Open-AudIT

Howdy folks! I looked into how to make my own quick views, and I guess my biggest problem/question is that I have a windows 2003 domain without Security center enabled. Therefore, my AV doesn't show up in the Anti-virus status view! I tried desperately to modify the FAQ that I think AHULL put out on the FAQ pages, but I am afraid it didn't work. Has anyone played around with that at all?

Also, I was thinking about a view for Windows Update, to see what the box is scheduled to do and where it is supposed to get updates on that. Has anyone looked into that so far? Thanks folks. As always, great project.

Regarding the Anti-virus. What anti-virus product are you using?
I have a mixed mode (2K and 2K3) domain, and all of the servers show.

Windows Updates I will need to think about that, we log all of the patches, but we have no central list to compare with, so we can't compare...

_________________
Andrew

[size=85]OA Server: Windows XP/ XAMPP, Mandriva/Apache, Ubuntu
Auditing: 300+ Wstns, 20+ Srvrs, Thin clients, Linux boxes, Routers, etc
OS's: Windows XP , W2K Srvr, W2K3 Srvr, W2K8, Vista, Windows 7, Linuxes (and a Mac at home)
LDAP: Active Directory[/size]

I have McAfee Enterprise. It shows up in the "other Anti-Virus". As far as the WSUS, I can utilize my WSUS server to see what updates are applied, but I was thinking more just where my servers are getting their updates from. I have multiple WSUS servers on multiple domains. Any ideas???

There is quite a lot of stuff written in VBS to do WSUS stuff, google it and you will see. Take a look at this for example...
http://www.vbshf.com/vbshf/forum/boxx/k ... pe=2&Cat=2

_________________
Andrew

[size=85]OA Server: Windows XP/ XAMPP, Mandriva/Apache, Ubuntu
Auditing: 300+ Wstns, 20+ Srvrs, Thin clients, Linux boxes, Routers, etc
OS's: Windows XP , W2K Srvr, W2K3 Srvr, W2K8, Vista, Windows 7, Linuxes (and a Mac at home)
LDAP: Active Directory[/size]

I have done this for Symantec AntiVirus. I do not use Security Center either. I also have it setup on the homepage to show a list of servers that have outdated defs by x number of days. I still need to add the option to the admin config page so I can simply type in how many days old I want to show. I have the code but just haven't had the time to make the changes.

As far as WSUS, most of this information can be obtained from the registry or group policy settings...

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\windows\WindowsUpdate - WSUS Server name and Taret Group name
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\windows\WindowsUpdate\AU - WSUS Policy settings (schedule, detection time...)

AUOptions Values:
2 = Notify before downloading any updates and notify again before installing them.
3 = (Default setting) Download the updates automatically and notify when they are ready to be installed
4 = Automatically download updates and install them on the schedule specified below
5 = Allow local administrators to select the configuration mode that Automatic Updates should notify and install updates

ScheduledInstallDay Values:
0 = Everday
1 = Every Sunday
2 = Every Monday
3 = Every Tuesday
4 = Every Wednesday
5 = Every Thursday
6 = Every Friday
7 = Every Saturday

ScheduledInstallTime Values:
0-24 (24 hr...you get the idea)

This would make a great addition to the index page anti virus section.

_________________
Andrew

[size=85]OA Server: Windows XP/ XAMPP, Mandriva/Apache, Ubuntu
Auditing: 300+ Wstns, 20+ Srvrs, Thin clients, Linux boxes, Routers, etc
OS's: Windows XP , W2K Srvr, W2K3 Srvr, W2K8, Vista, Windows 7, Linuxes (and a Mac at home)
LDAP: Active Directory[/size]

Here is the code for the WSUS information in audit.vbs. You'll have to create a new database with all of the appropriate fields. But don't get too excited, I still haven't been able to get it to write to the database. I'm wondering if the form input has to be included in a For Each loop or If statement? Anyway, it should save a little time for anyone who wants to take a stab. I'm sure it's something stupid that I've missed.

