Open-AudIT

What's on your network?
It is currently Sun Apr 22, 2018 1:19 am

All times are UTC + 10 hours




Post new topic Reply to topic  [ 3 posts ] 
Author Message
PostPosted: Thu Feb 16, 2012 9:13 pm 
Offline
Newbie

Joined: Fri Oct 21, 2011 3:48 pm
Posts: 38
I am about to roll out OAV2 Beta4 as a trial on around 100 nos of 64 bit Windows 7 boxes. I still do not know how to use the WMI feature and set up the server so that the audits are initiated by my Linux server on the desktops.

I only know to copy the audit_windows.vbs script on the windows desktop and run it from the client, but not aware of the server side audit initiation in which the script gets copied on the client, where it runs and results are stored in the server database.

I have searched the forum but not found the answer. Any help will be greatly appreciated. After the trial on the 100 desktops it is planned to roll OAV2 out on a bigger scale.


Top
 Profile  
Reply with quote  
PostPosted: Thu Mar 01, 2012 7:53 pm 
Offline
Newbie

Joined: Fri Oct 21, 2011 3:48 pm
Posts: 38
This is something I found.

http://www.zyrion.com/support/docs/v4.8 ... -12-4.html

If there is something simpler, please let me know,


Top
 Profile  
Reply with quote  
PostPosted: Fri Mar 02, 2012 3:02 am 
Offline
Moderator

Joined: Fri Jul 20, 2007 8:27 am
Posts: 1254
There is no Linux server initiated audit script (yet). You need to use the provided audit_list.vbs or audit_domain.vbs files and initiate the audit from a Windows machine. Pick a Windows server or workstation to run the audit and schedule either of these files to periodically audit machines.

If the computers aren't in a domain you should use audit_list.vbs. Edit the file and find the "pc_array = " section and edit the list of computer names as appropriate for your environment. If you're running the script as a user that has administrative rights on the remote machines then you just need the computer names in the list. If you need a different user name and password to audit the remote machines then instead of COMPUTERNAME in the list you need "COMPUTERNAME struser=COMPUTERNAME\USERNAME strpass=PASSWORD". This will run OpenAudit on the machine we're running the script from and make various WMI and other auditing calls across the network to the target machine. If you have a slow network this is probably not the best way.

If you want to initiate the audit from the Windows server machine but have the script executed on the target machine like you're currently doing then you need to change a few things. When you call the audit_list.vbs file you need to use "cscript audit_list.vbs audit_run_type=remote remote_user=ADMINUSER remote_password=ADMINPASSWORD". The remote_user and password need to be for an administrative account on the target machines that is valid across all the target machines. If you don't have an account like this you'll need to change audit_list.vbs to get the remote_user and password from the pc_array computer list.

The audit_list.vbs could use a little work anyway. The pc_array list should be read in from a file like in OpenAudit v1. The remote_user and remote_password should be pulled in from this file per computer instead of having just one management account.


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 3 posts ] 

All times are UTC + 10 hours


Who is online

Users browsing this forum: No registered users and 3 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Powered by phpBB® Forum Software © phpBB Group