Registrations to Open-AudIT forums are now closed. To ask any new questions please visit Opmantek Community Questions.

Open-AudIT

What's on your network?
It is currently Thu Mar 28, 2024 7:39 pm

All times are UTC + 10 hours




Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 8 posts ] 
Author Message
PostPosted: Wed Aug 11, 2010 12:59 am 
Offline
Newbie

Joined: Tue Aug 10, 2010 3:41 am
Posts: 5
Hi, I have OpenAudit installed on a 2003 r2 server, firewall is off on the server, have run firewall-allow.vbs on 2 of the domain machines (XP Boxes) and when I run cscript.vbs I can see the machines on the domain as it runs, however, when it finishes there is nothing in the web page, I have the host only. The log file says everything was fine except: Unable to send XML to server using XMLHTTP - HTTP Response: 404 (Not Found) - Error 0 - Completed OK.' any help sorting this out would be appreciated, I have tried changing the audit host and ie form fields to ip address, localhost, fqdn but still get no population.
Thanks, Peter


Top
 Profile  
Reply with quote  
PostPosted: Fri Aug 13, 2010 2:36 am 
Offline
Moderator

Joined: Fri Jul 20, 2007 8:27 am
Posts: 1259
Post your audit.config without passwords.


Top
 Profile  
Reply with quote  
PostPosted: Tue Aug 17, 2010 1:22 am 
Offline
Newbie

Joined: Tue Aug 10, 2010 3:41 am
Posts: 5
Thanks, here's the config file, this is running on a virtual machine, I have also tried the same thing on an xp workstation with xampp with the same result, it sees the 52 machines and runs the script, but no postings, i ran the firewall_allow.vbs on a couple of machines and ran the script with the same result, I do get an error if I try running it as a non-admin. Thanks, Peter



' Standard audit section
'
audit_location = "l"
verbose = "y"
audit_host= "http://192.168.1.136" tried 127.0.0.1, localhost etc.
online = "ie"
strComputer = ""
ie_visible = "y"
ie_auto_submit = "n"
ie_submit_verbose = "y"
ie_form_page = "http://127.0.0.1/admin_pc_add_1.php" tried variations of this as well
non_ie_page = "http://127.0.0.1/admin_pc_admin_pc_add_2.php"
input_file = "pc_list_file.txt"

'
' Email authentication
'
'

email_to = "plarson@domain.com"
email_from = "plarson@domain.com"
email_sender = ""
email_server = "192.168.1.xxx" ' IP address or FQDN
email_port = "25" ' The SMTP port
email_auth = "1" ' 0 = Anonymous, 1 = Clear-text Authentication, 2 = NTLM
email_user_id = "plarson@domain.com" ' A valid Email account in user@domain format
email_user_pwd = "xxxxx" ' The SMTP email password
email_use_ssl = "false" ' True/False
email_timeout = "60" ' In seconds
send_email = "true" ' True/False - Enable/Disable email sending

audit_local_domain = "y"
use_audit_log = "y"

'
' Set domain_type = 'nt' for NT4 or SAMBA otherwise leave blank or set to ldap
'domain_type = "nt"

local_domain = "LDAP://xxx.domain.com"

'
' Example Set Domain name for NT ONLY for LDAP use the above format
' NOTE This is Case Sensetive. See the example below.
'
'local_domain = "WinNT://IEXPLORE"
'local_domain = "WinNT://<domainname>"
'

hfnet = "n"
Count = 0
number_of_audits = 10
script_name = "audit.vbs"
monitor_detect = "y"
printer_detect = "y"
software_audit = "y"
uuid_type = "uuid"
'
' Nmap section
'
nmap_tmp_cleanup = true ' Set this false if you want to leave the tmp files for analysis in your tmp folder
nmap_subnet = "192.168.1." ' The subnet you wish to scan
nmap_subnet_formatted = "192.168.001." ' The subnet padded with 0's
nmap_ie_form_page = "http://192.168.1.136/admin_pc_add_1.php"
nmap_ie_visible = "n"
nmap_ie_auto_close = "y"
nmap_ip_start = 1
nmap_ip_end = 254
nmap_syn_scan = "y" ' Tcp Syn scan
nmap_udp_scan = "y" ' UDP scan
nmap_srv_ver_scan = "y" ' Service version detection.
nmap_srv_ver_int = 9 ' Service version detection intensity level. Values 0-9, 0=fas


Top
 Profile  
Reply with quote  
PostPosted: Fri Aug 20, 2010 6:43 am 
Offline
Newbie

Joined: Tue Aug 10, 2010 3:41 am
Posts: 5
Hi, I thought I posted this a couple of days ago, but haven't seen it surface yet so am trying again. Thanks, Peter

