Open-AudIT

What's on your network?
It is currently Sat Apr 21, 2018 8:07 am

All times are UTC + 10 hours




Post new topic Reply to topic  [ 16 posts ]  Go to page 1, 2  Next
Author Message
 Post subject: OAv2 audit script
PostPosted: Thu Aug 20, 2009 3:00 pm 
Offline
Site Admin
User avatar

Joined: Mon Jun 07, 2004 11:48 am
Posts: 1944
Location: Brisbane, Australia
Anyone interested in helping me test the new audit script ?
It isn't quite finished, and it's "local" only (no remote audits).

Missing bits are-
SHARES - get rmtshare.exe from OA server, if needed (rmtshare.exe is a free download from MS that enables retrieval of share permissions).
USB Attached Devices
SCSI Devices
Tape Information
Floppy Drives
Keyboard Information
Battery Information
Modem Information
Mouse Information
Printer Information


code is attached.
Rename to audit_windows.vbs, then run with cscript audit_windows.vbs
It should produce a text file in the same directory.


Attachments:
File comment: audit script
audit_windows.txt [106.06 KiB]
Downloaded 398 times

_________________
Support and Development hours available from Opmantek.
Please consider a purchase to help make Open-AudIT better for everyone.


Last edited by Mark on Fri Aug 21, 2009 7:32 am, edited 1 time in total.
Updated script based on feedback from JayDee
Top
 Profile  
Reply with quote  
 Post subject: Re: OAv2 audit script
PostPosted: Thu Aug 20, 2009 8:49 pm 
Offline
Moderator
User avatar

Joined: Tue Jan 25, 2005 3:09 am
Posts: 2140
Location: Scotland
Works for me...

If you want a copy of the output, let me know and I'll audit my laptop in the house. (Too much confidential info on the corporate PC).

_________________
Andrew

OA Server: Windows XP/ XAMPP, Mandriva/Apache, Ubuntu
Auditing: 300+ Wstns, 20+ Srvrs, Thin clients, Linux boxes, Routers, etc
OS's: Windows XP , W2K Srvr, W2K3 Srvr, W2K8, Vista, Windows 7, Linuxes (and a Mac at home)
LDAP: Active Directory


Top
 Profile  
Reply with quote  
 Post subject: Re: OAv2 audit script
PostPosted: Thu Aug 20, 2009 8:50 pm 
Offline
Moderator
User avatar

Joined: Tue Jan 25, 2005 3:09 am
Posts: 2140
Location: Scotland
BTW Cant you sleep?
:twisted:

_________________
Andrew

OA Server: Windows XP/ XAMPP, Mandriva/Apache, Ubuntu
Auditing: 300+ Wstns, 20+ Srvrs, Thin clients, Linux boxes, Routers, etc
OS's: Windows XP , W2K Srvr, W2K3 Srvr, W2K8, Vista, Windows 7, Linuxes (and a Mac at home)
LDAP: Active Directory


Top
 Profile  
Reply with quote  
 Post subject: Re: OAv2 audit script
PostPosted: Thu Aug 20, 2009 9:50 pm 
Offline
Site Admin
User avatar

Joined: Mon Jun 07, 2004 11:48 am
Posts: 1944
Location: Brisbane, Australia
No need for me to have a copy.
Just have a look through it and see if it looks OK.
And I posted that at 3pm local time...

_________________
Support and Development hours available from Opmantek.
Please consider a purchase to help make Open-AudIT better for everyone.


Top
 Profile  
Reply with quote  
 Post subject: Re: OAv2 audit script
PostPosted: Thu Aug 20, 2009 10:23 pm 
Offline
Moderator
User avatar

Joined: Tue Jan 25, 2005 3:09 am
Posts: 2140
Location: Scotland
Mark wrote:
....
And I posted that at 3pm local time...



... hmmmm maybe thats why I keep waking up my brother in Melbourne at 3 in the morning... :twisted:

The output looks OK, If I get a chance, I'll audit a virtual box and send the results if you want...

