Open-AudIT
https://www.open-audit.org/phpBB3/

how is audit information transported?
https://www.open-audit.org/phpBB3/viewtopic.php?f=5&t=1097
Page 1 of 2

Author:  Max [ Thu Jul 27, 2006 3:36 am ]
Post subject:  how is audit information transported?

basicly what the topic is, how does the data get transported back to the sql dbase? i remember from reading old winventory post that you guys were moving twards http post to a php page that would then insert the data. is this how openaudit is working? oh yeah, im a first time poster long time project watcher :D

Author:  mikeyrb [ Thu Jul 27, 2006 3:43 am ]
Post subject: 

That was the initial method used by open audit. Now there is an option of sending it directly to the submit page without IE. So, no information goes directly to the MySQL server, but goes through the webpage instead.

Author:  Exdaix [ Thu Jul 27, 2006 3:53 am ]
Post subject: 

I heard this was being worked on within the last day or two, is it completed? How can it be used?

Author:  Max [ Thu Jul 27, 2006 3:54 am ]
Post subject: 

i see..
i was thinking about setting up a schedule that would run the scripts every few days, (maybe once a week what ever) and the data would transport via the web over https
can this be done? i havent even set up the new release yet for testing, just feeling things out 8)

Author:  mikeyrb [ Thu Jul 27, 2006 4:05 am ]
Post subject: 

It can be done, don't know about https, but if you search the forums there is info about https.

Exdaix, if you get the latest source from the svn trunk, there's a scan option, which I think previously was "ie" and now is online = "yesxml". There is also the option for the non-ie submit page (which will point to admin_pc_add_2.php).

Author:  Exdaix [ Thu Jul 27, 2006 4:09 am ]
Post subject: 

Mine says online = iexml, is taht the same?

Author:  Max [ Thu Jul 27, 2006 4:34 am ]
Post subject: 

mikeyrb wrote:
It can be done, don't know about https, but if you search the forums there is info about https.

Exdaix, if you get the latest source from the svn trunk, there's a scan option, which I think previously was "ie" and now is online = "yesxml". There is also the option for the non-ie submit page (which will point to admin_pc_add_2.php).


i wouldnt want send clear text info about my internal workstations over the web.. i know im paranoid, but i do alot of pentesting and security auditing to know thats not a good idea. even on a switched lan, having such information broadcasted unencrypted is a bad idea..

Author:  Exdaix [ Thu Jul 27, 2006 4:47 am ]
Post subject: 

Well in my case I have about 50 computer illiterate users and we are all behind a firewall to the outside. So I don't think we'll have too many script kiddies trying to steal my hardware information as it is transmitted.

And mikeyrb, I played with my settings a bit, and it seems the default of iexml does not work, but if I change it to yesxml, it gets submitted. Someone may want to change that default setting...

Author:  mikeyrb [ Thu Jul 27, 2006 5:22 am ]
Post subject: 

Exdaix, grab the latest code from SVN. That was fixed today.

Author:  Max [ Thu Jul 27, 2006 7:47 am ]
Post subject: 

Exdaix wrote:
Well in my case I have about 50 computer illiterate users and we are all behind a firewall to the outside. So I don't think we'll have too many script kiddies trying to steal my hardware information as it is transmitted.

And mikeyrb, I played with my settings a bit, and it seems the default of iexml does not work, but if I change it to yesxml, it gets submitted. Someone may want to change that default setting...


patch info and software versions leeked out, no bueno. :? i'll see what i can arrange as far as ssl.. but im no php ninja so i doubt this will go well

Author:  mikeyrb [ Thu Jul 27, 2006 7:50 am ]
Post subject: 

Quote:
patch info and software versions leeked out, no bueno.
Hmm? All the code is on a subversion repository...

Author:  Max [ Thu Jul 27, 2006 7:57 am ]
Post subject: 

mikeyrb wrote:
Quote:
patch info and software versions leeked out, no bueno.
Hmm? All the code is on a subversion repository...


for ssl transport?

Author:  d.l.dave [ Thu Jul 27, 2006 8:01 am ]
Post subject: 

Quote:
i wouldnt want send clear text info about my internal workstations over the web..


Is your Open-Audit server really web facing?
Is the server managed by you?

Author:  Max [ Thu Jul 27, 2006 8:14 am ]
Post subject: 

d.l.dave wrote:
Quote:
i wouldnt want send clear text info about my internal workstations over the web..


Is your Open-Audit server really web facing?
Is the server managed by you?


i dont have anything setup at the moment. i have a few remote sites, no vpn tunnel between them. its kind of a mess.. with ssl transport i would beable to use openaudit. with out, im afriad not, with out setting some kind of vpn tunnels up, witch at the moment is out of the question :(

Author:  d.l.dave [ Thu Jul 27, 2006 8:38 am ]
Post subject: 

I would have thought that you could get the ie submit method to work over ssl without any code changes.

The yesxml method may or may not work. But you can increase your chances by making sure the server certificate is signed by a known certificate authority.

Remember that this will only stop people from snooping the data that gets sent to the Open-Audit server by your clients. It won't stop people from accessing the Open-Audit site from anywhere else unless you take other precautions.

It also won't stop anyone from connecting to the Open-Audit page and submiting whatever random data they feel like.

Page 1 of 2 All times are UTC + 10 hours
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/