Registrations to Open-AudIT forums are now closed. To ask any new questions please visit Opmantek Community Questions.

Open-AudIT

What's on your network?
It is currently Fri Mar 29, 2024 10:25 pm

All times are UTC + 10 hours




Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 14 posts ] 
Author Message
PostPosted: Thu Apr 01, 2010 10:30 pm 
Offline
Newbie

Joined: Thu Apr 01, 2010 7:35 pm
Posts: 25
Trying to run a computer-audit from my webserver in the open-audit webgui.

I have added theese configurations;
*successfully ldap connection to my domain
*tried both ip range and computer list. Just to one computer in test purpose.
*Unc path to audit.vbs and a result.txt

If I try to run audit from webgui I got Failed to run: ComputerAudit (126).
If I manually runt audit.vbs from command line on the remote client I got;
Unable to send XML to server using XMLHTTP - HTTP Response: 12007 <Unknown> - Error -2146697211 System error: -2146697211.


Top
 Profile  
Reply with quote  
PostPosted: Tue Apr 06, 2010 7:30 pm 
Offline
Newbie

Joined: Thu Apr 01, 2010 7:35 pm
Posts: 25
If I change online = "yesxml" to online = "ie" I got no errors but the audit doesn't appear in the gui.
Is there any log files somewhere I can check? Can't find anything in the event viewer on the client machine...


Top
 Profile  
Reply with quote  
PostPosted: Tue Apr 13, 2010 9:49 am 
Offline
Newbie

Joined: Tue Apr 13, 2010 9:43 am
Posts: 10
Same Problem here. I'm only doing command line. I did the script across my whole domain. 242 scripts later, I have nothing. I tried on one pc at a time and watched and see the Unable to send XML to server using XMLHTTP error -2146697211.


Top
 Profile  
Reply with quote  
PostPosted: Wed Apr 14, 2010 1:24 am 
Offline
Moderator

Joined: Fri Jul 20, 2007 8:27 am
Posts: 1259
Maybe a misconfiguration/typo in your audit.config file? Post without passwords for review.


Top
 Profile  
Reply with quote  
PostPosted: Wed Apr 14, 2010 6:24 pm 
Offline
Newbie

Joined: Thu Apr 01, 2010 7:35 pm
Posts: 25
[quote="jpa"]Maybe a misconfiguration/typo in your audit.config file? Post without passwords for review.

I don't have any password/username maybe therefore I got "No username or password provided, asuming a local machine..." when I run the script?

Here is my audit.conf
I have set strComputer = "." because I'm now using this in a loginscript...
Doesn my subnet values look correct? It seems that when I ran over ldap it found some printers.
[code]audit_location = "r"

verbose = "y"

online = "yesxml"

strComputer = "."

ie_visible = "n"

ie_auto_submit = "y"

ie_submit_verbose = "n"

ie_form_page = "http://172.16.1.123/admin_pc_add_1.php"

non_ie_page = "http://172.16.1.123/admin_pc_add_2.php"

nmap_subnet = "172.16.8." ' The subnet you wish to scan

nmap_subnet_formatted = "172.16.080." ' The subnet padded with 0's

nmap_ie_form_page = "http://172.16.1.123/admin_nmap_input.php"

nmap_ie_visible = "n"

nmap_ie_auto_close = "y"

nmap_ip_start = 1

nmap_ip_end = 254

nmap_syn_scan = "n" ' Tcp Syn scan

nmap_udp_scan = "n" ' UDP scan

nmap_srv_ver_scan = "n" ' Service version detection.

nmap_srv_ver_int = 0 ' Service version detection intensity level. Values 0-9, 0=fast

input_file = ""

email_to = ""

email_from = ""

email_server = ""

audit_local_domain = "y"

local_domain = "LDAP://ou=Computers,dc=domain,dc=local"

hfnet = "n"

Count = 0

number_of_audits = 20

script_name = "audit.vbs"

monitor_detect = "y"

printer_detect = "y"

software_audit = "y"

uuid_type = "uuid"
[/code]

Top
 Profile  
Reply with quote  
PostPosted: Thu Apr 15, 2010 2:28 am 
Offline
Moderator

Joined: Fri Jul 20, 2007 8:27 am
Posts: 1259
[quote="zeezam"]I don't have any password/username maybe therefore I got "No username or password provided, asuming a local machine..." when I run the script?

Some config files have SMTP passwords. The "no username" stuff is ok.

[quote="zeezam"]Do my subnet values look correct? The nmap values are not used by the audit.vbs script.