_________________
Andrew

OA Server: Windows XP/ XAMPP, Mandriva/Apache, Ubuntu
Auditing: 300+ Wstns, 20+ Srvrs, Thin clients, Linux boxes, Routers, etc
OS's: Windows XP , W2K Srvr, W2K3 Srvr, W2K8, Vista, Windows 7, Linuxes (and a Mac at home)
LDAP: Active Directory


Top
 Profile  
Reply with quote  
 Post subject: Re: OAv2 audit script
PostPosted: Thu Aug 20, 2009 10:56 pm 
Offline
Helper

Joined: Tue Jul 25, 2006 2:33 am
Posts: 83
Location: Hampshire, UK
Mark,
Tried it on a couple of XP-SP2 boxes. Ran OK but the "Software Info" and/or the ".NET Assembly info" sections took a long time on one box at 90%+ CPU. Not sure if the message is before or after the section in question.
One buglet. The output file, <system_variables> section, was putting out closing markers of <variable_name> and <variable_value> instead of the preceding slash - </variable_name> - and so on.
I'll try it on some W2K3 servers later if I get a chance.

EDIT 14:35 EDT - Ran OK on W2K3 and W2K3 R2
John


Top
 Profile  
Reply with quote  
 Post subject: Re: OAv2 audit script
PostPosted: Fri Aug 21, 2009 7:28 am 
Offline
Site Admin
User avatar

Joined: Mon Jun 07, 2004 11:48 am
Posts: 1944
Location: Brisbane, Australia
Thanks John. Yep, the .NET info does chew up time and CPU. If you comment it out, you'll find it's heaps quicker. I do intend on leaving it in, but I also intend on providing a system to select the sections you want to create a customised audit script.

_________________
Support and Development hours available from Opmantek.
Please consider a purchase to help make Open-AudIT better for everyone.


Top
 Profile  
Reply with quote  
 Post subject: Re: OAv2 audit script
PostPosted: Fri Feb 12, 2010 12:42 am 
Offline
Helper

Joined: Tue Jul 25, 2006 2:33 am
Posts: 83
Location: Hampshire, UK
Trying the latest audit_windows.vbs in the OAv2 Alpha release, it crashes when running on a Windows 7 Enterprise box at line 1234 - really!

This the the BHO section and lines 1233 & 1234 read
Code:
if (system_os_full_name <> "Microsoft Windows 95" AND system_os_full_name <> "Microsoft Windows 98") then
set objWMIService_IE = GetObject("winmgmts:\\" & strComputer & "\root\cimv2\Applications\MicrosoftIE")


If I comment out this section the rest of the script runs fine and the whole thing works OK on Win XP boxes. Sadly I'm no WMI expert - anyone have any thoughts?
Thanks,
John

_________________
OA environment:
OA Server: Ubuntu 10.04LTS
1 Windows 2008R2 Server
4 Windows 2003 Servers
20 Windows XP workstations
1 Windows 7 workstation
2 Ubuntu 11.10 servers
Misc other networked items


Top
 Profile  
Reply with quote  
 Post subject: Re: OAv2 audit script
PostPosted: Fri Feb 12, 2010 5:23 am 
Offline
Moderator

Joined: Fri Jul 20, 2007 8:27 am
Posts: 1254
Found another crash problem with the audit script.

For writing the audit result output file I had to set the format argument of OpenTextFile to -1. I was getting an "Invalid procedure call or argument" crash.

This is likely due to garbage characters in the audit result caused by this problem.

Other than that the audit worked on my first test system. I'll audit more machines and see what I get.


Top
 Profile  
Reply with quote  
 Post subject: Re: OAv2 audit script
PostPosted: Fri Feb 12, 2010 8:05 am 
Offline
Newbie

Joined: Thu Jun 07, 2007 1:24 am
Posts: 25
Location: South Carolina
It also seems the audit script crashes when windows (7 pro in this case) reports a memory card reader which the audit sees as a hard disk and it has null space in an integer field

_________________
OA Server: Windows Server 2003 R2
Auditing: 700 + Workstations, 20+ Servers, Helps with monitoring logon statistics
OS's: Windows XP , Windows 7 Pro, Server 2003 R2, Server 2k, Server 08, Server 08 R2
LDAP: Active Directory


Top
 Profile  
Reply with quote  
 Post subject: Re: OAv2 audit script
PostPosted: Fri Feb 12, 2010 8:07 am 
Offline
Newbie

Joined: Thu Jun 07, 2007 1:24 am
Posts: 25
Location: South Carolina
Quote:
Trying the latest audit_windows.vbs in the OAv2 Alpha release, it crashes when running on a Windows 7 Enterprise box at line 1234 - really!


