Open-AudIT

Dear All!

I'm new in OA. I just install XAMPP on windows and deploy OA in that. Now I run audit.vbs on windows and work very good. But I also want to monitor Linux client such as Centos but I don't know how to run .sh script. Could you help me how to run .sh on Linux?

Thanks and regards.

Hoa

copy the audit file and the audit.config to the linux machine and run it with ./audit_linux.sh
It should audit the machine and post the result to the Open-AudIT server.

_________________
Support and Development hours available from [url=https://opmantek.com]Opmantek[/url].
Please consider a purchase to help make Open-AudIT better for everyone.

Unable to audit linux machines. Need some possibly basic OpenAudit help. Some background info first.

Just a couple of months ago I started working for a company that has OpenAudit installed on a debian machine. The guy who installed it left the company, and no one knows anything about it. The installation seems to be having some configuration problems.

One of the main problems is that linux machines are not being audited at all. (That is the case even when OpenAudit was installed on a Debian machine.)

Reading these forums and other pages I learned that, in order to audit the linux mahicnes, I have to run the script audit_linux.sh (allegedly to be found on the /var/www/scripts folder of the installation) on each linux machine. Found the script there, brought it to an Ubuntu desktop, and run it. Didn't work, got some error messages.

Reading forums I realized the encoding of the file could be causing problems to run it as a script. Fixed that (I think) with vim's :set ff=unix, and ran the script. It ran, even though throwing some errors, but just created a local .txt file, with a bunch of information. A very unreadable file though, full of ^^^^, which I guess are needed when sending the info to the server. But the server didn't get anything.

Now I'm reading here on this thread that is not just running audit_linux.sh, but I need to copy audit.config too. (Why that was *not* mentioned anywhere else where people have asked about auditing a linux machine is anyone's guess) Did so, and still nothing happens on the server.

Please remember I didn't install OpenAudit here, and the only knowledgeable person left. So I wonder if things were not configured properly. Do I need to manually change anything in audit.config, or after OpenAudit got installed on the server those files should be all set? (Like the .vbs script for Windows machines apparently is)

An update here. I noticed the post approval and reply speed on this forum is understandably rather slow, but also noticed that some other posts asking for similar help are still unanswered even after months.

So for anyone in a similar case, I went ahead and dug into audit.config myself, using the following page as a guideline to understand what the parameters meant:
viewtopic.php?f=6&t=1393&start=0

The parameters in audit.config were, no surprise, were incorrectly set, but after some modifications, eventually the script ran, properly sending the data to the OA server, and the server properly registering and showing the audited linux machine.

From all of this I have a suggestion to OpenAudIT developers, these would be feature requests I guess:

1) When clicking on Administration->Audit this Computer, it shouldn't download the .vbs script blindly. If the requesting user is on a browser running on a linux machine, that won't make any sense (or will it?) It should rather download both audit_linux.sh AND audit.config, or at least the page could prompt the user to let it download either the windows or the linux scripts/files.

2) After installing OpenAudit, the audit.config file could be left properly configured automatically, so that a linux audit could run right out of the box with no manual intervention needed on those files.