Open-AudIT

What's on your network?
It is currently Tue Apr 24, 2018 7:09 am

All times are UTC + 10 hours




Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 6 posts ] 
Author Message
PostPosted: Wed Dec 05, 2007 3:01 am 
Offline
Newbie

Joined: Thu Nov 29, 2007 2:51 am
Posts: 10
Location: Germany
what do you think about a central configuration file for linux systems?

on my ubuntu server with openaudit svn 903 i tried it out: i generated a file called linux.config under the directory scripts with the following content:

linux.config:

OASERVER="openaudit.your.net"
SUBNET="192.168.xxx.0"
NETMASK="255.255.xxx.xxx"
NMAP_NET="192.168.xxx"



then i modified the audit_linux.sh in that way:

in line 3 i added following code:

. linux.config

then i modified the line with: wget --post-data="submit=submit&add=$audit_result" http://192.168.xxx.xxx/oa/admin_pc_add_2.php

to: wget --post-data="submit=submit&add=$audit_result" http://"$OASERVER"/oa/admin_pc_add_2.php


...as well as the nmap_linux.sh:

#!/bin/bash

. linux.config

for ((a=1; a <= 254 ; a++))
do
echo "$NMAP_NET.$a"
nmap_file="nmap_file.txt"
nmap_input=`nmap -v -O -oN $nmap_file $NMAP_NET.$a`
nmap_output=`cat $nmap_file`
wget -q --post-data="submit=submit&add=$nmap_output" http://"$OASERVER"/oa/admin_nmap_input.php
rm "$nmap_file"
rm "admin_nmap_input.php"
done


i think it is easier to change the setting of the network-config in one central file.

what do you think?

cheers xiam


Top
 Profile  
Reply with quote  
PostPosted: Wed Dec 05, 2007 4:01 am 
Offline
Moderator
User avatar

Joined: Tue Jan 25, 2005 3:09 am
Posts: 2140
Location: Scotland
Sounds like the way forward. :D

_________________
Andrew

OA Server: Windows XP/ XAMPP, Mandriva/Apache, Ubuntu
Auditing: 300+ Wstns, 20+ Srvrs, Thin clients, Linux boxes, Routers, etc
OS's: Windows XP , W2K Srvr, W2K3 Srvr, W2K8, Vista, Windows 7, Linuxes (and a Mac at home)
LDAP: Active Directory


Top
 Profile  
Reply with quote  
PostPosted: Wed Dec 05, 2007 4:57 am 
Offline
Newbie

Joined: Thu Nov 29, 2007 2:51 am
Posts: 10
Location: Germany
okay, :D do you integrate my idea to the svn repository?


Top
 Profile  
Reply with quote  
PostPosted: Wed Dec 05, 2007 6:25 pm 
Offline
Moderator
User avatar

Joined: Tue Jan 25, 2005 3:09 am
Posts: 2140
Location: Scotland
Might be an idea to add a line to chmod linux.config +x before trying to execute it, as by default it may well be -x
If you post the code here between some [ code .. /code] tags we can take a look at it, but in principle it looks like a neat idea and will probably make it in to the SVN.

I have no way currently to test this particular shell script, so can someone else do the testing, and let me know all is well before I commit anything which might cause issues later on.


Thanks.

_________________
Andrew

OA Server: Windows XP/ XAMPP, Mandriva/Apache, Ubuntu
Auditing: 300+ Wstns, 20+ Srvrs, Thin clients, Linux boxes, Routers, etc
OS's: Windows XP , W2K Srvr, W2K3 Srvr, W2K8, Vista, Windows 7, Linuxes (and a Mac at home)
LDAP: Active Directory


Top
 Profile  
Reply with quote  
PostPosted: Wed Dec 05, 2007 6:36 pm 
Offline
Newbie

Joined: Thu Nov 29, 2007 2:51 am
Posts: 10
Location: Germany
okay, here is the code:

linux.config:
Code:
OASERVER="openaudit.your.net"
SUBNET="192.168.xxx.xxx"
NETMASK="255.255.xxx.xxx"
NMAP_NET="192.168.xxx"
NMAP_START="1"
NMAP_END="254"


audit_linux.sh
Code:
#!/bin/bash

. linux.config

if [ $(id -u) != "0" ]; then
  echo "You must use root privs to run this script."
  exit 0
fi

