Open-AudIT

What's on your network?
It is currently Thu Apr 26, 2018 3:45 pm

All times are UTC + 10 hours




Post new topic Reply to topic  [ 5 posts ] 
Author Message
PostPosted: Mon Dec 15, 2014 7:03 pm 
Offline
Newbie

Joined: Fri Dec 12, 2014 7:05 pm
Posts: 3
I noticed that my audit results were missing some versions of SQLServer. The list of SQL Server versions doesn't seem to be reflecting the current state of releases from Microsoft. This isn't such a big deal, I updated the code in m_database.php to reflect the current version numbers. I edited the series of if cases at the top of the process_database($input, $details) function:
>>
Code:
$version_string = "unknown";


      if ((mb_strpos($input->db_version, "12.00.2000.8") === 0) or (mb_strpos($input->db_version, "12.0.2000.8") === 0))   { $version_string = "SQL Server 2014 RTM"; }
      if ((mb_strpos($input->db_version, "12.00.1524") === 0) or (mb_strpos($input->db_version, "12.0.1254") === 0))      { $version_string = "SQL Server 2014 Community Technology Preview 2 (CTP2)"; }
      if ((mb_strpos($input->db_version, "11.00.9120") === 0) or (mb_strpos($input->db_version, "11.0.9120") === 0))      { $version_string = "SQL Server 2014 Community Technology Preview 1 (CTP1)"; }

      //   SQL Server 2012
      if ((mb_strpos($input->db_version, "11.0.5058.0") === 0) or (mb_strpos($input->db_version, "11.2.5058.0") === 0))      { $version_string = "SQL Server 2012 Service Pack 2"; }
      
      if ((mb_strpos($input->db_version, "11.0.3000.0") === 0) or (mb_strpos($input->db_version, "11.1.3000.0") === 0))      { $version_string = "SQL Server 2012 Service Pack 1"; }
      if ((mb_strpos($input->db_version, "11.00.2100.60") === 0) or (mb_strpos($input->db_version, "11.0.2100.60") === 0))   { $version_string = "SQL Server 2012 RTM"; }

      //   SQL Server 2008
      if ((mb_strpos($input->db_version, "10.50.6000.34") === 0) or (mb_strpos($input->db_version, "10.53.6000.34") === 0))   { $version_string = "SQL Server 2008 R2 Service Pack 3"; }
      if ((mb_strpos($input->db_version, "10.50.4000.0") === 0) or (mb_strpos($input->db_version, "10.52.4000.0") === 0))      { $version_string = "SQL Server 2008 R2 Service Pack 2"; }
      if ((mb_strpos($input->db_version, "10.50.2500.0") === 0) or (mb_strpos($input->db_version, "10.51.2500.0") === 0))      { $version_string = "SQL Server 2008 R2 Service Pack 1"; }
      if (mb_strpos($input->db_version, "10.50.1600.1") === 0) { $version_string = "SQL Server 2008 R2 RTM"; }

      if ((mb_strpos($input->db_version, "10.0.6000.29") === 0) or (mb_strpos($input->db_version, "10.4.6000.29") === 0))      { $version_string = "SQL Server 2008 Service Pack 4"; }
      if ((mb_strpos($input->db_version, "10.0.5500.0") === 0) or (mb_strpos($input->db_version, "10.3.5500.0") === 0))      { $version_string = "SQL Server 2008 Service Pack 3"; }
      if ((mb_strpos($input->db_version, "10.0.4000.0") === 0) or (mb_strpos($input->db_version, "10.2.4000.0") === 0))      { $version_string = "SQL Server 2008 Service Pack 2"; }
      if ((mb_strpos($input->db_version, "10.0.2531.0") === 0) or (mb_strpos($input->db_version, "10.1.2531.0") === 0))      { $version_string = "SQL Server 2008 Service Pack 1"; }
      if ((mb_strpos($input->db_version, "10.00.1600.22") === 0) or (mb_strpos($input->db_version, "10.0.1600.22") === 0))   { $version_string = "SQL Server 2008 RTM"; }

      //   SQL Server 2005
      if ((mb_strpos($input->db_version, "9.00.5000.00") === 0) or (mb_strpos($input->db_version, "9.0.5000.0") === 0)) { $version_string = "SQL Server 2005 Service Pack 4"; }
      if (mb_strpos($input->db_version, "9.00.4035") === 0) { $version_string = "SQL Server 2005 Service Pack 3"; }
      if (mb_strpos($input->db_version, "9.00.3042") === 0) { $version_string = "SQL Server 2005 Service Pack 2"; }
      if (mb_strpos($input->db_version, "9.00.2047") === 0) { $version_string = "SQL Server 2005 Service Pack 1"; }
      if (mb_strpos($input->db_version, "9.00.1399") === 0) { $version_string = "SQL Server 2005 RTM"; }

