Registrations to Open-AudIT forums are now closed. To ask any new questions please visit Opmantek Community Questions.

Open-AudIT

What's on your network?
It is currently Tue Mar 19, 2024 1:03 pm

All times are UTC + 10 hours




Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 19 posts ]  Go to page 1, 2  Next
Author Message
 Post subject: [FIXED] LDAP audit.vbs
PostPosted: Thu Oct 25, 2012 4:19 pm 
Offline
Newbie

Joined: Tue Sep 25, 2012 5:52 am
Posts: 32
Hello there,

i seems to have a problem with the LDAP audits.
- I setup LDAP both Security and LDAP/SMTP- tested, all good.
- I setup share with audit.vbs accessible to everyone- tested, all good
- I setup configuration:
> Computer Audit
> Domain
> Windows
where i tested LDAP and got back results (Computers names within the domain). Previously i've setup a Domain GPO to run the audit.vbs on user login and it works fine. I get all the data. The problem is, that when i run the LDAP configuration, im not getting anything. The job ends in 5 seconds. In log file i see following msg:

PHP Notice: Undefined variable: ip_end in /var/www/html/scs/audit_configuration.php on line 277, referer: http://<IP>/scs/audit_manage.php
PHP Notice: Undefined variable: linux_software in /var/www/html/scs/audit_configuration.php on line 365, referer: http://<IP>/scs/audit_manage.php


If i run the audit.vbs from server share on any PC, getting msg, pointing to a specific command in audit.vbs "Set objRecordSet = objCommand.Execute"
see attachment. Here is the settings from audit.vbs. That is the only thing i set in this script:


this_config_url = "%host_url%"
if (left(this_config_url,1) = "%") then
this_config_url = "http://<OA IP>/scs/list_export_config.php"
end if



Please let me know what can be the cause of this. Perhaps there is another script for domain audit..?

Thank you.

Ivan


Attachments:
vbs error.jpg
vbs error.jpg [ 39.4 KiB | Viewed 24262 times ]


Last edited by admssm on Fri Nov 09, 2012 7:01 pm, edited 1 time in total.
Top
 Profile  
Reply with quote  
 Post subject: Re: LDAP audit.vbs
PostPosted: Sat Oct 27, 2012 1:42 am 
Offline
Moderator

Joined: Fri Jul 20, 2007 8:27 am
Posts: 1259
I'll say it again: give up on using the web interface to configure Open Audit. Configure the audit.config file by hand and run the audits yourself using "cscript audit.vbs" from the individual machines or from a central machine for a domain audit.

Follow the [url=http://www.open-audit.org/phpBB3/viewtopic.php?f=6&t=1464]How to Audit a Domain faq[/url].


Top
 Profile  
Reply with quote  
 Post subject: Re: LDAP audit.vbs
PostPosted: Sat Oct 27, 2012 5:03 am 
Offline
Newbie

Joined: Tue Sep 25, 2012 5:52 am
Posts: 32
how do i run the audit.vbs for a domain so i actually get the data into db..? if i run cscritp audit.vbs it shows the computers, but no data coming accoss to db.


Top
 Profile  
Reply with quote  
 Post subject: Re: LDAP audit.vbs
PostPosted: Sat Oct 27, 2012 5:58 am 
Offline
Moderator

Joined: Fri Jul 20, 2007 8:27 am
Posts: 1259
For a domain audit you need a properly configured audit.config file and the audit.vbs script in the same location. How to configure the audit.config file is in the How To link in my earlier post. Post your audit.config file and we can review why it's not working.


Top
 Profile  
Reply with quote  
 Post subject: Re: LDAP audit.vbs
PostPosted: Sat Oct 27, 2012 9:40 pm 
Offline
Newbie

Joined: Tue Sep 25, 2012 5:52 am
Posts: 32
Hi jpa,
i sent you both files via PM. First is from OA server /html/scs/scripts/ and the second one is from network share c:\openaudit\
Im not sure which one is audit.vbs looking for/ is used for setting up the domain scan. Please review and let me know your thoughts..

Thank you for your time and support.. :)


Top
 Profile  
Reply with quote  
 Post subject: Re: LDAP audit.vbs
PostPosted: Wed Oct 31, 2012 1:55 am 
Offline
Moderator

Joined: Fri Jul 20, 2007 8:27 am
Posts: 1259
For a domain audit you should have the audit.vbs and audit.config files in the same directory on a windows host. Then run "cscript audit.vbs" as a user with admin privileges on the target hosts. The audit.vbs will spawn multiple scanning jobs and work it's way through your domain computers.