HOSTNAME=`hostname`
DATE="`date +%d/%m/%Y``date +%H:%M:%S`"
ReportFile=$HOSTNAME.txt
audit_date="`date +%Y%m%d``date +%H%M%S`"


#Network detection
pcieth=`lspci -vm | grep -A2 "Ethernet controller"; lspci -vm | grep -A2 "Network controller"`
for i in `ifconfig -a | grep eth | cut -d" " -f1`
do
  name=`echo "$pcieth" | grep -w "Device:" | cut -d: -f2 | cut -c2-`
  manufacturer=`echo "$pcieth" | grep -w "Vendor:" | cut -d: -f2 | cut -c2-`
  ip=`ifconfig $i | grep -w inet | cut -d":" -f2 | cut -d" " -f1`
  subnet=`ifconfig $i | grep -w inet | cut -d":" -f4 | cut -d" " -f1`
  mac=`ifconfig $i | grep -w HWaddr | cut -d" " -f11`
  type="Network Adapter"
done

for i in `cat /etc/resolv.conf | cut -d" " -f2`
do
  dns_server="$i"
done
echo "network^^^$mac^^^$name^^^ ^^^ ^^^$HOSTNAME^^^$dns_server^^^$ip^^^$subnet^^^ ^^^ ^^^$type^^^$manufacturer^^^" >> $ReportFile
# Missing - DHCP Enabled
#         - DHCP Server
#         - WINS Primary
#         - WINS Secondary

# System01
echo "system01^^^$ip^^^ ^^^$HOSTNAME\ ^^^ ^^^ ^^^ ^^^" >> $ReportFile
# Missing - Domain
#         - User
#         - AD Site
#         - Domain Controller Address
#         - Domain Controller Name


# Memory
#RAMsizekb=`cat /proc/meminfo | grep MemTotal |cut -d: -f2 | cut -c8- | cut -d" " -f1`
RAMsizekb=`cat /proc/meminfo | grep MemTotal |cut -d: -f2 | cut -dk -f1`
RAMsizekb=`expr $RAMsizekb / 1`
RAMsize=`expr $RAMsizekb / 1024`

#Number of CPUs
nbcpu=`cat /proc/cpuinfo | grep "processor" | wc -l`

# System Model
sys_model=`hal-get-property --udi /org/freedesktop/Hal/devices/computer --key smbios.system.product`
chassis_type=`hal-get-property --udi /org/freedesktop/Hal/devices/computer --key smbios.chassis.type`
sys_serial=`hal-get-property --udi /org/freedesktop/Hal/devices/computer --key smbios.system.serial`
sys_manufacturer=`hal-get-property --udi /org/freedesktop/Hal/devices/computer --key smbios.system.manufacturer`
country=`cat /etc/timezone`
timezone=`date | cut -d" " -f5`
# System02
echo "system02^^^$sys_model^^^$HOSTNAME^^^$nbcpu^^^ ^^^ ^^^$chassis_type^^^$RAMsize^^^$sys_serial^^^$sys_manufacturer^^^ ^^^$country^^^$timezone^^^^^^" >> $ReportFile
# Missing - DHCP Enabled
#         - Registered Owner
#         - Domain Role


bios_date=`hal-get-property --udi /org/freedesktop/Hal/devices/computer --key grep smbios.bios.release_date`
bios_version=`hal-get-property --udi /org/freedesktop/Hal/devices/computer --key smbios.bios.version`
bios_serial=`hal-get-property --udi /org/freedesktop/Hal/devices/computer --key smbios.system.serial`
bios_manufacturer=`hal-get-property --udi /org/freedesktop/Hal/devices/computer --key smbios.bios.vendor`
bios_description=`hal-get-property --udi /org/freedesktop/Hal/devices/computer --key smbios.system.product`

#Bios
echo "bios^^^$bios_description^^^$bios_manufacturer^^^$bios_serial^^^$bios_version^^^$bios_version^^^" >> $ReportFile


