Open-AudIT

What's on your network?
It is currently Tue Apr 24, 2018 10:55 am

All times are UTC + 10 hours




Post new topic Reply to topic  [ 48 posts ]  Go to page Previous  1, 2, 3, 4  Next
Author Message
 Post subject: Re: Mac Audit
PostPosted: Tue Oct 12, 2010 8:30 am 
Offline
Moderator

Joined: Fri Jul 20, 2007 8:27 am
Posts: 1254
Maybe something like the attached which pulls the IOPlatformUUID from System_Profiler output. Then there is a command line option "-uuidType" that can take "uuid" or "name" and output appropriately.

./mac_audit -uuidType uuid
./mac_audit -uuidType name

Keep in mind that I am a terrible coder and have never used Objective-C or XCode before.


Attachments:
mac_audit.zip [70.19 KiB]
Downloaded 249 times
Top
 Profile  
Reply with quote  
 Post subject: Re: Mac Audit
PostPosted: Tue Oct 12, 2010 9:35 pm 
Offline
Helper

Joined: Thu Apr 15, 2010 12:28 am
Posts: 83
jpa wrote:
Sorry, I'm not being clear enough. I'm suggesting you go back to the original mac_audit.zip code drop and edit the mac_audit.m file such that it builds a correct mac.txt audit file. The code I quoted above is from the mac_audit.m file which is compiled to mac_audit.

Sorry, I missed your intention, it is now clear what you meant.


Top
 Profile  
Reply with quote  
 Post subject: Re: Mac Audit
PostPosted: Tue Oct 12, 2010 9:37 pm 
Offline
Helper

Joined: Thu Apr 15, 2010 12:28 am
Posts: 83
jpa wrote:
Also it looks like the mac_audit as originally compiled only works on 64 bit machines and kernels. I get a "Bad CPU type in executable" when running in a 32bit environment. 64bit works okay.

Was it originally compiled? I compiled it myself, and that might be why it was turned into 64 bit.

But yes, it looks like there is a difference:

OLD:
Code:
JonMBP:open_mac_audit jonbendtsen$ file mac_audit
mac_audit: Mach-O 64-bit executable x86_64


Your file
Code:
JonMBP:Release jonbendtsen$ file mac_audit
mac_audit: Mach-O universal binary with 3 architectures
mac_audit (for architecture x86_64):    Mach-O 64-bit executable x86_64
mac_audit (for architecture i386):    Mach-O executable i386
mac_audit (for architecture ppc7400):    Mach-O executable ppc


Top
 Profile  
Reply with quote  
 Post subject: Re: Mac Audit
PostPosted: Tue Oct 12, 2010 9:49 pm 
Offline
Helper

Joined: Thu Apr 15, 2010 12:28 am
Posts: 83
jpa wrote:
Maybe something like the attached which pulls the IOPlatformUUID from System_Profiler output. Then there is a command line option "-uuidType" that can take "uuid" or "name" and output appropriately.

./mac_audit -uuidType uuid
./mac_audit -uuidType name

Keep in mind that I am a terrible coder and have never used Objective-C or XCode before.

Good idea. It seems to work fine, and not specifying anything looks like uuid is default.

Now I just have to update my scripts to use this new method.

You also removed the 3 duplicate lines and change 1 more line:
Code:
JonMBP:tmp jonbendtsen$ diff -u old_mac.txt new_mac.txt
--- old_mac.txt    2010-10-12 13:44:34.000000000 +0200
+++ new_mac.txt    2010-10-12 13:44:23.000000000 +0200
-system01^^^ ^^^test.domain.com^^^jonbendtsen^^^ ^^^ ^^^ ^^^
+system01^^^ ^^^^^^jonbendtsen^^^ ^^^ ^^^ ^^^


You seem to get the same UUID value as I get using
Code:
ioreg -rd1 -c IOPlatformExpertDevice | grep -E '(UUID)'


Top
 Profile  
Reply with quote  
 Post subject: Re: Mac Audit
PostPosted: Wed Oct 13, 2010 11:29 pm 
Offline
Helper

Joined: Thu Apr 15, 2010 12:28 am
Posts: 83
I have 1 machine that gives strange software results for macs. It does this using the old version of this software, not the one you compiled JPA.