JayDee I think the issue here is the WMI class for IE in windows 7. I had the same issue and use WMIExplorer and couldn't find the WMI class that the audit was trying to use causing it to return an error

_________________
OA Server: Windows Server 2003 R2
Auditing: 700 + Workstations, 20+ Servers, Helps with monitoring logon statistics
OS's: Windows XP , Windows 7 Pro, Server 2003 R2, Server 2k, Server 08, Server 08 R2
LDAP: Active Directory


Top
 Profile  
Reply with quote  
 Post subject: Re: OAv2 audit script
PostPosted: Fri Feb 12, 2010 8:29 am 
Offline
Site Admin
User avatar

Joined: Mon Jun 07, 2004 11:48 am
Posts: 1944
Location: Brisbane, Australia
jpa wrote:
Found another crash problem with the audit script.

For writing the audit result output file I had to set the format argument of OpenTextFile to -1. I was getting an "Invalid procedure call or argument" crash.

This is likely due to garbage characters in the audit result caused by this problem.

Other than that the audit worked on my first test system. I'll audit more machines and see what I get.


I just had a read through that link. Damn. Not sure how to fix this. One thought though - in OAv2, the end goal is to have the audit script run locally on the machine being audited. Not (as in Open-AudIT), run from a remtoe computer. I plan to do this by using either PSEXEC (on the Windows side) or winexe (on the Linux side). Basically, it would connect to the remote PC, copy the audit script to it, setup a scheduled task (for say 1 minute's time) and then run the audit script on itself. Combine the fix mentioned in the thread (which only works locally) and I think we would have a fix. Only problem is I haven't coded the remote scripting stuff yet... and it wouldn't work from remote audits (even though I don't plan to use them).

More thought needed. Thanks though.

_________________
Support and Development hours available from Opmantek.
Please consider a purchase to help make Open-AudIT better for everyone.


Top
 Profile  
Reply with quote  
 Post subject: Re: OAv2 audit script
PostPosted: Fri Feb 12, 2010 8:30 am 
Offline
Site Admin
User avatar

Joined: Mon Jun 07, 2004 11:48 am
Posts: 1944
Location: Brisbane, Australia
iamonlyafigment wrote:
It also seems the audit script crashes when windows (7 pro in this case) reports a memory card reader which the audit sees as a hard disk and it has null space in an integer field


So, with this and the software issue, we need to work out what to do with NULL values returned... Thanks again for the feedback - much appreciated.

_________________
Support and Development hours available from Opmantek.
Please consider a purchase to help make Open-AudIT better for everyone.


Top
 Profile  
Reply with quote  
 Post subject: Re: OAv2 audit script
PostPosted: Fri Feb 12, 2010 8:30 am 
Offline
Site Admin
User avatar

Joined: Mon Jun 07, 2004 11:48 am
Posts: 1944
Location: Brisbane, Australia
iamonlyafigment wrote:
Quote:
Trying the latest audit_windows.vbs in the OAv2 Alpha release, it crashes when running on a Windows 7 Enterprise box at line 1234 - really!


JayDee I think the issue here is the WMI class for IE in windows 7. I had the same issue and use WMIExplorer and couldn't find the WMI class that the audit was trying to use causing it to return an error


Great - easy fix then. Test to see if we're running on a Win7 machine and adjust accordingly. Will work on this.

_________________
Support and Development hours available from Opmantek.
Please consider a purchase to help make Open-AudIT better for everyone.


Top
 Profile  
Reply with quote  
 Post subject: Re: OAv2 audit script
PostPosted: Mon Mar 15, 2010 11:06 am 
Offline
Newbie

Joined: Thu Feb 11, 2010 2:41 am
Posts: 19
Mark,

Good work so far

1. In OAV1 the script that performed the auditing assigned "" to initialize variables with an empty string. Wouldn't it be more practical to instead of initializing variables with "" to assign them something such as "Uknown". Let me show you this screen shot where assigning "" to variables is problematic. http://gyazo.com/909e710ad25329919334814bcf30a72e.png
Notice the empty version yet there are 6 hosts with empty versions just that I can't click on it to "drill down".


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 16 posts ]  Go to page 1, 2  Next

All times are UTC + 10 hours


Who is online

Users browsing this forum: No registered users and 3 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Powered by phpBB® Forum Software © phpBB Group