Registrations to Open-AudIT forums are now closed. To ask any new questions please visit Opmantek Community Questions.

Open-AudIT

What's on your network?
It is currently Fri Mar 29, 2024 6:35 pm

All times are UTC + 10 hours




Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 5 posts ] 
Author Message
PostPosted: Sat Sep 09, 2006 1:51 am 
Offline
Newbie

Joined: Sat Sep 09, 2006 1:48 am
Posts: 2
Hello,

When I do an audit, no data is transferred into the MySQL database.

In the winventory audit script, the parameters for the MySQL database were defined there and the MySQL ODBC driver was used to make the connection to the

In this audit script, I don't see any MySQL database parameters or anything about an ODBC connection. How is the gathered information stored in MySQL?

Any insight would be greatly appreciated. Thanks.


Top
 Profile  
Reply with quote  
PostPosted: Sat Sep 09, 2006 2:30 am 
Offline
Moderator
User avatar

Joined: Tue Jan 25, 2005 3:09 am
Posts: 2140
Location: Scotland
[quote="thiteshew"]Hello,


When I do an audit, no data is transferred into the MySQL database.

In the winventory audit script, the parameters for the MySQL database were defined there and the MySQL ODBC driver was used to make the connection to the

In this audit script, I don't see any MySQL database parameters or anything about an ODBC connection. How is the gathered information stored in MySQL?

Any insight would be greatly appreciated. Thanks.


****************************************************************************
How it works....

Open Audit uses a slightly more cunning method to post data to the database.
Instead of installing MyODBC connector on all of the audited machines, we simply gather the data using the audit.vbs script, and write it directly to the web server in the form of a POST to a web page.

Actually we post an XML formatted page using either a direct xml post, or by hooking into the local web browser and using that to post.

Therefore we need to set up the audit.config file to match the settings we have chosen for our web server, and the method chosen to post the page.

We do this as follows....

[code]
audit_location = "r"
[/code]
("l"ocal or "r"emote depending on whether the machine you are auditing from is the same machine you are posting to (local) or not (remote))
[code]
verbose = "y"
[/code]
(If "y" then you can see the results from the audit.vbs script as it does its work. If "n" everything is almost silent, if you run cscript audit.vbs, then leaving this as verbose = "y" is probably the best option unless you have a HUGE network).
[code]
online = "yesxml"
[/code]
(this can be "yesxml" or "ie" and selects whether we submit the page via Internet explorer, or directly using XMLPOST, I would use yesxml since it doesn't waste the resource of launching ie for every audit. yesxml works for me with 80 or so machines in about ten minutes or so, depending on what else the machines are doing at the time)
[code]
strComputer = ""
[/code]
(Set this to "." to audit just the local machine, for pretty much any other purpose, set it to "")
[code]
ie_visible = "n"
[/code]
(only makes sense with online="ie" and lets you see the browser in operation)
[code]
ie_auto_submit = "y"
[/code]
(Ditto, but selects whether the page submits automatically or waits for user input, I would use "y" )
[code]
ie_submit_verbose = "n"
[/code]
(Does what it says. Submits the ie page with all of the information exposed as it is gathered)
[code]
ie_form_page = "http://myoaserver.local/openaudit/admin_pc_add_1.php"
[/code]
(the page that ie submits to, can be an IP or a machine name followed by the html path to the OA files)
[code]
non_ie_page = "http://myoaserver.local/openaudit/admin_pc_add_2.php"
[/code]
( the page that yesxml submits to, and the page that the ie page calls next, so it has to be valid)
[code]
nmap_subnet = "192.168.45." ' The subnet you wish to scan
[/code]
(Does what it says, but only used by the nmap script)
[code]
nmap_subnet_formatted = "192.168.045." ' The subnet padded with 0's
[/code]
(Does what it says, but only used by the nmap script, bit of a fudge, 'cos we should generate this from the above nmap_subnet)
[code]
nmap_ie_form_page = "http://myoaserver.local/openaudit/admin_nmap_input.php"
[/code]
(does what it you think it does, the same as the audit page ie_form_page, but for the nmap script )
[code]
nmap_ie_visible = "n"
[/code]
(likewise , also for the nmap script)
[code]
nmap_ie_auto_close = "y"
[/code]
(likewise , also for the nmap script)
[code]
nmap_ip_start = 1
[/code]
(start of ip range on subnet chosen above)
[code]
nmap_ip_end = 254
[/code]
(end of ip range on subnet chosen above)

[code]
input_file = ""
[/code]
(used to supply a list of PCs and their usernames and passwords, these users must have WMI access rights via the network. Note administrators without passwords will not by default have these rights, do you may have to create a user on each machine for this purpose, or set the local administrator user password. If you are using a domain, use a somain admin user to do this, or better still audit the entire domain using the audit_local_domain option ).