[quote="zeezam"]
because I'm now using this in a loginscript
If this is called from a user login script then the user must be an administrator on the local machine to get all available data.
[quote="zeezam"]
non_ie_page = "http://172.16.1.123/admin_pc_add_2.php"
What happens if you try to browse to the non_ie_page address with your browser? Do you get an error or something like this?
[code]
Verbose:
User:
Verbose: y
System:
UUID:
Timestamp:
Software Audit:

SELECT MAX(system_audits_timestamp) AS timestamp FROM system_audits WHERE system_audits_uuid = ''
INSERT INTO system_audits (system_audits_uuid, system_audits_timestamp, system_audits_username) VALUES ('','','')
INSERT INTO system (system_uuid, system_first_timestamp) VALUES ('','')
UPDATE system SET system_timestamp = '' WHERE system_uuid = ''
Close

Page was generated in 0.11 seconds !
[/code]

Top
 Profile  
Reply with quote  
PostPosted: Thu Apr 15, 2010 11:59 pm 
Offline
Newbie

Joined: Thu Apr 01, 2010 7:35 pm
Posts: 25
If I go to that page from my ubuntu machine I got

Verbose:
User:
Verbose: y
System:
UUID:
Timestamp:
Software Audit:

SELECT MAX(system_audits_timestamp) AS timestamp FROM system_audits WHERE system_audits_uuid = ''
INSERT INTO system_audits (system_audits_uuid, system_audits_timestamp, system_audits_username) VALUES ('','','')
INSERT INTO system (system_uuid, system_first_timestamp) VALUES ('','')
UPDATE system SET system_timestamp = '' WHERE system_uuid = ''
Close

Page was generated in 0 seconds !

From my windows 7 virtual same result.

About audit.vbs in loginscript most of my users are local admin, what info do I miss if they only are power users?


Top
 Profile  
Reply with quote  
PostPosted: Fri Apr 16, 2010 3:18 am 
Offline
Moderator

Joined: Fri Jul 20, 2007 8:27 am
Posts: 1259
[quote="zeezam"]What info do I miss if they only are power users?
Probably nothing as power users are practically administrators. I'm not sure what, if anything, would be missed if they're standard users. OpenAudit makes a lot of WMI calls. I'm not sure if any require more than standard user permissions.

Do you require a proxy to get from your machine subnets to the OpenAudit server subnet?

Top
 Profile  
Reply with quote  
PostPosted: Fri Apr 16, 2010 4:52 am 
Offline
Newbie

Joined: Thu Apr 01, 2010 7:35 pm
Posts: 25
No proxy. It's on the same subnet.
I tried that script on a server that is placed on a different subnet, then I got the same error message as when I run it over ldap.


Top
 Profile  
Reply with quote  
PostPosted: Fri Apr 16, 2010 6:00 am 
Offline
Moderator

Joined: Fri Jul 20, 2007 8:27 am
Posts: 1259
How about we try using IE to submit interactively and see what we get?

Change to the following in your audit.config
[code]
online = "ie"
strComputer = "."
ie_visible = "y"
ie_auto_submit = "n"
ie_submit_verbose = "y"
[/code]
Log on to a Windows machine as Administrator. Run the audit.vbs using cscript. It should audit your machine and then open IE with the audit details which you can then submit to the OpenAudit DB. Does this work? Are there any dialog boxes that pop up that you need to click through?


Top
 Profile  
Reply with quote  
PostPosted: Fri Apr 16, 2010 6:05 am 
Offline
Newbie

Joined: Thu Apr 01, 2010 7:35 pm
Posts: 25
I forgot to say that I got this working on a local machine but I still got the error message if I change strComputer = "." to strComputer = "" and try to audit a domain...


Top
 Profile  
Reply with quote  
PostPosted: Fri Apr 16, 2010 7:39 am 
Offline
Moderator

Joined: Fri Jul 20, 2007 8:27 am
Posts: 1259
Can you audit the domain from the machine where the local audit was successful?


Top
 Profile  
Reply with quote  
PostPosted: Fri Apr 16, 2010 5:12 pm 
Offline
Newbie

Joined: Thu Apr 01, 2010 7:35 pm
Posts: 25
[quote="jpa"]Can you audit the domain from the machine where the local audit was successful?


Hmm, strange thing. It'working perfect now with domain audit. I thought I was running with this audit.conf before...

Top
 Profile  
Reply with quote  
PostPosted: Thu Jul 22, 2010 5:43 pm 
Offline
Newbie

Joined: Thu Jul 22, 2010 4:34 pm
Posts: 3
I've got the same trouble. I've changed Audit Type to "Domain" in configuration module and it worked for me.


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 14 posts ] 

All times are UTC + 10 hours


Who is online

Users browsing this forum: No registered users and 2 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Powered by phpBB® Forum Software © phpBB Group