Open-AudIT https://www.open-audit.org/phpBB3/ |
|
Mac Audit https://www.open-audit.org/phpBB3/viewtopic.php?f=20&t=3678 |
Page 2 of 4 |
Author: | jpa [ Tue Oct 12, 2010 8:30 am ] | ||
Post subject: | Re: Mac Audit | ||
Maybe something like the attached which pulls the IOPlatformUUID from System_Profiler output. Then there is a command line option "-uuidType" that can take "uuid" or "name" and output appropriately. ./mac_audit -uuidType uuid ./mac_audit -uuidType name Keep in mind that I am a terrible coder and have never used Objective-C or XCode before.
|
Author: | jonbendtsen [ Tue Oct 12, 2010 9:35 pm ] |
Post subject: | Re: Mac Audit |
[quote="jpa"]Sorry, I'm not being clear enough. I'm suggesting you go back to the original mac_audit.zip code drop and edit the mac_audit.m file such that it builds a correct mac.txt audit file. The code I quoted above is from the mac_audit.m file which is compiled to mac_audit. Sorry, I missed your intention, it is now clear what you meant. |
Author: | jonbendtsen [ Tue Oct 12, 2010 9:37 pm ] |
Post subject: | Re: Mac Audit |
[quote="jpa"]Also it looks like the mac_audit as originally compiled only works on 64 bit machines and kernels. I get a "Bad CPU type in executable" when running in a 32bit environment. 64bit works okay. Was it originally compiled? I compiled it myself, and that might be why it was turned into 64 bit. But yes, it looks like there is a difference: OLD: [code]JonMBP:open_mac_audit jonbendtsen$ file mac_audit mac_audit: Mach-O 64-bit executable x86_64 [/code] Your file [code]JonMBP:Release jonbendtsen$ file mac_audit mac_audit: Mach-O universal binary with 3 architectures mac_audit (for architecture x86_64): Mach-O 64-bit executable x86_64 mac_audit (for architecture i386): Mach-O executable i386 mac_audit (for architecture ppc7400): Mach-O executable ppc [/code] |
Author: | jonbendtsen [ Tue Oct 12, 2010 9:49 pm ] |
Post subject: | Re: Mac Audit |
[quote="jpa"]Maybe something like the attached which pulls the IOPlatformUUID from System_Profiler output. Then there is a command line option "-uuidType" that can take "uuid" or "name" and output appropriately. ./mac_audit -uuidType uuid ./mac_audit -uuidType name Keep in mind that I am a terrible coder and have never used Objective-C or XCode before. Good idea. It seems to work fine, and not specifying anything looks like uuid is default. Now I just have to update my scripts to use this new method. You also removed the 3 duplicate lines and change 1 more line: [code]JonMBP:tmp jonbendtsen$ diff -u old_mac.txt new_mac.txt --- old_mac.txt 2010-10-12 13:44:34.000000000 +0200 +++ new_mac.txt 2010-10-12 13:44:23.000000000 +0200 -system01^^^ ^^^test.domain.com^^^jonbendtsen^^^ ^^^ ^^^ ^^^ +system01^^^ ^^^^^^jonbendtsen^^^ ^^^ ^^^ ^^^ [/code] You seem to get the same UUID value as I get using [code]ioreg -rd1 -c IOPlatformExpertDevice | grep -E '(UUID)'[/code] |
Author: | jonbendtsen [ Wed Oct 13, 2010 11:29 pm ] |
Post subject: | Re: Mac Audit |
I have 1 machine that gives strange software results for macs. It does this using the old version of this software, not the one you compiled JPA. [code]type name version software License 11 software Adobe Flash CS5 11.0.0.485 software Adobe Dreamweaver CS5 11.0.0.4909 software Diskværktøj 11.5.1 software {CDC977A9-B3BA-4320-BD28-96F2CC91B9E9} 3.0.122.0 software Setup 3.0.122.0 software Uninstall Product 3.0.122.0 software 192.168.119 6.2 software Apple80211Agent 6.2.1 software TCIM 6.3 software 192.168.119 6.4 software 192.168.119 6.4 software Printer Setup Utility 6.4 software AddPrinter 6.4 software PrinterProxy 6.4 [/code] 192.168.119 and {CDC977A9-B3BA-4320-BD28-96F2CC91B9E9} seems pretty strange names to me. It also sometimes list our printers as software like [code]software HP 4500 4.6[/code] |