[code]
email_to = ""
[/code]
(Send failed audit emails to whoever@whateverdomain.whatever)
[code]
email_from = ""
[/code]
(Send failed audit emails from whoever@whateverdomain.whatever)
[code]
email_server = ""
[/code]
(Send failed audit emails to whoever@whateverdomain.whatever, via this mail server, as yet there are no SMTP credentials supplied, so this may not work for a lot of people. You may be able to supply these credentials via your PHP .INI file)
[code]
audit_local_domain = "y"
[/code]
(set this to Audit the domain chosen with the next variable)
[code]
local_domain = "LDAP://mydomain.local"
[/code]
(the AD domain to audit)

[code]
hfnet = "n"
[/code]
(use hfnet **experimental** does anybody have this working reliably?)
[code]
Count = 0
[/code]
Not sure wht this does? Mark?
[code]
number_of_audits = 20
[/code]
(Maximum number of audit processes to spawn simultaneously when doing an audit from the domain)
[code]
script_name = "audit.vbs"
[/code]
(the name for the spawned processes, should always be audit.vbs, but you can add a path if you wish)

[code]
monitor_detect = "y"
[/code]
(adds monitor type, serial number etc to database)

[code]
printer_detect = "y"
[/code]
(adds printer type etc to database)

[code]
software_audit = "y"
[/code]
(audits software as well as hardware)

[code]
uuid_type = "uuid"
[/code]
(Changes the key to the database, can be UUID, MAC Address, or System name + Domain, I would stick with UUID)

****************************************************************************[code][/code]

Top
 Profile  
Reply with quote  
PostPosted: Sun Sep 10, 2006 3:57 pm 
Offline
Newbie

Joined: Thu Nov 10, 2005 4:34 am
Posts: 2
[quote="thiteshew"]
When I do an audit, no data is transferred into the MySQL database.


[quote="A_Hull"]
Open Audit uses a slightly more cunning method to post data to the database.
Instead of installing MyODBC connector on all of the audited machines, we simply gather the data using the audit.vbs script, and write it directly to the web server in the form of a POST to a web page.


This method requires that each audited machine have a secure connection to the database server.

Might there be a way to retrieve the data onto a central machine that performs the audits and then submit all of that data via one secure connection to the database server? I believe this was an advantage of using ODBC with the old Winventory if memory serves; an SSH tunnel could be created to the database server from the machine performing audits and then that allowed for one encrypted ODBC connection for data submission.

Top
 Profile  
Reply with quote  
PostPosted: Sun Sep 10, 2006 5:32 pm 
Offline
Moderator
User avatar

Joined: Tue Jan 25, 2005 3:09 am
Posts: 2140
Location: Scotland
[quote="mabino"][quote="thiteshew"]
When I do an audit, no data is transferred into the MySQL database.


[quote="A_Hull"]
Open Audit uses a slightly more cunning method to post data to the database.
Instead of installing MyODBC connector on all of the audited machines, we simply gather the data using the audit.vbs script, and write it directly to the web server in the form of a POST to a web page.


This method requires that each audited machine have a secure connection to the database server.***

Might there be a way to retrieve the data onto a central machine that performs the audits and then submit all of that data via one secure connection to the database server? I believe this was an advantage of using ODBC with the old Winventory if memory serves; an SSH tunnel could be created to the database server from the machine performing audits and then that allowed for one encrypted ODBC connection for data submission.

*** only if you run each audit from the machine being audited, or a machine not hosting the web server. If you audit the domain on the web server to http://localhost/openaudit then no web pages are visable via a packet sniffer, as nothing leaves the auditing machine. However ...

Open Audit supports https:// (if the web server running it is configured corectly),

This is still slightly experimental, I have it running fine, but you will need to tweak things slightly to ensure all pages are submitted using https. Currently by default the audits are not submitted secure, as people were finding it difficult to install the certificate correctly to their browser. To switch on https, go to Admin>Configure and tick the use https:// box

If you have difficulties, edit include_config.php and switch it back off by changing.

[code]
$use_https = 'y';
[/code]
to
[code]
$use_https = 'n';
[/code]

You should be able to store the certificate permenantly, so the browser doesn't pop up asking for confirmation of the cert for each machine submitted. How you do this depends on your browser and OS.

Top
 Profile  
Reply with quote  
PostPosted: Mon Sep 11, 2006 10:57 am 
Offline
Newbie

Joined: Thu Nov 10, 2005 4:34 am
Posts: 2
[quote="mabino"]

This method requires that each audited machine have a secure connection to the database server.***


[quote="A_Hull"]
*** only if you run each audit from the machine being audited, or a machine not hosting the web server. If you audit the domain on the web server to http://localhost/openaudit then no web pages are visable via a packet sniffer, as nothing leaves the auditing machine.

It seems I was under the mistaken impression that the machine being audited makes the submission to the web server directly.

Now I understand that it is the machine performing the auditing that does the submission of the audited machine's data.

While in my particular case the submission takes place behind a firewall, it is conceivable that if someone wished to further secure that communication they could establish an SSH tunnel for the HTTP traffic.

Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 5 posts ] 

All times are UTC + 10 hours


Who is online

Users browsing this forum: No registered users and 2 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group