Open-AudIT
https://www.open-audit.org/phpBB3/

How to use audit_osx.sh?
https://www.open-audit.org/phpBB3/viewtopic.php?f=20&t=6400
Page 1 of 2

Author:  cimenta [ Wed Feb 04, 2015 12:32 pm ]
Post subject:  How to use audit_osx.sh?

Hi

I am currently running

[code]You are running version 1.5.1 of Open-AudIT.
Your Host is: opmantek, and it's OS is Linux.
Your database platform is mysql (version 5.1.73).
Your web server is Apache/2.2.15 (CentOS) .
Your PHP version is 5.3.3 and it's running in timezone UTC.[/code]

from the virtual appliance.

I need to audit OSX as well. How do I do that? Is the "Audit the PC" button available for OSX? ( I don't have any OSX handy right now) Do I need to run any particular browser like for Windows?

Thank you

R

Author:  shanimal [ Fri Feb 06, 2015 5:29 am ]
Post subject:  Re: How to use audit_osx.sh?

I'm using version 1.5.2 of audit_osx.sh

I copy the script to the documents directory. Be sure to edit this file with the correct URL to your open audit server

Then you can run this command from terminal (cd to Documents first):

sudo ./audit_osx.sh

This works for me.

I wonder if anybody is using crontab or launchd to schedule a daily audit for OSX?

Author:  Mark [ Fri Feb 06, 2015 9:05 am ]
Post subject:  Re: How to use audit_osx.sh?

"Audit This PC" is available for OSX on the Open-AudIT Enterprise logon screen.
You will have to download and run it as per Shanimal's advice.
Discovery should also work auditing OSX as long as you have the correct credentials.

In short - OSX is just another supported target.

Author:  cimenta [ Fri Feb 06, 2015 12:17 pm ]
Post subject:  Re: How to use audit_osx.sh?

thank you both for reply

So currently I have to
- edit the sh file (update the url - that's it?)
- save it on OSX computer and execute it as root

to have this computer audited.

In the future we will have the "Audit this computer" for OSX as well. Any idea when this is going to be?

Thank you again.

R

Author:  Mark [ Sun Feb 08, 2015 10:44 am ]
Post subject:  Re: How to use audit_osx.sh?

"Audit This PC" is available for OSX on the Open-AudIT Enterprise logon screen.

Author:  cimenta [ Mon Feb 09, 2015 10:54 am ]
Post subject:  Re: How to use audit_osx.sh?

1) So do I still need to run the script as root?

We did so but it ends with error. See below.

[code]sudo /Users/Scott/Downloads/audit_osx.sh
Password:
System Info
Network Cards Info
Processor Info
Memory Info
Hard Disks
Software Info
Software Keys
Submitting results to server
/Users/Scott/Downloads/audit_osx.sh: line 842: dev/null: No such file or directory
Scotts-MacBook-Air:Downloads Scott$ <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Open-AudIT System Input</title>
</head>
<body>
<form action="http://192.168.20.149/open-audit/index.php/system/add_system" method="post" accept-charset="UTF-8" enctype="multipart/form-data">
<fieldset>
<legend>Paste the XML</legend>

<p><textarea name="form_systemXML" cols="100" rows="15" id="form_systemXML" ></textarea></p>
</fieldset><br /><br />or<br /><br />
<fieldset>
<legend>Select a File</legend>

<input type="file" name="upload_file" value="" /></fieldset><p><input type="submit" name="submit" value="Submit" /></p>
</form></body>
</html>curl: (7) Couldn't connect to server
[/code]

2) I modified the script so the xml file is not deleted. Can I import it into the system?

I downloaded the "audit_osx.sh" script from the login screen on the computer that was going to be audited. So the computer can access the Open-AudIT web server. When checking the url (url="http://192.168.20.149/open-audit/index.php/system") it seemed to me ok. So I did not change anything.

The firewall on osx is off.

3) Any idea how to make it work?

Thank you

R.

Author:  cimenta [ Mon Feb 09, 2015 12:08 pm ]
Post subject:  Re: How to use audit_osx.sh?

looking at the code

[code]if [ "$submit_online" = "y" ]; then
echo "Submitting results to server"
#curl --data="$xml_file" $url 2>/dev/null
curl --data @"$xml_file" $url 1&2>dev/null
fi[/code]

1) I tried to run the first curl it was said that info was sent to the server but I cannot see it anywhere
2) I tried to delete everything after 1&2 - so the command was like "curl --data @"$xml_file" $url 1&2" It did not help
3) I can see that there probably missing "/" in the command curl --data @"$xml_file" $url 1&2>dev/null should be curl --data @"$xml_file" $url 1&2>/dev/null It's just my thought ...

Thank you
R

Author:  Mark [ Tue Feb 10, 2015 11:41 am ]
Post subject:  Re: How to use audit_osx.sh?

Yep - bug found - thanks!
Fixed for 1.5.6 (our next release).
You should have an audit result in Open-AudIT anyway though.
The line should be:
[code]curl --data @"$xml_file" $url 1&2>/dev/null[/code]

Author:  cimenta [ Tue Feb 10, 2015 1:38 pm ]
Post subject:  Re: How to use audit_osx.sh?