Author: | jonbendtsen [ Thu Oct 14, 2010 12:23 am ] |
Post subject: | Re: Mac Audit |
Software names output depends on the language selections of the user running mac_audit. I got 5 users which use danish as their language and one who uses english, so some software names are in danish and others are in english. This makes it harder to build some sort of automatic software name recognition system which could fill out known license information. Like all the "free" software titles that comes with Mac OSX could be grouped into a Mac OSX group so you only had to apply 1 license per machine, and not as it is now, one license for EACH software (and there is a lot). Such a system could also automatically recognise open source software. |
Author: | el_geto [ Sun Jan 23, 2011 4:56 pm ] |
Post subject: | Re: Mac Audit |
Folks, just wanted to let you know I ran your latest script on my MacBook Pro, with 10.5.8 and it worked beautifully! The compiled script created a text file which then I copied into OA and everything is there. Couple of things missing: Model, Serial# and Manufacturer are missing. Chassis type was listed as "MacBookPro5,1". Most of the OS settings were not listed but Sophos was detected and listed as my antivirus. The list of users and groups are there although all very different from what I'm use to see with Windows audits. Hard Drive info is not shown. Guys, this is a very exciting development and hope to see more on this front. I work in an higher ed institution and we have tons of Macs, and this will definitively help me get attention from my boss to possibly get to use OA campus wide. Our institution is very committed to Open Source and when we pick a product, we are always encouraged to participate and give back to the community that developed the product. If that happens, I can assure you some good quality contributions from our end. |
Author: | el_geto [ Tue Jan 25, 2011 4:10 am ] |
Post subject: | Re: Mac Audit |
Folks, I ran the Mac audit on one iMac with 10.6.6 that is part of an Active Directory, under users and groups it has listed every user and group on my AD domain. Any chance we can look at that, please let me know if I can be of any help. Consider me your beta tester. Thanks |
Author: | jpa [ Tue Jan 25, 2011 4:19 am ] |
Post subject: | Re: Mac Audit |
What do you get for output from the commands below? You might want to sanitize the output if it contains stuff you don't want public. [code]/usr/bin/dscacheutil -q user /usr/bin/dscacheutil -q group[/code] |
Author: | el_geto [ Tue Jan 25, 2011 6:11 am ] |
Post subject: | Re: Mac Audit |
I'm pasting DSCACHEUTIL below, but I only those account that look like local accounts, then there's hundreds of users listed, all which have their own uid, gid, and dir from what I think is coming from my AD directory. My computer is bound to AD. [code] myimac1:bin tech$ dscacheutil -q user name: _amavisd password: * uid: 83 gid: 83 dir: /var/virusmails shell: /usr/bin/false gecos: AMaViS Daemon name: _appowner password: * uid: 87 gid: 87 dir: /var/empty shell: /usr/bin/false gecos: Application Owner name: _appserver password: * uid: 79 gid: 79 dir: /var/empty shell: /usr/bin/false gecos: Application Server name: _ard password: * uid: 67 gid: 67 dir: /var/empty shell: /usr/bin/false gecos: Apple Remote Desktop name: _atsserver password: * uid: 97 gid: 97 dir: /var/empty shell: /usr/bin/false gecos: ATS Server name: _calendar password: * uid: 93 gid: 93 dir: /var/empty shell: /usr/bin/false gecos: Calendar name: _carddav password: * uid: 206 gid: 206 dir: /var/empty shell: /usr/bin/false gecos: CardDAV Service name: _clamav password: * uid: 82 gid: 82 