[code]
''''''''''''''''''''''''''''''
'Windows Update Information '
''''''''''''''''''''''''''''''
comment = "Windows Update Settings"
if verbose = "y" then
wscript.echo comment
end if

strKeyPath = "SOFTWARE\Policies\Microsoft\windows\WindowsUpdate"
strValueName = "WUServer"
objReg.GetStringValue HKEY_LOCAL_MACHINE,strKeyPath,strValueName,win_updates_server

if isnull(win_updates_server) then win_updates_server = "" end if
Wscript.echo win_updates_Server


strKeyPath = "SOFTWARE\Policies\Microsoft\windows\WindowsUpdate"
strValueName = "TargetGroup"
objReg.GetStringValue HKEY_LOCAL_MACHINE,strKeyPath,strValueName,win_updates_group

if isnull(win_updates_group) then win_updates_group = "" end if
Wscript.echo win_updates_group


strKeyPath = "SOFTWARE\Policies\Microsoft\windows\WindowsUpdate\AU"
strValueName = "AUOptions"
objReg.GetDWordValue HKEY_LOCAL_MACHINE,strKeyPath,strValueName,win_updates_options

if isnull(win_updates_options) then win_updates_options = "" end if

Select Case win_updates_options
Case "2" win_updates_options = "Notify before downloading any updates and notify again before installing them"
Case "3" win_updates_options = "(Default setting) Download the updates automatically and notify when they are ready to be installed"
Case "4" win_updates_options = "Automatically download updates and install them on the schedule specified"
Case "5" win_updates_options = "Allow local administrators to select the configuration mode that Automatic Updates should notify and install updates"
End Select

Wscript.echo win_updates_options


strKeyPath = "SOFTWARE\Policies\Microsoft\windows\WindowsUpdate\AU"
strValueName = "ScheduledInstallDay"
objReg.GetDWordValue HKEY_LOCAL_MACHINE,strKeyPath,strValueName,win_updates_installday

if isnull(win_updates_installday) then win_updates_installday = "" end if

Select Case win_updates_installday
Case "0" win_updates_installday = "Everday"
Case "1" win_updates_installday = "Every Sunday"
Case "2" win_updates_installday = "Every Monday"
Case "3" win_updates_installday = "Every Tuesday"
Case "4" win_updates_installday = "Every Wednesday"
Case "5" win_updates_installday = "Every Thursday"
Case "6" win_updates_installday = "Every Friday"
Case "7" win_updates_installday = "Every Saturday"
End Select


strKeyPath = "SOFTWARE\Policies\Microsoft\windows\WindowsUpdate\AU"
strValueName = "ScheduledInstallTime"
objReg.GetDWordValue HKEY_LOCAL_MACHINE,strKeyPath,strValueName,win_updates_installtime

if isnull(win_updates_installtime) then win_updates_installtime = "" end if

Select Case win_updates_installtime
Case "0" win_updates_installtime = "12:00 AM"
Case "1" win_updates_installtime = "1:00 AM"
Case "2" win_updates_installtime = "2:00 AM"
Case "3" win_updates_installtime = "3:00 AM"
Case "4" win_updates_installtime = "4:00 AM"
Case "5" win_updates_installtime = "5:00 AM"
Case "6" win_updates_installtime = "6:00 AM"
Case "7" win_updates_installtime = "7:00 AM"
Case "8" win_updates_installtime = "8:00 AM"
Case "9" win_updates_installtime = "9:00 AM"
Case "10" win_updates_installtime = "10:00 AM"
Case "11" win_updates_installtime = "11:00 AM"
Case "12" win_updates_installtime = "12:00 PM"
Case "13" win_updates_installtime = "1:00 PM"
Case "14" win_updates_installtime = "2:00 PM"
Case "15" win_updates_installtime = "3:00 PM"
Case "16" win_updates_installtime = "4:00 PM"
Case "17" win_updates_installtime = "5:00 PM"
Case "18" win_updates_installtime = "6:00 PM"
Case "19" win_updates_installtime = "7:00 PM"
Case "20" win_updates_installtime = "8:00 PM"
Case "21" win_updates_installtime = "9:00 PM"
Case "22" win_updates_installtime = "10:00 PM"
Case "23" win_updates_installtime = "11:00 PM"
End Select

form_input = "Win_updates^^^" & clean(win_updates_server) & "^^^" & clean(win_updates_group) & "^^^" & clean(win_updates_options) _
& "^^^" & clean(win_updates_installday) & "^^^" & clean(win_updates_installtime) & "^^^"
entry form_input,comment,objTextFile,oAdd,oComment
form_input = ""[/code]

