELETE FROM scsi_controller WHERE scsi_controller_uuid = '$system_uuid'";
    $result = mysql_query($query)  or die("Query failed at insert stage. scsi_controller");

    $query = "DELETE FROM scsi_device WHERE scsi_device_uuid = '$system_uuid'";
    $result = mysql_query($query)  or die("Query failed at insert stage. scsi_device");

    $query = "DELETE FROM service WHERE service_uuid = '$system_uuid'";
    $result = mysql_query($query)  or die("Query failed at insert stage. services");

    $query = "DELETE FROM shares WHERE shares_uuid = '$system_uuid'";
    $result = mysql_query($query)  or die("Query failed at insert stage. shares");

    $query = "DELETE FROM software WHERE software_uuid = '$system_uuid'";
    $result = mysql_query($query)  or die("Query failed at insert stage. software");

    $query = "DELETE FROM sound WHERE sound_uuid = '$system_uuid'";
    $result = mysql_query($query)  or die("Query failed at insert stage. sound");

    $query = "DELETE FROM startup WHERE startup_uuid = '$system_uuid'";
    $result = mysql_query($query)  or die("Query failed at insert stage. startup");

    $query = "DELETE FROM system WHERE system_uuid = '$system_uuid'";
    $result = mysql_query($query)  or die("Query failed at insert stage. system");

    $query = "DELETE FROM system_audits WHERE system_audits_uuid = '$system_uuid'";
    $result = mysql_query($query)  or die("Query failed at insert stage. system_audits");

    $query = "DELETE FROM system_man WHERE system_man_uuid = '$system_uuid'";
    $result = mysql_query($query)  or die("Query failed at insert stage. system_man");

    $query = "DELETE FROM system_security WHERE ss_uuid = '" . $name . "'";
    $result = mysql_query($query)  or die("Query failed at insert stage. system_security");

    $query = "DELETE FROM tape_drive WHERE tape_drive_uuid = '$system_uuid'";
    $result = mysql_query($query)  or die("Query failed at insert stage. tape_drive");

    $query = "DELETE FROM usb WHERE usb_uuid = '$system_uuid'";
    $result = mysql_query($query)  or die("Query failed at insert stage. usb");

    $query = "DELETE FROM users WHERE users_uuid = '$system_uuid'";
    $result = mysql_query($query)  or die("Query failed at insert stage. users");

    $query = "DELETE FROM video WHERE video_uuid = '$system_uuid'";
    $result = mysql_query($query)  or die("Query failed at insert stage. video");
    }
?>


Top
 Profile  
 
 Post subject:
PostPosted: Thu Oct 19, 2006 7:15 am 
Offline
Newbie

Joined: Thu Oct 19, 2006 2:31 am
Posts: 4
That worked so incredibly remarkably well, I am eternally grateful, Thanks so much! Worked like a champ.

-Thankfully
Aaron Navratil


Top
 Profile  
 
Display posts from previous:  Sort by  
Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 8 posts ] 

All times are UTC + 10 hours


Who is online

Users browsing this forum: No registered users and 5 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group