#Operating System
name=`uname -s`
version=`uname -r`

if [ "$name" = "Linux" ]
        then if test -f /etc/redhat-release; then
                distribution="RedHat"
                release=`cat /etc/redhat-release`
            elif test -f /etc/redhat-version; then
                distribution="RedHat"
                release=`cat /etc/redhat-version`
            elif test -f /etc/fedora-release; then
                distribution="Fedora"
                release=`cat /etc/fedora-release`
            elif test -f /etc/mandrake-release; then
                distribution="Mandrake"
                release=`cat /etc/mandrake-release`
            elif test -f /etc/SuSE-release; then
                distribution="Novell SuSE"
                release=`cat /etc/SuSE-release`
            elif test -f /etc/issue; then
                distribution="Ubuntu"
                release=`cat /etc/issue`
            elif test -f /etc/debian_version; then
                distribution="Debian"
                release=`cat /etc/debian_version`
            elif test -f /etc/debian-version; then
                distribution="Debian"
                release=`cat /etc/debian-version`
            elif test -f /etc/arch-release; then
                distribution="Arch"
                release=`cat /etc/arch-release`
            elif test -f /etc/gentoo-release; then
                distribution="Gentoo"
                release=`cat /etc/gentoo-release`
            elif test -f /etc/slackware-release; then
                distribution="Slackware"
                release=`cat /etc/slackware-release`
            elif test -f /etc/slackware-version; then
                distribution="Slackware"
                release=`cat /etc/slackware-version`
            elif test -f /etc/yellowdog-release; then
                distribution="Yellow dog"
                release=`cat /etc/yellowdog-release`
            else distribution="unknown"
                release="unknown"
            fi
fi

mount_points=`cat /etc/mtab | cut -d ' ' -f1,2`
for i in `echo $mount_points | cut -d" " -f2`
do
if [ "$i" = "/" ]
then
mount_point=`echo $mount_points | cut -d" " -f1`
fi
done
mount_point=`grep ' / ' /etc/mtab |cut -d " " -f1`

if [ "$release" = "Ubuntu 6.06 LTS \n \l" ]
then
release="Ubuntu 6.06"
fi

echo "system03^^^$mount_point^^^$version^^^Linux^^^$distribution ($release)^^^$country^^^ ^^^ ^^^ ^^^ ^^^ ^^^$sys_serial^^^ ^^^$version^^^^^^" >> $ReportFile
# Missing - Description
#         - Date OS Installed
#         - Organisation
#         - Language
#         - Registered User

# Processor
cpu_device_id=`cat /proc/cpuinfo | grep "processor" | cut -d: -f2 | cut -c2-`
for i in $cpu_device_id; do
  count=` expr $i + 1`
  cpu_name=`cat /proc/cpuinfo | grep "model name" | cut -d: -f2 | cut -c2- | tr "\n" "^" | cut -d^ -f$count`
  cpu_freq=`cat /proc/cpuinfo | grep "cpu MHz" | cut -d: -f2 | cut -c2- | cut -d. -f1 | tr "\n" "^" | cut -d^ -f$count`
  cpu_manufacturer=`cat /proc/cpuinfo | grep "vendor_id" | cut -d: -f2 | cut -c2- | tr "\n" "^" | cut -d^ -f$count`
  cpu_power=`lshal --long --show /org/freedesktop/Hal/devices/acpi_CPU0 | grep processor.can_throttle | cut -d" " -f5 | cut -d"'" -f2`
  echo "processor^^^$cpu_name^^^$cpu_freq^^^ ^^^$i^^^ ^^^$cpu_manufacturer^^^$cpu_freq^^^$cpu_name^^^$cpu_power^^^ ^^^^^^" >> $ReportFile
  # Missing - Voltage
  #         - External Clock
  #         - Processor Socket
done

pcilist=`lspci -vm`
perif=`lspci -vm | grep "[[:digit:]]:[[:digit:]]" | cut -f2`
for i in $perif; do
  type=`echo "$pcilist" | grep -w $i -A 4 | grep -w "Class:" | cut -d":" -f2 | cut -f2`
  name=`echo "$pcilist" | grep -w $i -A 4 | grep -v "[[:digit:]]:[[:digit:]]" | grep -w "Device:" | cut -d":" -f2 | cut -f2`
  manufacturer=`echo "$pcilist" | grep -w $i -A 4 | grep -w "Vendor:" | cut -d":" -f2 | cut -f2`
  device_id=`echo $i`
 
