Registrations to Open-AudIT forums are now closed. To ask any new questions please visit Opmantek Community Questions.

Open-AudIT

What's on your network?
It is currently Fri Mar 29, 2024 2:56 pm

All times are UTC + 10 hours




Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 15 posts ] 
Author Message
PostPosted: Tue Sep 12, 2006 1:37 am 
Offline
Newbie

Joined: Tue Sep 12, 2006 1:28 am
Posts: 21
Sorry to have such a stupid question for my first post, but where can I find the installation instructions for running on a Linux server? I can't seem to find any install instructions. I'm using the svn from last Thursday.

I'm pretty competent with Linux and I managed to get just about everything installed so far. I ran the setup.php file and followed the instructions. The db seems to be populated and working fine. My problem is, after i get to the "Success, done" page. There is a list of things it says to download and install, and they all seem windows specific.
Here's the list:[code]
Success.
Done.

Now make sure you go and download the following:
Shavlivk HFNetchk 3.86 command line tool - Link
Shavlik patches file - Link
PSTools Suite - Link
NMap command line - Link
WinPcap for Windows - Link

Extract hfnetchk.exe and put it in your scripts directory.
Extract MSSecure.XML from mssecure.cab, and put it in your scripts directory.
Extract the pstools .exe's and put them in your web root.
Install NMap, and make sure it's in your command path.
Install WinPcap (for NMap to use)>
START AUDITING !!![/code]

Is this software only able to be used on Windows servers, because they are all .exe's? I have nmap installed, and I tried following the first 3 links, but they are all bad except the second one. I did find pstools on the sysinternals site, but the url given on the open-audit page is wrong.

Thanks for any help.


Last edited by alberts on Sat Sep 23, 2006 5:20 am, edited 2 times in total.

Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Tue Sep 12, 2006 4:55 am 
Offline
Contributor
User avatar

Joined: Thu Mar 02, 2006 4:41 am
Posts: 205
Location: Massachusetts
You are correct, all of those are for Windows installations.

I don't think you will neesd PSTools.

If you need to use HFNETCHK you will probably have to use something like WINE. HFNETCHK is for checking for missing Microsoft Updates, if you want a tool for inventory then you won't need to know what is missing, just what is already installed.


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Tue Sep 12, 2006 6:19 am 
You will need a windows box to perform the audits. This is because there is no WMI support on linux for accessing windows data.


Top
  
Reply with quote  
 Post subject:
PostPosted: Wed Sep 13, 2006 3:29 am 
Offline
Newbie

Joined: Tue Sep 12, 2006 1:28 am
Posts: 21
OK. Thanks. So, it looks like this works fine for inventory as Shanimal said. I may move this to a windows box eventually so I can do patch scanning as well.


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Wed Sep 13, 2006 10:03 am 
You can leave the MySQL database and the php files on the linux box. Those things do not care whether they are on windows or linux. The only thing that must be on windows is the audit files. The audit files will not care what server they are uploading the data to because they use http.


Top
  
Reply with quote  
 Post subject:
PostPosted: Wed Sep 13, 2006 5:21 pm 
Offline
Moderator
User avatar

Joined: Tue Jan 25, 2005 3:09 am
Posts: 2140
Location: Scotland
To summarise, the web interface can run on anything that will service PHP

My-SQL can run on the same box as the web interface, or on an entirely separate box. Anything which will run MySQL will do.

NMAP (optional, only used to find non windows devices on your LAN) and HFNETCHECK (Also optional, only used to find out what is NOT up to date in Windows) and the Audit.vbs script (which does all of the hard work) must all be run from a windows machine, however his can be any machine so long as the user running the application has sufficient privs. to see the resources being audited or checked. So for example a non admin user generally cannot administer WMI and therefore may not be able to perform a domain audit.

One final point, if you are attempting to audit machines and you have a firewall on the machines being audited, you must configure it to allow remote WMI to be seen.

(Most if not all of this is covered elsewhere in these posts, have a read through particularly the support forum).

:lol:


Last edited by A_Hull on Thu Sep 21, 2006 9:28 pm, edited 1 time in total.

Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Thu Sep 14, 2006 5:32 am 
NMAP can be run from linux no problem. There is a bash script for that.