Here is the code for the admin_pc_add_2.php

[code]
function insert_win_updates ($split) {
global $timestamp, $uuid, $verbose, $win_updates_timestamp;
$extended = explode('^^^',$split);
if ($verbose == "y"){echo "<h2>Windows Updates</h2><br />";}
$win_updates_server = trim($extended[1]);
$win_updates_group = trim($extended[2]);
$win_updates_options = trim($extended[3]);
$win_updates_installday = trim($extended[4]);
$win_updates_installtime = trim($extended[5]);

if (is_null($win_updates_timestamp)) {
$sql = "SELECT MAX(win_updates_timestamp) FROM windows_updates WHERE win_updates_uuid = '$uuid'";
if ($verbose == "y"){echo $sql . "<br />\n\n";}
$result = mysql_query($sql) or die ('Insert Failed: ' . mysql_error() . '<br />' . $sql);
$myrow = mysql_fetch_array($result);
if ($myrow["MAX(win_updates_timestamp)"]) {$win_updates_timestamp = $myrow["MAX(win_updates_timestamp)"];} else {$win_updates_timestamp = "";}
} else {}
$sql = "SELECT count(win_updates_uuid) as count from windows_updates ";
$sql .= "WHERE win_updates_uuid = '$uuid' AND win_updates_server = '$win_updates_server' AND win_updates_group = '$win_updates_group'";
$sql .= "AND (win_updates_timestamp = '$win_updates_timestamp' OR win_updates_timestamp = '$timestamp')";
if ($verbose == "y"){echo $sql . "<br />\n\n";}
$result = mysql_query($sql) or die ('Insert Failed: ' . mysql_error() . '<br />' . $sql);
$myrow = mysql_fetch_array($result);
if ($verbose == "y"){echo "Count: " . $myrow['count'] . "<br />\n\n";}
if ($myrow['count'] == "0"){
// New task - Insert into database
$sql = "INSERT INTO windows_updates (";
$sql .= "win_updates_uuid, win_updates_server, win_updates_group, win_updates_options, win_updates_installday, win_updates_installtime, ";
$sql .= "win_updates_timestamp, win_updates_first_timestamp) VALUES (";
$sql .= "'$uuid', '$win_updates_server', '$win_updates_group', '$win_updates_options', '$win_updates_installday', '$win_updates_installtime', ";
$sql .= "'$timestamp', '$timestamp') ";

if ($verbose == "y"){echo $sql . "<br />\n\n";}
$result = mysql_query($sql) or die ('Insert Failed: ' . mysql_error() . '<br />' . $sql);
} else {
// Already present in database - Update timestamp and dynamic fields
$sql = "UPDATE windows_updates SET ";
$sql .= "win_updates_timestamp = '$timestamp', win_updates_server = '$win_updates_server', win_updates_group = '$win_updates_group', ";
$sql .= "win_updates_options = '$win_updates_options', win_updates_installday = '$win_updates_installday', win_updates_installtime = '$win_updates_installtime' ";
$sql .= "WHERE win_updates_uuid = '$uuid' AND win_updates_server = '$win_updates_server' AND win_updates_group = '$win_updates_group' ";
$sql .= "AND win_updates_timestamp = '$win_updates_timestamp'";
if ($verbose == "y"){echo $sql . "<br />\n\n";}
$result = mysql_query($sql) or die ('Insert Failed: ' . mysql_error() . '<br />' . $sql);
}

}
[/code]

Feel free to change it around or do whatever you have to do to get it working. Of course the next step is to display the info in Open Audit . Sorry...just haven't had time to complete this but figured it might assist someone who does.

[quote="A_Hull"]There is quite a lot of stuff written in VBS to do WSUS stuff, google it and you will see. Take a look at this for example...
http://www.vbshf.com/vbshf/forum/boxx/k ... pe=2&Cat=2

_________________
Server Info:
OS : Windows Server 2003
Auditing: ~300 machines
LDAP: Windows Server 2003 Active Directory

Hey musekmkr,

Since your working on my other question, I figured I would look at your other stuff..

Do you mind posting your audit.vbs code for the symantec last def update and the admin_pc_add2 for it aswell. Thanks would save me some time.

_________________
1400 Servers Audited (1 hour interval) Applied via a local scheduler, deployed via GPO.
Running OA on IIS6 Web Server
90% Windows 2k3 Server (std,ent)
5% Windows XP
5% Windows 2000