For the above to work the audit.config file should be properly configured. It should have the following defined. I pulled this from the commented-audit.vbs file and modified a bit so I didn't have to retype too much. Make sure that whatever you have for non_ie_page works. If you can browse to the non_ie_page URL or submit a single computer audit then you should be good.

[code]'--> Contents of "audit.config" external config file. Must reside in same folder as AUDIT.VBS.
'--> Any lines below that are uncommented will over-write settings read in from "audit_config".
'--> Settings below may be uncommented for degugging and testing but should normally be commented out.
audit_location = "r" '--> if set to "l" will also audit the locally mapped drives
audit_host="http://localhost.local"
verbose = "y" '--> setting to "y" causes additional VB pop-up dialog boxes during the run
online = "yesxml" '--> Use "yesxml" to send data via XML(default setting). use "ie" to send using an IE instance, "p" to print to a local IE instance, "n" for text dump files
strComputer = "" '--> may be set to a single PC to scan
ie_form_page = audit_host + "/pathto/admin_pc_add_1.php" '--> set this to the IE form submit page
non_ie_form_page = audit_host + "/pathto/admin_pc_add_2.php" '--> set this to the XML form submit page
audit_local_domain = "y" '--> setting to "y" will cause a full local domain audit
local_domain = "LDAP://DC=xxxx,DC=local" '--> your local domain
Count = 0 '--> presets variable to zero
number_of_audits = 20 '--> number of simultaneous processes to run
script_name = "audit.vbs" '--> this script
monitor_detect = "y" '--> include monitor information
printer_detect = "y" '--> include printer information
software_audit = "y" '--> include software information
uuid_type = "mac" '--> sets the index for each system record, "mac" is default, also "uuid" or "name"[/code]


Top
 Profile  
Reply with quote  
 Post subject: Re: LDAP audit.vbs
PostPosted: Wed Oct 31, 2012 5:53 am 
Offline
Newbie

Joined: Tue Sep 25, 2012 5:52 am
Posts: 32
Hi,

thx for your reply. Ill configure the file as instructed. Just want ot confirm, that this cinfig url should
be pointing to OA server/list_export_config.php"
Right?

my OA server is a linux machine, IP 172.16.0.xx1. Windows domain is 172.16.0.xx2
inside the audit.config file.. this option should be set like this..? Bsically is pointing to localhost, not the OA server..
audit_host="http://localhost.local"

right..?


Top
 Profile  
Reply with quote  
 Post subject: Re: LDAP audit.vbs
PostPosted: Wed Oct 31, 2012 6:15 am 
Offline
Moderator

Joined: Fri Jul 20, 2007 8:27 am
Posts: 1259
So now you've found the problem with my lazy cut and paste. The audit_host="http://localhost.local" and non_ie_form_page = audit_host + "/pathto/admin_pc_add_2.php" should build a URL that points at your Open Audit server. In the example I posted you would run the audit.vbs on the OpenAudit server and localhost would be valid if your web server was listening on localhost. If you're running the audit from a different host than the OA server then you'll need to change the audit_host line.

As for the list_export_config.php lines you can ignore them as long as you have a properly configured audit.config with your audit.vbs file. If you run the audit.vbs without an audit.config file then the audit.vbs uses the list_export_config.php stuff to pull down a default audit.config file from the OpenAudit server. This default audit.config file is configured to audit the machine that the audit.vbs is running on and does not handle domain audits or even different configuration options you might want. Ignore it. Someone it the distant past thought it would be a good idea and put the code in but didn't put a lot of effort into making it flexible. If you care you can read the code of list_export_config.php to see the exact options it sets. Or just browse to the list_export_config.php url and see what you get back.


Top
 Profile  
Reply with quote  
 Post subject: Re: LDAP audit.vbs
PostPosted: Wed Oct 31, 2012 7:17 pm 
Offline
Newbie

Joined: Tue Sep 25, 2012 5:52 am
Posts: 32
OK,

i followed your instructions:
i verified that i can open from the domain "non_ie_form_page = audit_host + "/pathto/admin_pc_add_2.php"
i commented inside audit.vbs "list_export_config.php"
i copied audit.config to the same folder as the audit.vbs is
i verified connection to LDAP

when i open the "admin_pc_add_2.php" getting this page... Is it ok..?