  # Graphic Card
  if [ "$type" = "VGA compatible controller" ]
  then
    sss=`echo "video^^^ ^^^$manufacturer - $name^^^0^^^0^^^0^^^0^^^$manufacturer - $name^^^0000-00-00^^^ ^^^ ^^^ ^^^$device_id^^^"`
    echo "$sss" >> $ReportFile
  fi
  # Missing - Adapter Ram
  #         - Hor Res
  #         - Num colours
  #         - Refresh Rate
  #         - Vertical Res
  #         - Driver Date
  #         - Driver Version
  #         - Max Refresh Rate
  #         - Min Refresh Rate

  #Sound Card
  if [ "$type" = "Multimedia audio controller" ]
  then
    echo "sound^^^$manufacturer^^^$name^^^$device_id^^^" >> $ReportFile
  fi
done

# Software
packages="apt azureus bash build-essential cdparanoia cdrdao cdrecord cpp cron cupsys cvs dbus dhcp3-client diff dpkg epiphany-browser esound evolution firefox flashplugin-nonfree foomatic-db g++ gaim gcc gdm gedit gimp gnome-about gnucash gnumeric gtk+ httpd inkscape iptables k3b kdebase koffice libgnome2-0 linux-image-386 metacity mozilla-browser mysql-admin mysql-query-browser mysql-server-4.1 nautilus openoffice.org openssh-client openssh-server perl php4 php5 postfix postgresql python python2.4 rdesktop rhythmbox samba-common sendmail smbclient subversion sun-j2re1.5 swf-player synaptic thunderbird tsclient udev vim vlc vnc-common webmin xfce xmms xserver-xorg"
for name in $packages; do
  version=`dpkg --list | grep "  $name " |tail -n1|awk '{print $3}' 2> /dev/null`
  if [ "$version" ]
  then
    echo "software^^^$name^^^$version^^^^^^^^^^^^^^^^^^^^^^^^^^^" >> $ReportFile
  fi
done

# Auditied
sys_uuid=`lshal --long --show /org/freedesktop/Hal/devices/computer | grep smbios.system.uuid | cut -d" " -f5 | cut -d"'" -f2`
if [ "$sys_uuid" = "Not" ]
then
  sys_uuid="$HOSTNAME"
fi
audited_by=`whoami`
echo "audit^^^$HOSTNAME^^^$audit_date^^^$sys_uuid^^^$audited_by^^^y^^^y^^^^^^" >> $ReportFile


# Hard Disks
devices=`lshal -s`
for i in $devices
do
  device=`echo $i | grep storage`
  storage=`echo $device | cut -d"_" -f1`
  if [ "$storage" = "storage" ]
  then
    udi="/org/freedesktop/Hal/devices/$device"
    category=`hal-get-property --udi $udi --key info.category`
    vendor=`hal-get-property --udi $udi --key info.vendor`
    product=`hal-get-property --udi $udi --key info.product`
    bus=`hal-get-property --udi $udi --key storage.bus`
    mount=`hal-get-property --udi $udi --key block.device`
    product_dvd=`echo $product | grep -i DVD`
    if [ "$category" = "storage" ]
    then
      if [ "$product_dvd" = "$product" ]
      then
        # Item is a DVD or CD drive
        echo "optical^^^$product^^^$mount^^^^^^" >> $ReportFile

      else
        # Item is a hard drive
        mount_end=`echo $mount | cut -d"/" -f3`
        # size=`dmesg | grep -w $mount_end: | grep MB | cut -d"(" -f2 | cut -d" " -f1 | uniq`
        size=`fdisk -l $mount | grep Disk | cut -d" " -f3 | cut -d"." -f1`
        size_type=`fdisk -l $mount | grep Disk | cut -d" " -f4`
        if [ "$size_type" = "GB," ]
        then
          let "size = $size * 1024"
        fi
        echo "harddrive^^^$mount^^^ ^^^$bus^^^$vendor^^^$product^^^$count^^^^^^^^^^^^$size^^^^^^" >> $ReportFile
        # Missing - scsi bus
        #         - scsi logical unit
        #         - scsi port
        #         - pnp id
        count=0
      fi
    else
      if [ "$bus" = "usb" ]
      then
        echo "usb^^^$category^^^$product^^^$vendor^^^^^^" >> $ReportFile
      fi
    fi
  fi
done

