Open-AudIT https://www.open-audit.org/phpBB3/ |
|
OAv2 and Windows 7 updates https://www.open-audit.org/phpBB3/viewtopic.php?f=20&t=5777 |
Page 1 of 1 |
Author: | Thomas_Powers [ Thu Oct 13, 2011 2:22 am ] |
Post subject: | OAv2 and Windows 7 updates |
Hello.... I had a post out on support because versions 8 and 9 of open audit were not picking up installed security patches on Windows 7. I decided to investigate OAv2 in the mean time.....and it does the same thing. The .NET 4 stuff shows up in the updates section: Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) 1 Microsoft Corporation Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) 1 Microsoft Corporation Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) 1 Microsoft Corporation Security Update for Microsoft .NET Framework 4 Extended (KB2416472) 1 Microsoft Corporation Security Update for Microsoft .NET Framework 4 Extended (KB2487367) 1 Microsoft Corporation Update for Microsoft .NET Framework 4 Client Profile (KB2473228) 1 Microsoft Corporation But none of the other 65+ Windows patches are showing up. I am thinking this may be a bad thing? All help is appreciated. Tom P |
Author: | jpa [ Thu Oct 13, 2011 7:37 am ] | ||
Post subject: | Re: OAv2 and Windows 7 updates | ||
As you've found the hotfix information isn't stored the same in modern Windows and OpenAudit doesn't catch that in the audit. I've attached a quick mod to the OAv2 b3 audit to capture the hotfixes. Not tested much beyond my network. Mark should probably look at this to make sure it makes sense. Basically added the following to audit the hotfixes in > WinVista. [code] ' hotfixes if (system_os_family = "Windows 2008" or system_os_family = "Windows 7" or system_os_family = "Windows Vista") then if debugging > "0" then wscript.echo "Hotfix info" end if set colItems2 = objWMIService.ExecQuery("Select * from Win32_QuickFixEngineering",,48) for each objItem2 in colItems2 'on error goto 0 result = result & " <package>" & vbcrlf result = result & " <software_name>" & escape_xml(objItem2.HotFixID) & "</software_name>" & vbcrlf result = result & " <software_version></software_version>" & vbcrlf result = result & " <software_location></software_location>" & vbcrlf result = result & " <software_uninstall></software_uninstall>" & vbcrlf result = result & " <software_install_date>" & escape_xml(objItem2.InstalledOn) & "</software_install_date>" & vbcrlf result = result & " <software_publisher>Microsoft</software_publisher>" & vbcrlf result = result & " <software_install_source></software_install_source>" & vbcrlf result = result & " <software_system_component></software_system_component>" & vbcrlf result = result & " <software_url>" & escape_xml(objItem2.Caption) & "</software_url>" & vbcrlf result = result & " <software_email></software_email>" & vbcrlf result = result & " <software_comment>update</software_comment>" & vbcrlf result = result & " <software_code_base></software_code_base>" & vbcrlf result = result & " <software_status></software_status>" & vbcrlf result = result & " <software_installed_by>" & lcase(escape_xml(objItem2.InstalledBy)) & "</software_installed_by>" & vbcrlf result = result & " <software_installed_on>" & escape_xml(objItem2.InstalledOn) & "</software_installed_on>" & vbcrlf result = result & " </package>" & vbcrlf next end if[/code]
|
Author: | Thomas_Powers [ Thu Oct 13, 2011 7:57 am ] |
Post subject: | Re: OAv2 and Windows 7 updates |
Do you think that would work in the Version 8 and 9 OpenAudit scripts as well? TP |
Author: | jpa [ Thu Oct 13, 2011 8:46 am ] | ||
Post subject: | Re: OAv2 and Windows 7 updates | ||
Wouldn't work as is but if I spent a few seconds and not too many brain cells I'd come up with the following attached audit script which may or may not work. The attached file is a modification of the audit script from SVN revision 1251. I'm not sure where you're getting the version 8 and 9 stuff from. I suggest you download the latest OpenAudit version 1 code from SVN if you want to use the old stuff. This basically adds the following to the audit script: [code]' hotfix inventory ' Skipping if audited system is not Vista, W2k8 or Seven if (CInt(SystemBuildNumber) >= 6000) then Set colItems = objWMIService.ExecQuery("Select * from Win32_QuickFixEngineering", , 48) For Each objItem In colItems version = "" uninstall_string = "" install_date = "" publisher = "Microsoft" install_source = "" install_location = "" system_component = "" display_name = "" display_name = objItem.hotFixID if (isnull(display_name)) then display_name = "" end if install_date = objItem.InstalledOn if (isnull(install_date)) then install_date = "" end if software_url = objItem.Caption if (isnull(software_url)) then software_url = "" end if if online = "p" then software = software & display_name & vbcrlf end if form_input = "software^^^" & clean(display_name) & " ^^^" _ & clean(version) & " ^^^" _ & clean(install_location) & " ^^^" _ & clean(uninstall_string) & " ^^^" _ & clean(install_date) & " ^^^" _ & clean(publisher) & " ^^^" _ & clean(install_source) & " ^^^" _ & clean(system_component) & " ^^^" _ & clean(software_url) & "^^^" _ & clean(software_comments) & "^^^" entry form_input,comment,objTextFile,oAdd,oComment form_input = "" Next end if[/code]
|
Author: | Mark [ Thu Oct 13, 2011 10:42 am ] |
Post subject: | Re: OAv2 and Windows 7 updates |
Have incorporated this into beta4. Thanks JPA. |
Author: | jpa [ Thu Oct 13, 2011 11:09 am ] |
Post subject: | Re: OAv2 and Windows 7 updates |
Cool. Test! Test! Test! I literally spent 5 minutes on this and ran it against one Windows 7 box. |
Author: | Thomas_Powers [ Fri Oct 14, 2011 1:54 am ] |
Post subject: | Re: OAv2 and Windows 7 updates |
When I mentioned Version 9....I should have been more specific for the rest....sorry...been one of those weeks. http://sourceforge.net/projects/open-audit/files/ shows 9.12.23 which is SVN1223.....where does one find the SVN1251? TP |
Author: | jpa [ Fri Oct 14, 2011 2:00 am ] |
Post subject: | Re: OAv2 and Windows 7 updates |
The Sourceforge Subversion repository via SVN client or
Scroll to the bottom and click "Download GNU tarball" Save the tar.gz file to disk and extract it using an appropriate extractor |
Page 1 of 1 | All times are UTC + 10 hours |
Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/ |