Top
  
Reply with quote  
 Post subject:
PostPosted: Wed Sep 20, 2006 7:30 am 
Offline
Newbie

Joined: Tue Sep 12, 2006 1:28 am
Posts: 21
Wow, lots of comments. Thanks for all of the info.

I like the idea of having the webserver and database on my Linux box. What I am trying to audit is a Windows Server2003 AD, but my webserver is on a Linux box that doesn't auth with my AD.
I have no problem putting NMap, HFNetCheck, and audit.vbs on one of my AD DC's if necessary. Right now, my plan is to have audit.vbs run as a computer startup script that I will enforce via group policy. It would be nice to be able to check for unapplied updates (HFNetCheck?). How would I initiate a scan like that since my web files are on a Linux server?

Again, it would also be nice to scan the network for machines that aren't on my AD, but how do I initiate something like that when the web files are on a Linux server?

I apologize for ignorance about the capabilities and usage of this software, but I've been unable to locate any documentation to help me throught this process.


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Wed Sep 20, 2006 7:39 am 
Offline
Newbie

Joined: Tue Sep 12, 2006 1:28 am
Posts: 21
I just saw [url=http://www.open-audit.org/phpbb2/viewtopic.php?t=1393]this FAQ post[/url] about various config options. It seems using the audit_local_domain option might be a better option for me with auditing my domain; however, I don't see how this option is possible, since my webserver is on a Linux box that has no knowledge of the AD.


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Thu Sep 21, 2006 3:58 am 
The audit MUST be run from a windows machine, if you are auditing windows boxes. That machine should be aware of AD, so that's how you accomplish auditing the local domain. The results are fed into the linux box, which doesn't care how the results were obtained.


Top
  
Reply with quote  
 Post subject:
PostPosted: Thu Sep 21, 2006 5:55 am 
Offline
Newbie

Joined: Tue Sep 12, 2006 1:28 am
Posts: 21
[quote="mikeyrb"]The audit MUST be run from a windows machine, if you are auditing windows boxes. That machine should be aware of AD, so that's how you accomplish auditing the local domain. The results are fed into the linux box, which doesn't care how the results were obtained.


Thanks again mikeyrb. I wish I could ask this question in the FAQ I referenced in an earlier post, but the thread is locked.
If I run audit.vbs on one of my dc's, and set the audit_local_domain option, will it automagically audit all of the machines in my domain? Then, since I have configured audit.config with the path to the web server, each pc will upload the results to the web server?
If my above statement is correct, I guess there is no need to manually copy audit.vbs file to each machine being audited?

Sorry to be so anal about this, but I'm planning on using this on my domain with about 300 computers on it. I really don't want to do anything that is going to cause problems for the end users.

Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Thu Sep 21, 2006 6:33 am 
That is correct. As long as you specify the domain to audit and the path to the web server, you will only need one copy. Also, there is no restriction that the audit must be run from a dc. You can start it from any machine on the domain, and it will scan all machines.


Top
  
Reply with quote  
 Post subject:
PostPosted: Thu Sep 21, 2006 6:48 am 
Offline
Newbie

Joined: Tue Sep 12, 2006 1:28 am
Posts: 21
Very cool. I'll try running it later today and let you know how it works on a domain of 300+ computers. :)


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Sat Sep 23, 2006 5:19 am 
Offline
Newbie

Joined: Tue Sep 12, 2006 1:28 am
Posts: 21
Worked great. It audited all of the computers that were on (182) with no problem at all. It only took about 30 minutes to audit all of the machines. There were quite a few machines that were off, so I'm sure that affected the time.

Thanks for the help getting things configured.


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Thu Oct 05, 2006 11:52 pm 
Offline
Contributor
User avatar

Joined: Thu Mar 02, 2006 4:41 am
Posts: 205
Location: Massachusetts
[quote]I'm planning on using this on my domain with about 300 computers on it. I really don't want to do anything that is going to cause problems for the end users.


I'm happy to say I've been scanning our domain of @ 600 systems, once or twice a month randomly (since Feb). WAMP & WI are both running on an old desktop pc, running XP SP2, using a domain admin logon specifically for this task. Never once has a user even noticed their system is being scanned, or has been scanned! WI is a quality solution (thanks to Mark & the other contributors), and I look forward to start testing and migrating to OA soon.

Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 15 posts ] 

All times are UTC + 10 hours


Who is online

Users browsing this forum: No registered users and 2 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group