[quote="Mark"]You should have an audit result in Open-AudIT anyway though.

but I don't have it there :-( any idea how to make it work?

[quote="Mark"]
The line should be:
[code]curl --data @"$xml_file" $url 1&2>/dev/null[/code]

then I don't understand why this line did not work for me.

[code]curl --data @"$xml_file" $url 1&2[/code]

Thank you
R

Author:  cimenta [ Tue Feb 10, 2015 1:42 pm ]
Post subject:  Re: How to use audit_osx.sh?

ok, I was able to import the xml file. But the issue that I am not able to do it by running the .sh script exists.

Thank you
R

Author:  Mark [ Tue Feb 10, 2015 3:08 pm ]
Post subject:  Re: How to use audit_osx.sh?

Is the "url" variable set in the top of the script?
Is there a proxy between the OSX machine and the Open-AudIT server?

Author:  cimenta [ Tue Feb 10, 2015 3:27 pm ]
Post subject:  Re: How to use audit_osx.sh?

[quote="Mark"]Is the "url" variable set in the top of the script?

This url was there - http://192.168.20.149/open-audit/index. ... add_system and I did not amended it.

I can access the page from my computer right now. Note that my comp is a host for the VM runnning Open-AudIT. The OSX comp was able to access Open-AudIT Enterprise login page and download the script without any issue.

[quote="Mark"]Is there a proxy between the OSX machine and the Open-AudIT server?

No proxy present. Firewall is off.

R

Author:  Mark [ Wed Feb 11, 2015 12:52 pm ]
Post subject:  Re: How to use audit_osx.sh?

try this and see if any extra messages appear on the console...
[code]./audit_osx.sh submit_online=y create_file=n debugging=3[/code]
Please paste the output here.

Author:  cimenta [ Tue Feb 17, 2015 11:05 am ]
Post subject:  Re: How to use audit_osx.sh?

Different computer. The same result. I don't I will be able to do much more debugging on that ...

[code]users-MacBook-Air:Downloads user$ ./audit_osx.sh submit_online=y create_file=n debugging=3
System Info
2015-02-17 11:50:05.619 system_profiler[77125:2266517] platformPluginDictionary: Can't get X86PlatformPlugin, return value 0
2015-02-17 11:50:05.621 system_profiler[77125:2266517] platformPluginDictionary: Can't get X86PlatformPlugin, return value 0
2015-02-17 11:50:05.957 system_profiler[77140:2266563] platformPluginDictionary: Can't get X86PlatformPlugin, return value 0
2015-02-17 11:50:05.959 system_profiler[77140:2266563] platformPluginDictionary: Can't get X86PlatformPlugin, return value 0
2015-02-17 11:50:06.256 system_profiler[77146:2266584] platformPluginDictionary: Can't get X86PlatformPlugin, return value 0
2015-02-17 11:50:06.257 system_profiler[77146:2266584] platformPluginDictionary: Can't get X86PlatformPlugin, return value 0
2015-02-17 11:50:06.551 system_profiler[77153:2266605] platformPluginDictionary: Can't get X86PlatformPlugin, return value 0
2015-02-17 11:50:06.553 system_profiler[77153:2266605] platformPluginDictionary: Can't get X86PlatformPlugin, return value 0
2015-02-17 11:50:06.851 system_profiler[77159:2266627] platformPluginDictionary: Can't get X86PlatformPlugin, return value 0
2015-02-17 11:50:06.852 system_profiler[77159:2266627] platformPluginDictionary: Can't get X86PlatformPlugin, return value 0
Network Cards Info
Processor Info
2015-02-17 11:50:14.086 system_profiler[77396:2267153] platformPluginDictionary: Can't get X86PlatformPlugin, return value 0
2015-02-17 11:50:14.088 system_profiler[77396:2267153] platformPluginDictionary: Can't get X86PlatformPlugin, return value 0
2015-02-17 11:50:14.386 system_profiler[77408:2267179] platformPluginDictionary: Can't get X86PlatformPlugin, return value 0
2015-02-17 11:50:14.388 system_profiler[77408:2267179] platformPluginDictionary: Can't get X86PlatformPlugin, return value 0
Memory Info
Hard Disks
Software Info
Software Keys
Submitting results to server
users-MacBook-Air:Downloads user$ <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Open-AudIT System Input</title>
</head>
<body>
<form action="http://192.168.20.149/open-audit/index.php/system/add_system" method="post" accept-charset="UTF-8" enctype="multipart/form-data">
<fieldset>
<legend>Paste the XML</legend>

<p><textarea name="form_systemXML" cols="100" rows="15" id="form_systemXML" ></textarea></p>
</fieldset><br /><br />or<br /><br />
<fieldset>
<legend>Select a File</legend>

<input type="file" name="upload_file" value="" /></fieldset><p><input type="submit" name="submit" value="Submit" /></p>
</form></body>
</html>curl: (7) Couldn't connect to server[/code]

Author:  Mark [ Wed Feb 18, 2015 9:58 am ]
Post subject:  Re: How to use audit_osx.sh?

The obvious clue is in the final line - "curl: (7) Couldn't connect to server".
I am unsure why this would be as it obviously CAN connect as it's receiving the HTML.

Bueller, Bueller, anyone, anyone???

Page 1 of 2 All times are UTC + 10 hours
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/