dir: /var/virusmails shell: /usr/bin/false gecos: ClamAV Daemon name: _coreaudiod password: * uid: 202 gid: 202 dir: /var/empty shell: /usr/bin/false gecos: Core Audio Daemon name: _cvmsroot password: * uid: 212 gid: 212 dir: /var/empty shell: /usr/bin/false gecos: CVMS Root name: _cvs password: * uid: 72 gid: 72 dir: /var/empty shell: /usr/bin/false gecos: CVS Server name: _cyrus password: * uid: 77 gid: 6 dir: /var/imap shell: /usr/bin/false gecos: Cyrus Administrator name: _devdocs password: * uid: 59 gid: 59 dir: /var/empty shell: /usr/bin/false gecos: Developer Documentation name: _dovecot password: * uid: 214 gid: 6 dir: /var/empty shell: /usr/bin/false gecos: Dovecot Administrator name: _dpaudio password: * uid: 215 gid: 215 dir: /var/empty shell: /usr/bin/false gecos: DP Audio name: _eppc password: * uid: 71 gid: 71 dir: /var/empty shell: /usr/bin/false gecos: Apple Events User name: _installer password: * uid: 96 gid: -2 dir: /var/empty shell: /usr/bin/false gecos: Installer name: _jabber password: * uid: 84 gid: 84 dir: /var/empty shell: /usr/bin/false gecos: Jabber XMPP Server name: _lda password: * uid: 211 gid: 211 dir: /var/empty shell: /usr/bin/false gecos: Local Delivery Agent name: _locationd password: * uid: 205 gid: 205 dir: /var/empty shell: /usr/bin/false gecos: Location Daemon name: _lp password: * uid: 26 gid: 26 dir: /var/spool/cups shell: /usr/bin/false gecos: Printing Services name: _mailman password: * uid: 78 gid: 78 dir: /var/empty shell: /usr/bin/false gecos: Mailman List Server name: _mcxalr password: * uid: 54 gid: 54 dir: /var/empty shell: /usr/bin/false gecos: MCX AppLaunch name: _mdnsresponder password: * uid: 65 gid: 65 dir: /var/empty shell: /usr/bin/false gecos: mDNSResponder name: _mysql password: * uid: 74 gid: 74 dir: /var/empty shell: /usr/bin/false gecos: MySQL Server name: _ocsng password: ******** uid: 3995 gid: 3995 dir: /var/empty shell: /usr/bin/false gecos: OCSNG Daemon User name: _pcastagent password: * uid: 55 gid: 55 dir: /var/pcast/agent shell: /usr/bin/false gecos: Podcast Producer Agent name: _pcastserver password: * uid: 56 gid: 56 dir: /var/pcast/server shell: /usr/bin/false gecos: Podcast Producer Server name: _postfix password: * uid: 27 gid: 27 dir: /var/spool/postfix shell: /usr/bin/false gecos: Postfix Mail Server name: _qtss password: * uid: 76 gid: 76 dir: /var/empty shell: /usr/bin/false gecos: QuickTime Streaming Server name: _sandbox password: * uid: 60 gid: 60 dir: /var/empty shell: /usr/bin/false gecos: Seatbelt name: _screensaver password: * uid: 203 gid: 203 dir: /var/empty shell: /usr/bin/false gecos: Screensaver name: _securityagent password: * uid: 92 gid: 92 dir: /var/empty shell: /usr/bin/false gecos: SecurityAgent name: _serialnumberd password: * uid: 58 gid: 58 dir: /var/empty shell: /usr/bin/false gecos: Serial Number Daemon name: _softwareupdate password: * uid: 200 gid: 200 dir: /var/empty shell: /usr/bin/false gecos: Software Update Service name: _spotlight password: * uid: 89 gid: 89 dir: /var/empty shell: /usr/bin/false gecos: Spotlight name: _sshd password: * uid: 75 gid: 75 dir: /var/empty shell: /usr/bin/false gecos: sshd Privilege separation name: _svn password: * uid: 73 gid: 73 dir: /var/empty shell: /usr/bin/false gecos: SVN Server name: _teamsserver password: * uid: 94 gid: 94 dir: /var/teamsserver shell: /usr/bin/false gecos: TeamsServer name: _timezone password: * uid: 210 gid: 210 dir: /var/empty shell: /usr/bin/false gecos: AutoTimeZoneDaemon name: _tokend password: * uid: 91 gid: 91 dir: /var/empty shell: /usr/bin/false gecos: Token Daemon name: _trustevaluationagent password: * uid: 208 gid: 208 dir: /var/empty shell: /usr/bin/false gecos: Trust Evaluation Agent name: _unknown