Code:
type    name    version
software    License    11
software    Adobe Flash CS5    11.0.0.485
software    Adobe Dreamweaver CS5    11.0.0.4909
software    Diskværktøj    11.5.1
software    {CDC977A9-B3BA-4320-BD28-96F2CC91B9E9}    3.0.122.0
software    Setup    3.0.122.0
software    Uninstall Product    3.0.122.0
software    192.168.119    6.2
software    Apple80211Agent    6.2.1
software    TCIM    6.3
software    192.168.119    6.4
software    192.168.119    6.4
software    Printer Setup Utility    6.4
software    AddPrinter    6.4
software    PrinterProxy    6.4

192.168.119 and {CDC977A9-B3BA-4320-BD28-96F2CC91B9E9} seems pretty strange names to me.

It also sometimes list our printers as software like
Code:
software    HP 4500    4.6


Top
 Profile  
Reply with quote  
 Post subject: Re: Mac Audit
PostPosted: Thu Oct 14, 2010 12:23 am 
Offline
Helper

Joined: Thu Apr 15, 2010 12:28 am
Posts: 83
Software names output depends on the language selections of the user running mac_audit. I got 5 users which use danish as their language and one who uses english, so some software names are in danish and others are in english. This makes it harder to build some sort of automatic software name recognition system which could fill out known license information. Like all the "free" software titles that comes with Mac OSX could be grouped into a Mac OSX group so you only had to apply 1 license per machine, and not as it is now, one license for EACH software (and there is a lot). Such a system could also automatically recognise open source software.


Top
 Profile  
Reply with quote  
 Post subject: Re: Mac Audit
PostPosted: Sun Jan 23, 2011 4:56 pm 
Offline
Helper

Joined: Wed Apr 07, 2010 8:04 am
Posts: 99
Location: Boston, MA
Folks, just wanted to let you know I ran your latest script on my MacBook Pro, with 10.5.8 and it worked beautifully! The compiled script created a text file which then I copied into OA and everything is there. Couple of things missing:
Model, Serial# and Manufacturer are missing. Chassis type was listed as "MacBookPro5,1". Most of the OS settings were not listed but Sophos was detected and listed as my antivirus. The list of users and groups are there although all very different from what I'm use to see with Windows audits. Hard Drive info is not shown.

Guys, this is a very exciting development and hope to see more on this front. I work in an higher ed institution and we have tons of Macs, and this will definitively help me get attention from my boss to possibly get to use OA campus wide. Our institution is very committed to Open Source and when we pick a product, we are always encouraged to participate and give back to the community that developed the product. If that happens, I can assure you some good quality contributions from our end. :mrgreen: :mrgreen: :mrgreen:

_________________
OA v1.5.2 on Windows Server 2003 and WAMP 2.0 (Apache 2.2.22, PHP 5.4.3, MySQL 5.1.36).
OA v1.5.3 on Linux
Auditing 500 Windows 7 computers via GPO, 200 Apple OSX 10.8/10.9/10.10


Top
 Profile  
Reply with quote  
 Post subject: Re: Mac Audit
PostPosted: Tue Jan 25, 2011 4:10 am 
Offline
Helper

Joined: Wed Apr 07, 2010 8:04 am
Posts: 99
Location: Boston, MA
Folks,
I ran the Mac audit on one iMac with 10.6.6 that is part of an Active Directory, under users and groups it has listed every user and group on my AD domain. Any chance we can look at that, please let me know if I can be of any help. Consider me your beta tester.
Thanks

_________________
OA v1.5.2 on Windows Server 2003 and WAMP 2.0 (Apache 2.2.22, PHP 5.4.3, MySQL 5.1.36).
OA v1.5.3 on Linux
Auditing 500 Windows 7 computers via GPO, 200 Apple OSX 10.8/10.9/10.10


Top
 Profile  
Reply with quote  
 Post subject: Re: Mac Audit
PostPosted: Tue Jan 25, 2011 4:19 am 
Offline
Moderator

Joined: Fri Jul 20, 2007 8:27 am
Posts: 1254
What do you get for output from the commands below? You might want to sanitize the output if it contains stuff you don't want public.

