Registrations to Open-AudIT forums are now closed. To ask any new questions please visit Opmantek Community Questions.

Open-AudIT

What's on your network?
It is currently Fri Mar 29, 2024 7:22 pm

All times are UTC + 10 hours




Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 9 posts ] 
Author Message
PostPosted: Sat Jan 24, 2009 5:55 am 
Offline
Newbie

Joined: Sat Jan 24, 2009 5:39 am
Posts: 5
version 08.07.23

I just installed Open Audit from the latest SF stable package, when I attempt to run an audit from a remote system (the only way I can since the server is linux and the systems to audit are windows), the data never gets posted to the Open Audit server. Based on the output of netstat, I see the cscript.exe making a http connection to the OA server, but the data never gets inserted into the database. The table "system_audits" gets an additional row per run of the audit2.vbs, but the only data populated in that table is "Full Texts system_audits_id", which is an autoincrement col. I changed the online = "yesxml" to online = "ie" with ie_visible = "y", and I see IE popup and submit the data to the server, but the admin_pc_add_2.php page does not show any data being populated. It shows the following

[quote="admin_pc_add_2.php"]Verbose:
User:
Verbose: y
System:
UUID:
Timestamp:
Software Audit:

SELECT MAX(system_audits_timestamp) AS timestamp FROM system_audits WHERE system_audits_uuid = ''
INSERT INTO system_audits (system_audits_uuid, system_audits_timestamp, system_audits_username) VALUES ('','','')
INSERT INTO system (system_uuid, system_first_timestamp) VALUES ('','')
UPDATE system SET system_timestamp = '' WHERE system_uuid = ''
Close

Page was generated in 0 seconds !


Can anyone offer some assistance?

Thanks

[quote="audit2.config"]audit_location = "r"
server_install_path = "/audit"
verbose = "y"
audit_host="http://devbox.test.local"
online = "yesxml"
strComputer = "."
strUser = ""
strPass = ""
ie_visible = "y"
ie_auto_submit = "y"
ie_submit_verbose = "y"
ie_form_page = "http://devbox.test.local/audit/admin_pc_add_1.php"
non_ie_page = "http://devbox.test.local/audit/admin_pc_add_2.php"
input_file = ""
send_email = FALSE
email_to = "openaudit@mydonain.com"
email_from = "openaudit@mydonain.com"
email_sender = "Open Audit"
email_server = "mail.mydomain.com"
email_port = "25"
email_auth = "1"
email_user_id = "openaudit@mydonain.com"
email_user_pwd = "MailPassword"
email_use_ssl = "false"
email_timeout = "60"
audit_local_domain = "n"
domain_type = "ldap"
local_domain = "LDAP://mydomain.local"
hfnet = "n"
Count = 0
number_of_audits = 10
script_name = "audit2.vbs"
monitor_detect = "y"
printer_detect = "y"
software_audit = "y"
uuid_type = "uuid"
nmap_subnet = "192.168.0."
nmap_subnet_formatted = "192.168.000."
nmap_ie_form_page = "http://devbox.test.local/audit/admin_nmap_input.php"
nmap_ie_visible = "y"
nmap_ie_auto_close = "y"
nmap_ip_start = 1
nmap_ip_end = 254
keep_this_config = "y"
keep_audit_log = "y"
requesting_host = "test2.test.local"
requesting_addr = "10.10.10.121"

[quote="cscript audit2.vbs hogwash"]
C:\audits>cscript audit2.vbs hogwash
Microsoft (R) Windows Script Host Version 5.7
Copyright (C) Microsoft Corporation. All rights reserved.

1/23/2009 2:28:58 PM,hogwash - Able to connect to WMI.
No username and password provided - therefore assuming local domain PC.
PC name supplied: hogwash
PC name from WMI: HOGWASH
User executing this script: msalerno
System UUID: 12345678-1234-4321-2314-123456789123
IP: 10.225.30.121
Network Info
System Info
Windows Info
Bios Info
Processor Info
Memory Info
Video Info
Monitor Info
Monitor Info
USB Devices
Hard Disk Info
Partition Info
SCSI Cards
SCSI Devices
Optical Drive Info
Floppy Drives
Tape Drive Info
Keyboard Info
Battery Info
Modem Info
Mouse Info
Sound Card Info
Printer Info
Share Info
Mapped Drives Info
Local Groups Info
Local Users Info
Scheduled Tasks Info
System Environment Variables Info
Event Logs Info
Ip Routes Info
Pagefile Info
Motherboard Info
Onboard devices Info
AV - Security Center Settings
Startup Programs
Services
Internet Explorer Browser Helper Objects
Installed Software
Installed Media Codecs
MDAC/WDAC, DirectX, Media Player, IE and OE Versions
Firefox Extensions
Windows Firewall Settings
CD Keys
Automatic Updating Settings
Audit.vbs Execution Time: 53 seconds.
XML sent to server using ServerXMLHTTP: 200 (OK)
Total Execution Time: 56 seconds.