password: * uid: 99 gid: 99 dir: /var/empty shell: /usr/bin/false gecos: Unknown User name: _update_sharing password: * uid: 95 gid: -2 dir: /var/empty shell: /usr/bin/false gecos: Update Sharing name: _usbmuxd password: * uid: 213 gid: 213 dir: /var/db/lockdown shell: /usr/bin/false gecos: iPhone OS Device Helper name: _uucp password: * uid: 4 gid: 4 dir: /var/spool/uucp shell: /usr/sbin/uucico gecos: Unix to Unix Copy Protocol name: _windowserver password: * uid: 88 gid: 88 dir: /var/empty shell: /usr/bin/false gecos: WindowServer name: _www password: * uid: 70 gid: 70 dir: /Library/WebServer shell: /usr/bin/false gecos: World Wide Web Server name: _xgridagent password: * uid: 86 gid: 86 dir: /var/xgrid/agent shell: /usr/bin/false gecos: Xgrid Agent name: _xgridcontroller password: * uid: 85 gid: 85 dir: /var/xgrid/controller shell: /usr/bin/false gecos: Xgrid Controller name: local-test password: * uid: (xxxxxxxxx) gid: (xxxxxxxxx) dir: /Users/local-test shell: /bin/bash gecos: Local Test name: Tech password: * uid: 501 gid: 20 dir: /Users/tech shell: /bin/bash gecos: Tech name: daemon password: * uid: 1 gid: 1 dir: /var/root shell: /usr/bin/false gecos: System Services name: nobody password: * uid: -2 gid: -2 dir: /var/empty shell: /usr/bin/false gecos: Unprivileged User name: root password: * uid: 0 gid: 0 dir: /var/root shell: /bin/sh gecos: System Administrator Then... thousands of users like this.... name: sherwood password: ******** uid: (xxxxxxxxx) gid: (xxxxxxxxx) dir: /Network/Servers/(xxxxxxxxx)/users$/SHERWOOD shell: /bin/bash gecos: Bob Sherwood [/code] |
Author: | jpa [ Tue Jan 25, 2011 7:17 am ] |
Post subject: | Re: Mac Audit |
Probably easy enough to filter based on the "dir" field. I don't know if I'd put a lot of work in to using OpenAudit v1 for auditing a large number of Macs. I think OpenAudit version 1 is basically in maintenance mode right now and the Mac stuff isn't especially robust as you've discovered. The source is available so in the past I've spun up a Mac VM and tried to help out. Unless you can edit and compile the source yourself I'm not sure it's worth your time. Of course I could be totally wrong. |
Author: | el_geto [ Tue Jan 25, 2011 8:15 am ] |
Post subject: | Re: Mac Audit |
Well, I'm personally not a coder, but a SysAdmin who manages a mix environment of PC and Macs, I'm just looking to help and contribute in some way to those smarter than me who came up with the Mac Audit script who, I'm sure, are also eager to be able to audit Macs in OA too. Hopefully, with the powers of Open Source and mass collaboration and the internets, we can come up with an audit script that mirrors that of the PC that we can use in OA and/or OAv2 and who knows, maybe we'll be able to contribute with something to OA and the user community in general in the Mac front. Call it wishful thinking. |
Author: | jpa [ Tue Jan 25, 2011 8:47 am ] |
Post subject: | Re: Mac Audit |
No worries. I just didn't want you to get too far in to the process without a heads-up. I'll try to hack something that allows one to filter users on the "dir" field. |
Author: | el_geto [ Tue Jan 25, 2011 1:39 pm ] |
Post subject: | Re: Mac Audit |
No worries, I think the filtering needs to be done at the script level so we don't send unneeded amount of data over the network. Also, need to get serial number out of the machine as well. |
Author: | el_geto [ Wed Jan 26, 2011 5:17 am ] |
Post subject: | Re: Mac Audit |
Aww.. snap! I just realized one thing, in OAv1 the admin_pc_add_2.php takes plain text, and OAv2 takes XML data. Now I understand why you say don't get too carried away. |
Page 2 of 4 | All times are UTC + 10 hours |
Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/ |