Code:
/usr/bin/dscacheutil -q user
/usr/bin/dscacheutil -q group


Top
 Profile  
Reply with quote  
 Post subject: Re: Mac Audit
PostPosted: Tue Jan 25, 2011 6:11 am 
Offline
Helper

Joined: Wed Apr 07, 2010 8:04 am
Posts: 99
Location: Boston, MA
I'm pasting DSCACHEUTIL below, but I only those account that look like local accounts, then there's hundreds of users listed, all which have their own uid, gid, and dir from what I think is coming from my AD directory. My computer is bound to AD.

Code:
myimac1:bin tech$ dscacheutil -q user

name: _amavisd
password: *
uid: 83
gid: 83
dir: /var/virusmails
shell: /usr/bin/false
gecos: AMaViS Daemon

name: _appowner
password: *
uid: 87
gid: 87
dir: /var/empty
shell: /usr/bin/false
gecos: Application Owner

name: _appserver
password: *
uid: 79
gid: 79
dir: /var/empty
shell: /usr/bin/false
gecos: Application Server

name: _ard
password: *
uid: 67
gid: 67
dir: /var/empty
shell: /usr/bin/false
gecos: Apple Remote Desktop

name: _atsserver
password: *
uid: 97
gid: 97
dir: /var/empty
shell: /usr/bin/false
gecos: ATS Server

name: _calendar
password: *
uid: 93
gid: 93
dir: /var/empty
shell: /usr/bin/false
gecos: Calendar

name: _carddav
password: *
uid: 206
gid: 206
dir: /var/empty
shell: /usr/bin/false
gecos: CardDAV Service

name: _clamav
password: *
uid: 82
gid: 82
dir: /var/virusmails
shell: /usr/bin/false
gecos: ClamAV Daemon

name: _coreaudiod
password: *
uid: 202
gid: 202
dir: /var/empty
shell: /usr/bin/false
gecos: Core Audio Daemon

name: _cvmsroot
password: *
uid: 212
gid: 212
dir: /var/empty
shell: /usr/bin/false
gecos: CVMS Root

name: _cvs
password: *
uid: 72
gid: 72
dir: /var/empty
shell: /usr/bin/false
gecos: CVS Server

name: _cyrus
password: *
uid: 77
gid: 6
dir: /var/imap
shell: /usr/bin/false
gecos: Cyrus Administrator

name: _devdocs
password: *
uid: 59
gid: 59
dir: /var/empty
shell: /usr/bin/false
gecos: Developer Documentation

name: _dovecot
password: *
uid: 214
gid: 6
dir: /var/empty
shell: /usr/bin/false
gecos: Dovecot Administrator

name: _dpaudio
password: *
uid: 215
gid: 215
dir: /var/empty
shell: /usr/bin/false
gecos: DP Audio

name: _eppc
password: *
uid: 71
gid: 71
dir: /var/empty
shell: /usr/bin/false
gecos: Apple Events User

name: _installer
password: *
uid: 96
gid: -2
dir: /var/empty
shell: /usr/bin/false
gecos: Installer

name: _jabber
password: *
uid: 84
gid: 84
dir: /var/empty
shell: /usr/bin/false
gecos: Jabber XMPP Server

name: _lda
password: *
uid: 211
gid: 211
dir: /var/empty
shell: /usr/bin/false
gecos: Local Delivery Agent

name: _locationd
password: *
uid: 205
gid: 205
dir: /var/empty
shell: /usr/bin/false
gecos: Location Daemon

name: _lp
password: *
uid: 26
gid: 26
dir: /var/spool/cups
shell: /usr/bin/false
gecos: Printing Services

name: _mailman
password: *
uid: 78
gid: 78
dir: /var/empty
shell: /usr/bin/false
gecos: Mailman List Server

name: _mcxalr
password: *
uid: 54
gid: 54
dir: /var/empty
shell: /usr/bin/false
gecos: MCX AppLaunch

name: _mdnsresponder
password: *
uid: 65
gid: 65
dir: /var/empty
shell: /usr/bin/false
gecos: mDNSResponder

name: _mysql
password: *
uid: 74
gid: 74
dir: /var/empty
shell: /usr/bin/false
gecos: MySQL Server

name: _ocsng
password: ********
uid: 3995
gid: 3995
dir: /var/empty
shell: /usr/bin/false
gecos: OCSNG Daemon User

name: _pcastagent
password: *
uid: 55
gid: 55
dir: /var/pcast/agent
shell: /usr/bin/false
gecos: Podcast Producer Agent

