Open-AudIT
https://www.open-audit.org/phpBB3/

Current Windows audit script
https://www.open-audit.org/phpBB3/viewtopic.php?f=20&t=5864
Page 4 of 4

Author:  octavius [ Thu May 09, 2013 7:16 am ]
Post subject:  Re: Current Windows audit script

Hi Mark,
Thanks for your quick response and apologies for my tardy reply. It was my birthday that weekend and I have just about recovered now ;-)
Attached is the script we are currently running that seems to be hitting the SQL issue.
Cheers
Leigh


EDIT - Script removed.

Author:  Avneet [ Fri May 10, 2013 1:20 pm ]
Post subject:  Re: Current Windows audit script

is there any command or switch to disable all the echo's. i am using debug = o but i still get echo of the sql service or something

Code:
      case "mssql$sqlexpress"
         en_sql_express = "y"
         en_sql_server_state = objItem.State
         wscript.echo service_name


are those echo needed.

i am running it at logon and want it to be silent and as invisible as possible

thanks

Author:  Mark [ Fri May 10, 2013 2:14 pm ]
Post subject:  Re: Current Windows audit script

octavius wrote:
are those echo needed.

No, I'll remove them ASAP.

Author:  Mark [ Fri May 10, 2013 2:22 pm ]
Post subject:  Re: Current Windows audit script

octavius wrote:
Attached is the script we are currently running that seems to be hitting the SQL issue.

Line 4068 in that file is in the IIS section, not the SQL section.
I've put a test in to make sure the variable in question is an array. Attached is the updated script - please test.

EDIT - script removed.

Author:  jpa [ Sat May 11, 2013 2:05 am ]
Post subject:  Re: Current Windows audit script

I don't think a public facing OA is such a good idea. Might want to remove the script archives as they include the url.

Author:  Mark [ Sun Jun 02, 2013 12:19 pm ]
Post subject:  Re: Current Windows audit script

As we now have a new and current audit_windows.vbs in v1.0.2, I am removing this post as a "sticky".

Author:  franam [ Thu Jun 13, 2013 12:58 am ]
Post subject:  Re: Current Windows audit script

Hi,
I hope this is the right place to write; I've found a problem in the script, this is present also in the script provided with the last release.

On lines 470 and 6034 when the script opens the file:

Code:
set objTS = objFSO.OpenTextFile(OutputFile, FOR_APPENDING, True)


it could be convenient to open it as UTF-8

Code:
set objTS = objFSO.OpenTextFile(OutputFile, FOR_APPENDING, True, True)


I had to change because in many computer of my network there are description strings that uses the UTF-8.
This causes error when the script tries to write on the file: Error 5, invalid procdure call

Best regards,
Francesco

Author:  jpa [ Thu Jun 13, 2013 2:15 am ]
Post subject:  Re: Current Windows audit script

This should be fixed in the next version.

FYI: After looking this over the file is actually created as "UCS-2 Little Endian" and not UTF-8. If you use "1" instead of True (-1) then the file is created as "UTF-8 without BOM" but you still get the "Invalid procedure call error".

Author:  jpa [ Thu Jun 13, 2013 3:39 am ]
Post subject:  Re: Current Windows audit script

I made some changes to our proposed fix that should work better by outputting proper UTF-8 while using less memory (hopefully).

Author:  franam [ Thu Jun 13, 2013 5:26 pm ]
Post subject:  Re: Current Windows audit script

:oops:

I'm sorry, I missed your patch...

Now I'm going to try your're new audit script...

Thanks,
francesco

Author:  headkick [ Fri Jun 14, 2013 11:53 pm ]
Post subject:  Re: Current Windows audit script

I don't know if it's useful to anyone, but I dropped this into the script so I get the host name from the system...

Set wshShell = WScript.CreateObject( "WScript.Shell" )
strComputer = wshShell.ExpandEnvironmentStrings( "%COMPUTERNAME%" )

Author:  jpa [ Sat Jun 15, 2013 12:24 am ]
Post subject:  Re: Current Windows audit script

I don't know if that's such a good idea without changing the script further. strcomputer is set to "." early on and then overridden by command line options after that. There are tests later in the code for strcomputer="." which causes different behavior than what you'll get by setting strcomputer to the hostname.

Page 4 of 4 All times are UTC + 10 hours
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/