Verbose:
User:
Verbose: y
System:
UUID:
Timestamp:
Software Audit:

SELECT MAX(system_audits_timestamp) AS timestamp FROM system_audits WHERE system_audits_uuid = ''
INSERT INTO system_audits (system_audits_uuid, system_audits_timestamp, system_audits_username) VALUES ('','','')
INSERT INTO system (system_uuid, system_first_timestamp) VALUES ('','')
UPDATE system SET system_timestamp = '' WHERE system_uuid = ''
Close
Page was generated in 0 seconds !


when i run the script, i discoveres only the domain pc, even though there are others as well.
Please let me know..


Top
 Profile  
Reply with quote  
 Post subject: Re: LDAP audit.vbs
PostPosted: Thu Nov 01, 2012 1:33 am 
Offline
Moderator

Joined: Fri Jul 20, 2007 8:27 am
Posts: 1259
I'm not sure what the problem is. Could you PM me the audit.config file that you're using?


Top
 Profile  
Reply with quote  
 Post subject: Re: LDAP audit.vbs
PostPosted: Mon Nov 05, 2012 3:54 pm 
Offline
Newbie

Joined: Tue Sep 25, 2012 5:52 am
Posts: 32
Hi,

IP address inside the file is the OA server. The audit.config is sitting in a domain share folder together with audit.vbs. Please let me know.

Thank you.


Top
 Profile  
Reply with quote  
 Post subject: Re: LDAP audit.vbs
PostPosted: Tue Nov 06, 2012 2:20 am 
Offline
Moderator

Joined: Fri Jul 20, 2007 8:27 am
Posts: 1259
Woops I messed up again with my cut and paste. After reviewing the code of audit.vbs you need to have strComputer set to an empty string if you're trying to do a domain audit.

[code]strComputer = "" [/code]

Hopefully that works.


Top
 Profile  
Reply with quote  
 Post subject: Re: LDAP audit.vbs
PostPosted: Tue Nov 06, 2012 6:31 pm 
Offline
Newbie

Joined: Tue Sep 25, 2012 5:52 am
Posts: 32
Hi,
i tried to run the script manually from DC, but getting error msg from audit.vbs (attached). Please let me know. I pm you the audit.vbs file if there is something not configured properly. When i try to open the path [i]http://<OA server IP>//scs/admin_pc_add_1.php, im getting the OA server page i described previously. Please let me know.
Thank you.


Attachments:
error.jpg
error.jpg [ 32.43 KiB | Viewed 24174 times ]
Top
 Profile  
Reply with quote  
 Post subject: Re: LDAP audit.vbs
PostPosted: Wed Nov 07, 2012 2:32 am 
Offline
Moderator

Joined: Fri Jul 20, 2007 8:27 am
Posts: 1259
This error at this line indicates a problem with the local_domain variable in the audit.config. Make sure you have a valid ADsPath. The code runs the following ADODB.Command:
[code]"Select Name, Location from '" & local_domain & "' Where objectClass='computer'"[/code]

Based on the version of your audit.vbs file you should upgrade to the latest OAv1 [url=http://open-audit.svn.sourceforge.net/viewvc/open-audit/trunk/?view=tar]from SVN[/url]. Even then OAv1 is old and you need additional changes to get some things working. I have recent posts that cover some of these.


Top
 Profile  
Reply with quote  
 Post subject: Re: LDAP audit.vbs
PostPosted: Wed Nov 07, 2012 4:17 pm 
Offline
Newbie

Joined: Tue Sep 25, 2012 5:52 am
Posts: 32
Well, i corrected the LDAP path and the script actually did run for all hosts (cscript audit.vbs). However in the OA i could only see the DC, not the hosts info. I checked WMI on several hosts and they all running fine. Why am i not getting the hosts infor into OA ..?

Thank you.


Attachments:
log.jpg
log.jpg [ 38.55 KiB | Viewed 24157 times ]
Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 19 posts ]  Go to page 1, 2  Next

All times are UTC + 10 hours


Who is online

Users browsing this forum: No registered users and 2 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Powered by phpBB® Forum Software © phpBB Group