'
' Standard audit section
'
audit_location = "l"
verbose = "y"
audit_host= "http://127.0.0.1" (tried netbios name, ip address of server and localhost here)
online = "ie"
strComputer = ""
ie_visible = "y"
ie_auto_submit = "n"
ie_submit_verbose = "y"
ie_form_page = "http://127.0.0.1/admin_pc_add_1.php" (tried ip of server here)
non_ie_page = "http://127.0.0.1/admin_pc_admin_pc_add_2.php"
input_file = "pc_list_file.txt"

'
' Email authentication
'
'

email_to = "plarson@domain.com"
email_from = "plarson@domain.com"
email_sender = ""
email_server = "192.168.1.x" ' IP address or FQDN
email_port = "25" ' The SMTP port
email_auth = "1" ' 0 = Anonymous, 1 = Clear-text Authentication, 2 = NTLM
email_user_id = "plarson@domain.com" ' A valid Email account in user@domain format
email_user_pwd = "xxxxxxxxxx" ' The SMTP email password
email_use_ssl = "false" ' True/False
email_timeout = "60" ' In seconds
send_email = "true" ' True/False - Enable/Disable email sending

audit_local_domain = "y"
use_audit_log = "y"

'
' Set domain_type = 'nt' for NT4 or SAMBA otherwise leave blank or set to ldap
'domain_type = "nt"

local_domain = "LDAP://domain.com"

'
' Example Set Domain name for NT ONLY for LDAP use the above format
' NOTE This is Case Sensetive. See the example below.
'
'local_domain = "WinNT://IEXPLORE"
'local_domain = "WinNT://<domainname>"
'

hfnet = "n"
Count = 0
number_of_audits = 10
script_name = "audit.vbs"
monitor_detect = "y"
printer_detect = "y"
software_audit = "y"
uuid_type = "uuid"
'
' Nmap section
'
nmap_tmp_cleanup = true ' Set this false if you want to leave the tmp files for analysis in your tmp folder
nmap_subnet = "192.168.1." ' The subnet you wish to scan
nmap_subnet_formatted = "192.168.001." ' The subnet padded with 0's
nmap_ie_form_page = "http://192.168.1.136/admin_pc_add_1.php"
nmap_ie_visible = "n"
nmap_ie_auto_close = "y"
nmap_ip_start = 1
nmap_ip_end = 254
nmap_syn_scan = "y" ' Tcp Syn scan
nmap_udp_scan = "y" ' UDP scan
nmap_srv_ver_scan = "y" ' Service version detection.
nmap_srv_ver_int = 9 ' Service version detection intensity level. Values 0-9, 0=fast


Top
 Profile  
Reply with quote  
PostPosted: Fri Aug 20, 2010 9:33 am 
Offline
Moderator

Joined: Fri Jul 20, 2007 8:27 am
Posts: 1259
And the problem is obvious now. You've got a config that says use IE to post but don't auto submit.

Change to something like the following:

[code]
audit_host="http://openaudit" ' edit for your environment
online = "yesxml"
ie_form_page = audit_host + "/admin_pc_add_1.php"
non_ie_page = audit_host + "/admin_pc_add_2.php"
[/code]


Top
 Profile  
Reply with quote  
PostPosted: Sat Aug 21, 2010 5:27 am 
Offline
Newbie

Joined: Tue Aug 10, 2010 3:41 am
Posts: 5
Yahoo! that gets me closer, It will see all the devices and printers will populate the web page, but the pcs and servers will only show up if I run them individually eg. audit.vbs pc#1.

Thanks, Peter


Top
 Profile  
Reply with quote  
PostPosted: Thu Aug 26, 2010 1:09 am 
Offline
Moderator

Joined: Fri Jul 20, 2007 8:27 am
Posts: 1259
If you're really using this exact config then I'd say this is your problem.

[code]
audit_local_domain = "y"
local_domain = "LDAP://domain.com" [/code]

You're saying to do a domain audit but not specifying your domain. Unless you work for Domainbank. :)


Top
 Profile  
Reply with quote  
PostPosted: Thu Aug 26, 2010 5:17 am 
Offline
Newbie

Joined: Tue Aug 10, 2010 3:41 am
Posts: 5
Thanks, That was a coverup, I use the actual domain there eg boston.myrealdomain.com, If I leave the boston out of it the audit script throws a compile error when I try to run it, it's got me baffled though, that I can run the script with the individual computer name and it works, but when I run it as a domain audit I get all the expected activity (see attached) and the log files don't have anything unexpected in them.

One other thing, we are migrating to win 7 and on all those machines I get an error - the rpc server is unavailable, haven't found much in the forums about thatand have run the firewall_allow.vbs on the machines, and tried turning off the firewall as well.

Thanks again, Peter


Attachments:
openaudit 3.JPG
openaudit 3.JPG [ 92.72 KiB | Viewed 6562 times ]
Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 8 posts ] 

All times are UTC + 10 hours


Who is online

Users browsing this forum: No registered users and 2 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Powered by phpBB® Forum Software © phpBB Group