Top
 Profile  
Reply with quote  
PostPosted: Mon Jan 26, 2009 2:57 am 
Offline
Helper

Joined: Fri Jun 06, 2008 3:02 pm
Posts: 79
Location: Singapore
[quote]
strComputer = "."


change it to

strComputer = ""

and see just a guess

_________________
**---((( [color=#FF0000]SGR[/color] )))---****
Server Info:
OS : CentoS 5
Auditing: 1143 machines
LDAP: Active Directory
Support Open-Audit : [url]http://www.open-audit.org/phpBB3/viewtopic.php?f=5&t=2990#p13523[/url]


Top
 Profile  
Reply with quote  
PostPosted: Tue Jan 27, 2009 10:05 pm 
Offline
Newbie

Joined: Sat Jan 24, 2009 5:39 am
Posts: 5
Thanks for the suggestion, however, it didn't work. Do you or anyone else have any other ideas?

Thanks


Top
 Profile  
Reply with quote  
PostPosted: Wed Jan 28, 2009 12:21 pm 
Offline
Newbie

Joined: Sat Jan 24, 2009 5:39 am
Posts: 5
It was a result of having the [url=http://www.hardened-php.net/suhosin/]suhosin[/url] php extension loaded.

Now I just need to figure out what is being blocked so I can re-enable the extension and still use this app.


Top
 Profile  
Reply with quote  
PostPosted: Thu Jan 29, 2009 12:29 am 
Offline
Moderator
User avatar

Joined: Tue Jan 25, 2005 3:09 am
Posts: 2140
Location: Scotland
If you get it working, can you post the results of your suhosin changes, so I can have a look, this could make a useful FAQ. Thanks.

_________________
Andrew

[size=85]OA Server: Windows XP/ XAMPP, Mandriva/Apache, Ubuntu
Auditing: 300+ Wstns, 20+ Srvrs, Thin clients, Linux boxes, Routers, etc
OS's: Windows XP , W2K Srvr, W2K3 Srvr, W2K8, Vista, Windows 7, Linuxes (and a Mac at home)
LDAP: Active Directory[/size]


Top
 Profile  
Reply with quote  
PostPosted: Thu Jan 29, 2009 1:36 am 
Offline
Newbie

Joined: Sat Jan 24, 2009 5:39 am
Posts: 5
I'm in the process of trying to setup suhosin logging so I can see what is being blocked. At the moment I'm having issue setting it up to log. Nothing is being logged and the suhosin forums are down!


Top
 Profile  
Reply with quote  
PostPosted: Thu Jan 29, 2009 11:05 am 
Offline
Site Admin
User avatar

Joined: Mon Jun 07, 2004 11:48 am
Posts: 1964
Location: Brisbane, Australia
On Ubuntu edit the file
/etc/php5/apache2/conf.d/suhosin.ini
and change the line suhosin.post.max_value_length = 65000 to something larger.
Restart Apache for it to take effect.

_________________
Support and Development hours available from [url=https://opmantek.com]Opmantek[/url].
Please consider a purchase to help make Open-AudIT better for everyone.


Top
 Profile  
Reply with quote  
PostPosted: Fri Jan 30, 2009 12:59 am 
Offline
Helper

Joined: Fri Jun 06, 2008 3:02 pm
Posts: 79
Location: Singapore
I doubt may not be becos of it, becos i do have the same environment

[code]
php -v
PHP 5.2.6-2ubuntu4 with Suhosin-Patch 0.9.6.2 (cli) (built: Oct 14 2008 20:18:13)
Copyright (c) 1997-2008 The PHP Group
Zend Engine v2.2.0, Copyright (c) 1998-2008 Zend Technologies
[/code]

_________________
**---((( [color=#FF0000]SGR[/color] )))---****
Server Info:
OS : CentoS 5
Auditing: 1143 machines
LDAP: Active Directory
Support Open-Audit : [url]http://www.open-audit.org/phpBB3/viewtopic.php?f=5&t=2990#p13523[/url]


Top
 Profile  
Reply with quote  
PostPosted: Fri Jan 30, 2009 1:35 am 
Offline
Newbie

Joined: Sat Jan 24, 2009 5:39 am
Posts: 5
This is what I have:

[quote="php -v"]PHP 5.2.8-pl2-gentoo with Suhosin-Patch 0.9.6.3 (cli) (built: Jan 27 2009 11:05:13)
Copyright (c) 1997-2008 The PHP Group
Zend Engine v2.2.0, Copyright (c) 1998-2008 Zend Technologies
with Suhosin v0.9.27, Copyright (c) 2007, by SektionEins GmbH


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 9 posts ] 

All times are UTC + 10 hours


Who is online

Users browsing this forum: No registered users and 2 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Powered by phpBB® Forum Software © phpBB Group