<<

In addition to that I added a copy of the "SQL Server 2008" registry key lookup in audit_windows.vbs and updated it for SQL Server 2012:
>>
Code:
''''''''''''''''''''''''''''''''
'    SQL Svr 2012              '
''''''''''''''''''''''''''''''''
strKeyPath = "SOFTWARE\Microsoft\Microsoft SQL Server\110\Tools\Setup"
key_edition = ""
subKey = "Edition"
oReg.GetStringValue HKEY_LOCAL_MACHINE,strKeyPath,subKey,key_edition

strKeyPath = "SOFTWARE\Microsoft\Microsoft SQL Server\110\Tools\Setup"
key_name = "SQL Server 2012"
key_release = ""
subKey = "DigitalProductID"
oReg.GetBinaryValue HKEY_LOCAL_MACHINE,strKeyPath,subKey,key
if IsNull(key) then
   ' do nothing
else
   key_text = getkey(key, 1)
   result.WriteText "      <key>" & vbcrlf
   result.WriteText "         <key_name>" & escape_xml(key_name) & "</key_name>" & vbcrlf
   result.WriteText "         <key_text>" & escape_xml(key_text) & "</key_text>" & vbcrlf
   result.WriteText "         <key_release>" & escape_xml(key_release) & "</key_release>" & vbcrlf
   result.WriteText "         <key_edition>" & escape_xml(key_edition) & "</key_edition>" & vbcrlf
   result.WriteText "      </key>" & vbcrlf
   key_text = ""
   key_release = ""
   key_edition = ""
end if

<<
In order to test the changes, I ran an audit against a server that I know is running SQL Server 2012 (version 11.2.5058.0); this failed.

The script execution terminated at the CD Keys section reporting:
"
Quote:
...\audit_windows.vbs(7333, 3) Microsoft VBScript runtime error: Subscript out of range: '[number: 66]'
"

Looking at the code it seems the error is occurring in the getkey(key, ver) function at the "
Quote:
isWin8 = (Key(66) \ 6) And 1
" line. The call to this function is coming from the new section of code I added to check the registry for SQL Server 2012, so it appears that check is working. Is there a problem with getkey() that people are aware of? The system I'm testing is a Windows Server 2012 installation running under an SCVMM virtual machine using hyper-v but it also occurs on a Windows Server 2012 installation on a physical machine.


Top
 Profile  
Reply with quote  
PostPosted: Tue Dec 16, 2014 2:44 pm 
Offline
Site Admin
User avatar

Joined: Mon Jun 07, 2004 11:48 am
Posts: 1944
Location: Brisbane, Australia
I have updated m_database with the SQL Server version numbers and strings - thanks very much.
The getKey code works for me on a test 2012r2 VM, so maybe someone else can shed some light on why it's breaking with your code.

I can see that getKey expects an array as the first argument. Are you sure the reg return value is as expected?
Also try setting ver to something other than 1.

I don't have a SQL 2012 to test against (at the moment).

_________________
Support and Development hours available from Opmantek.
Please consider a purchase to help make Open-AudIT better for everyone.


Top
 Profile  
Reply with quote  
PostPosted: Fri Dec 19, 2014 10:10 pm 
Offline
Newbie

Joined: Fri Dec 12, 2014 7:05 pm
Posts: 3
My apologies for not posting sooner, I've not had the chance to look into this for a while.
The DigitalProductID for my SQLServer 2012 installation is "xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx" its equivalent on the SQLServer2008 RTM installation is MUCH longer, too long to try to copy here. Otherwise there's no glaringly obvious difference between the \Tools\Setup registry nodes for the two installations.

The call
Code:
"oReg.GetBinaryValue HKEY_LOCAL_MACHINE,strKeyPath,subKey,key"
succeeds but when key is passed to the getkey() function a subscript out of range error occurs within the isArray(key) if block. It looks as though an array is returned but it is shorter than expected.


Top
 Profile  
Reply with quote  
PostPosted: Sat Dec 20, 2014 2:49 am 
Offline
Moderator

Joined: Fri Jul 20, 2007 8:27 am
Posts: 1254
I'll take a look. I edited the productid out of your post as you probably didn't want that posted to the world. I have the key to test with. You should PM anyone else that volunteers to test instead of posting the productid.

If you paste your productid in the decoder on this page does it give you the correct key?

The current getkey function tries to extract a portion of the Digitalproductid key to decode. Maybe we don't need the extract portion for SQL Server 2012.


Top
 Profile  
Reply with quote  
PostPosted: Mon Dec 22, 2014 6:07 pm 
Offline
Newbie

Joined: Fri Dec 12, 2014 7:05 pm
Posts: 3
Thanks JPA,

Good thinking on the ProductID, I should have thought of that myself. I have tried the ID in the test tool that you suggested and it resolved correctly.


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 5 posts ] 

All times are UTC + 10 hours


Who is online

Users browsing this forum: No registered users and 5 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group