name: _pcastserver
password: *
uid: 56
gid: 56
dir: /var/pcast/server
shell: /usr/bin/false
gecos: Podcast Producer Server

name: _postfix
password: *
uid: 27
gid: 27
dir: /var/spool/postfix
shell: /usr/bin/false
gecos: Postfix Mail Server

name: _qtss
password: *
uid: 76
gid: 76
dir: /var/empty
shell: /usr/bin/false
gecos: QuickTime Streaming Server

name: _sandbox
password: *
uid: 60
gid: 60
dir: /var/empty
shell: /usr/bin/false
gecos: Seatbelt

name: _screensaver
password: *
uid: 203
gid: 203
dir: /var/empty
shell: /usr/bin/false
gecos: Screensaver

name: _securityagent
password: *
uid: 92
gid: 92
dir: /var/empty
shell: /usr/bin/false
gecos: SecurityAgent

name: _serialnumberd
password: *
uid: 58
gid: 58
dir: /var/empty
shell: /usr/bin/false
gecos: Serial Number Daemon

name: _softwareupdate
password: *
uid: 200
gid: 200
dir: /var/empty
shell: /usr/bin/false
gecos: Software Update Service

name: _spotlight
password: *
uid: 89
gid: 89
dir: /var/empty
shell: /usr/bin/false
gecos: Spotlight

name: _sshd
password: *
uid: 75
gid: 75
dir: /var/empty
shell: /usr/bin/false
gecos: sshd Privilege separation

name: _svn
password: *
uid: 73
gid: 73
dir: /var/empty
shell: /usr/bin/false
gecos: SVN Server

name: _teamsserver
password: *
uid: 94
gid: 94
dir: /var/teamsserver
shell: /usr/bin/false
gecos: TeamsServer

name: _timezone
password: *
uid: 210
gid: 210
dir: /var/empty
shell: /usr/bin/false
gecos: AutoTimeZoneDaemon

name: _tokend
password: *
uid: 91
gid: 91
dir: /var/empty
shell: /usr/bin/false
gecos: Token Daemon

name: _trustevaluationagent
password: *
uid: 208
gid: 208
dir: /var/empty
shell: /usr/bin/false
gecos: Trust Evaluation Agent

name: _unknown
password: *
uid: 99
gid: 99
dir: /var/empty
shell: /usr/bin/false
gecos: Unknown User

name: _update_sharing
password: *
uid: 95
gid: -2
dir: /var/empty
shell: /usr/bin/false
gecos: Update Sharing

name: _usbmuxd
password: *
uid: 213
gid: 213
dir: /var/db/lockdown
shell: /usr/bin/false
gecos: iPhone OS Device Helper

name: _uucp
password: *
uid: 4
gid: 4
dir: /var/spool/uucp
shell: /usr/sbin/uucico
gecos: Unix to Unix Copy Protocol

name: _windowserver
password: *
uid: 88
gid: 88
dir: /var/empty
shell: /usr/bin/false
gecos: WindowServer

name: _www
password: *
uid: 70
gid: 70
dir: /Library/WebServer
shell: /usr/bin/false
gecos: World Wide Web Server

name: _xgridagent
password: *
uid: 86
gid: 86
dir: /var/xgrid/agent
shell: /usr/bin/false
gecos: Xgrid Agent

name: _xgridcontroller
password: *
uid: 85
gid: 85
dir: /var/xgrid/controller
shell: /usr/bin/false
gecos: Xgrid Controller

name: local-test
password: *
uid: (xxxxxxxxx)
gid: (xxxxxxxxx)
dir: /Users/local-test
shell: /bin/bash
gecos: Local Test

name: Tech
password: *
uid: 501
gid: 20
dir: /Users/tech
shell: /bin/bash
gecos: Tech

name: daemon
password: *
uid: 1
gid: 1
dir: /var/root
shell: /usr/bin/false
gecos: System Services

name: nobody
password: *
uid: -2
gid: -2
dir: /var/empty
shell: /usr/bin/false
gecos: Unprivileged User

name: root
password: *
uid: 0
gid: 0
dir: /var/root
shell: /bin/sh
gecos: System Administrator

Then... thousands of users like this....