#Partitions
for j in `df -l -T -x tmpfs |awk '{print $1}'`
do
  part_capt=`df -l -T -x tmpfs | grep $j | awk '{print $7}'`
  if [ "$part_capt" = "/" ]; then
    part_boot="True"
  else
    part_boot="False"
  fi
  part_perc=`df -l -T -x tmpfs | grep $j |awk '{print $6}'`
  part_name=`df -l -T -x tmpfs | grep $j |awk '{print $1}'`
  part_form=`df -l -T -x tmpfs | grep $j |awk '{print $2}'`
  part_size=`df -l -T -x tmpfs | grep $j |awk '{print $3}'`
  part_size=`expr $part_size / 1`
  part_size=`expr $part_size / 1024`
  part_aval=`df -l -T -x tmpfs | grep $j |awk '{print $5}'`
  part_aval=`expr $part_aval / 1`
  part_aval=`expr $part_aval / 1024`
  if [ "$part_form" != "Type" ]; then
    echo "partition^^^$part_boot^^^$part_boot^^^ ^^^ ^^^$part_perc^^^$part_boot^^^$part_name^^^$part_form^^^$part_aval^^^$part_size^^^$part_name^^^" >> $ReportFile
  fi
  # Missing - DeviceID
  #         - Disk Index
  #         - File System
done

# Users
users=`cat /etc/passwd | cut -d":" -f1`
for i in $users
do
  username=`cat /etc/passwd | grep $i | cut -d":" -f5 | tr -s ',' | tr ',' ' '`
  user_id=`cat /etc/passwd | grep $i | cut -d":" -f3`
#  echo "l_user^^^^^^^^^$username^^^$i^^^^^^^^^^^^$user_id^^^" >> $ReportFile
  printf "l_user^^^^^^^^^%s^^^%s^^^^^^^^^^^^%s^^^\n" $username $i $user_id >> $ReportFile
done

# The end - submit to Open-AudIT
audit_result=`cat $ReportFile`
wget --post-data="submit=submit&add=$audit_result" http://"$OASERVER"/oa/admin_pc_add_2.php
rm "$ReportFile"
rm "admin_pc_add_2.php"



nmap_linux.sh (i post my new enhaned nmap script for linux -- see the new topic "enhanced nmap_linux.sh)
Code:
#!/bin/bash

# Script origin written by ???
#
# Strongly enhanced by Flo M.

. linux.config

# Check if any nmap is running....
ps aux | grep -v grep | grep 'nmap -v -O -oN nmap.txt' > /dev/zero
if [ "$?" == "0" ]; then
  echo
  echo "Some other nmap processes of openaudit running..."
  echo "Use 'ps aux | grep nmap' to find out!"
  echo "Quitting now...!"
  echo
  exit 1
fi

function portscan {

# A directory of each ip is needed to prevent overlapping...
mkdir "$NMAP_NET.$a"
cd "$NMAP_NET.$a"

# Starting the portscan...
nmap_file="nmap.txt"
nmap_input=`nmap -v -O -oN $nmap_file $NMAP_NET.$a`
nmap_output=`cat $nmap_file`

# Transfer to openaudit...
wget -q --post-data="submit=submit&add=$nmap_output" http://"$OASERVER"/oa/admin_nmap_input.php

# Cleaning up...
cd ..
rm -rf "$NMAP_NET.$a"

}

for ((a=$NMAP_START; a <= $NMAP_END ; a++)); do
  portscan $a &
done


Top
 Profile  
Reply with quote  
PostPosted: Thu Dec 06, 2007 12:18 am 
Only problem I can spot right off the bat, is that it assumes the directory is "oa" and that "oa" is under the root. This won't be true for some.


Top
  
Reply with quote  
Display posts from previous:  Sort by  
Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 6 posts ] 

All times are UTC + 10 hours


Who is online

Users browsing this forum: No registered users and 2 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group