name: sherwood
password: ********
uid: (xxxxxxxxx)
gid: (xxxxxxxxx)
dir: /Network/Servers/(xxxxxxxxx)/users$/SHERWOOD
shell: /bin/bash
gecos: Bob Sherwood


_________________
OA v1.5.2 on Windows Server 2003 and WAMP 2.0 (Apache 2.2.22, PHP 5.4.3, MySQL 5.1.36).
OA v1.5.3 on Linux
Auditing 500 Windows 7 computers via GPO, 200 Apple OSX 10.8/10.9/10.10


Top
 Profile  
Reply with quote  
 Post subject: Re: Mac Audit
PostPosted: Tue Jan 25, 2011 7:17 am 
Offline
Moderator

Joined: Fri Jul 20, 2007 8:27 am
Posts: 1254
Probably easy enough to filter based on the "dir" field.

I don't know if I'd put a lot of work in to using OpenAudit v1 for auditing a large number of Macs. I think OpenAudit version 1 is basically in maintenance mode right now and the Mac stuff isn't especially robust as you've discovered. The source is available so in the past I've spun up a Mac VM and tried to help out. Unless you can edit and compile the source yourself I'm not sure it's worth your time.

Of course I could be totally wrong.


Top
 Profile  
Reply with quote  
 Post subject: Re: Mac Audit
PostPosted: Tue Jan 25, 2011 8:15 am 
Offline
Helper

Joined: Wed Apr 07, 2010 8:04 am
Posts: 99
Location: Boston, MA
Well, I'm personally not a coder, but a SysAdmin who manages a mix environment of PC and Macs, I'm just looking to help and contribute in some way to those smarter than me who came up with the Mac Audit script who, I'm sure, are also eager to be able to audit Macs in OA too.

Hopefully, with the powers of Open Source and mass collaboration and the internets, we can come up with an audit script that mirrors that of the PC that we can use in OA and/or OAv2 and who knows, maybe we'll be able to contribute with something to OA and the user community in general in the Mac front. Call it wishful thinking. :wink:

_________________
OA v1.5.2 on Windows Server 2003 and WAMP 2.0 (Apache 2.2.22, PHP 5.4.3, MySQL 5.1.36).
OA v1.5.3 on Linux
Auditing 500 Windows 7 computers via GPO, 200 Apple OSX 10.8/10.9/10.10


Top
 Profile  
Reply with quote  
 Post subject: Re: Mac Audit
PostPosted: Tue Jan 25, 2011 8:47 am 
Offline
Moderator

Joined: Fri Jul 20, 2007 8:27 am
Posts: 1254
No worries. I just didn't want you to get too far in to the process without a heads-up.

I'll try to hack something that allows one to filter users on the "dir" field.


Top
 Profile  
Reply with quote  
 Post subject: Re: Mac Audit
PostPosted: Tue Jan 25, 2011 1:39 pm 
Offline
Helper

Joined: Wed Apr 07, 2010 8:04 am
Posts: 99
Location: Boston, MA
No worries, I think the filtering needs to be done at the script level so we don't send unneeded amount of data over the network. Also, need to get serial number out of the machine as well.

_________________
OA v1.5.2 on Windows Server 2003 and WAMP 2.0 (Apache 2.2.22, PHP 5.4.3, MySQL 5.1.36).
OA v1.5.3 on Linux
Auditing 500 Windows 7 computers via GPO, 200 Apple OSX 10.8/10.9/10.10


Top
 Profile  
Reply with quote  
 Post subject: Re: Mac Audit
PostPosted: Wed Jan 26, 2011 5:17 am 
Offline
Helper

Joined: Wed Apr 07, 2010 8:04 am
Posts: 99
Location: Boston, MA
Aww.. snap!
I just realized one thing, in OAv1 the admin_pc_add_2.php takes plain text, and OAv2 takes XML data.
Now I understand why you say don't get too carried away. :(

_________________
OA v1.5.2 on Windows Server 2003 and WAMP 2.0 (Apache 2.2.22, PHP 5.4.3, MySQL 5.1.36).
OA v1.5.3 on Linux
Auditing 500 Windows 7 computers via GPO, 200 Apple OSX 10.8/10.9/10.10


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 48 posts ]  Go to page Previous  1, 2, 3, 4  Next

All times are UTC + 10 hours


Who is online

Users browsing this forum: No registered users and 3 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Powered by phpBB® Forum Software © phpBB Group