Open-AudIT https://www.open-audit.org/phpBB3/ |
|
central configuration file https://www.open-audit.org/phpBB3/viewtopic.php?f=5&t=2517 |
Page 1 of 1 |
Author: | xiam [ Wed Dec 05, 2007 3:01 am ] |
Post subject: | central configuration file |
what do you think about a central configuration file for linux systems? on my ubuntu server with openaudit svn 903 i tried it out: i generated a file called linux.config under the directory scripts with the following content: linux.config: OASERVER="openaudit.your.net" SUBNET="192.168.xxx.0" NETMASK="255.255.xxx.xxx" NMAP_NET="192.168.xxx" then i modified the audit_linux.sh in that way: in line 3 i added following code: . linux.config then i modified the line with: wget --post-data="submit=submit&add=$audit_result" http://192.168.xxx.xxx/oa/admin_pc_add_2.php to: wget --post-data="submit=submit&add=$audit_result" http://"$OASERVER"/oa/admin_pc_add_2.php ...as well as the nmap_linux.sh: #!/bin/bash . linux.config for ((a=1; a <= 254 ; a++)) do echo "$NMAP_NET.$a" nmap_file="nmap_file.txt" nmap_input=`nmap -v -O -oN $nmap_file $NMAP_NET.$a` nmap_output=`cat $nmap_file` wget -q --post-data="submit=submit&add=$nmap_output" http://"$OASERVER"/oa/admin_nmap_input.php rm "$nmap_file" rm "admin_nmap_input.php" done i think it is easier to change the setting of the network-config in one central file. what do you think? cheers xiam |
Author: | A_Hull [ Wed Dec 05, 2007 4:01 am ] |
Post subject: | Re: central configuration file |
Sounds like the way forward. |
Author: | xiam [ Wed Dec 05, 2007 4:57 am ] |
Post subject: | Re: central configuration file |
okay, do you integrate my idea to the svn repository? |
Author: | A_Hull [ Wed Dec 05, 2007 6:25 pm ] |
Post subject: | Re: central configuration file |
Might be an idea to add a line to chmod linux.config +x before trying to execute it, as by default it may well be -x If you post the code here between some [ code .. /code] tags we can take a look at it, but in principle it looks like a neat idea and will probably make it in to the SVN. I have no way currently to test this particular shell script, so can someone else do the testing, and let me know all is well before I commit anything which might cause issues later on. Thanks. |
Author: | xiam [ Wed Dec 05, 2007 6:36 pm ] |
Post subject: | Re: central configuration file |
okay, here is the code: linux.config: [code]OASERVER="openaudit.your.net" SUBNET="192.168.xxx.xxx" NETMASK="255.255.xxx.xxx" NMAP_NET="192.168.xxx" NMAP_START="1" NMAP_END="254" [/code] audit_linux.sh [code]#!/bin/bash . linux.config if [ $(id -u) != "0" ]; then echo "You must use root privs to run this script." exit 0 fi HOSTNAME=`hostname` DATE="`date +%d/%m/%Y``date +%H:%M:%S`" ReportFile=$HOSTNAME.txt audit_date="`date +%Y%m%d``date +%H%M%S`" #Network detection pcieth=`lspci -vm | grep -A2 "Ethernet controller"; lspci -vm | grep -A2 "Network controller"` for i in `ifconfig -a | grep eth | cut -d" " -f1` do name=`echo "$pcieth" | grep -w "Device:" | cut -d: -f2 | cut -c2-` manufacturer=`echo "$pcieth" | grep -w "Vendor:" | cut -d: -f2 | cut -c2-` ip=`ifconfig $i | grep -w inet | cut -d":" -f2 | cut -d" " -f1` subnet=`ifconfig $i | grep -w inet | cut -d":" -f4 | cut -d" " -f1` mac=`ifconfig $i | grep -w HWaddr | cut -d" " -f11` type="Network Adapter" done for i in `cat /etc/resolv.conf | cut -d" " -f2` do dns_server="$i" done echo "network^^^$mac^^^$name^^^ ^^^ ^^^$HOSTNAME^^^$dns_server^^^$ip^^^$subnet^^^ ^^^ ^^^$type^^^$manufacturer^^^" >> $ReportFile # Missing - DHCP Enabled # - DHCP Server # - WINS Primary # - WINS Secondary # System01 echo "system01^^^$ip^^^ ^^^$HOSTNAME\ ^^^ ^^^ ^^^ ^^^" >> $ReportFile # Missing - Domain # - User # - AD Site # - Domain Controller Address # - Domain Controller Name # Memory #RAMsizekb=`cat /proc/meminfo | grep MemTotal |cut -d: -f2 | cut -c8- | cut -d" " -f1` RAMsizekb=`cat /proc/meminfo | grep MemTotal |cut -d: -f2 | cut -dk -f1` RAMsizekb=`expr $RAMsizekb / 1` RAMsize=`expr $RAMsizekb / 1024` #Number of CPUs nbcpu=`cat /proc/cpuinfo | grep "processor" | wc -l` # System Model sys_model=`hal-get-property --udi /org/freedesktop/Hal/devices/computer --key smbios.system.product` chassis_type=`hal-get-property --udi /org/freedesktop/Hal/devices/computer --key smbios.chassis.type` sys_serial=`hal-get-property --udi /org/freedesktop/Hal/devices/computer --key smbios.system.serial` sys_manufacturer=`hal-get-property --udi /org/freedesktop/Hal/devices/computer --key smbios.system.manufacturer` country=`cat /etc/timezone` timezone=`date | cut -d" " -f5` # System02 echo "system02^^^$sys_model^^^$HOSTNAME^^^$nbcpu^^^ ^^^ ^^^$chassis_type^^^$RAMsize^^^$sys_serial^^^$sys_manufacturer^^^ ^^^$country^^^$timezone^^^^^^" >> $ReportFile # Missing - DHCP Enabled # - Registered Owner # - Domain Role bios_date=`hal-get-property --udi /org/freedesktop/Hal/devices/computer --key grep smbios.bios.release_date` bios_version=`hal-get-property --udi /org/freedesktop/Hal/devices/computer --key smbios.bios.version` bios_serial=`hal-get-property --udi /org/freedesktop/Hal/devices/computer --key smbios.system.serial` bios_manufacturer=`hal-get-property --udi /org/freedesktop/Hal/devices/computer --key smbios.bios.vendor` bios_description=`hal-get-property --udi /org/freedesktop/Hal/devices/computer --key smbios.system.product` #Bios echo "bios^^^$bios_description^^^$bios_manufacturer^^^$bios_serial^^^$bios_version^^^$bios_version^^^" >> $ReportFile #Operating System name=`uname -s` version=`uname -r` if [ "$name" = "Linux" ] then if test -f /etc/redhat-release; then distribution="RedHat" release=`cat /etc/redhat-release` elif test -f /etc/redhat-version; then distribution="RedHat" release=`cat /etc/redhat-version` elif test -f /etc/fedora-release; then distribution="Fedora" release=`cat /etc/fedora-release` elif test -f /etc/mandrake-release; then distribution="Mandrake" release=`cat /etc/mandrake-release` elif test -f /etc/SuSE-release; then distribution="Novell SuSE" release=`cat /etc/SuSE-release` elif test -f /etc/issue; then distribution="Ubuntu" release=`cat /etc/issue` elif test -f /etc/debian_version; then distribution="Debian" release=`cat /etc/debian_version` elif test -f /etc/debian-version; then distribution="Debian" release=`cat /etc/debian-version` elif test -f /etc/arch-release; then distribution="Arch" release=`cat /etc/arch-release` elif test -f /etc/gentoo-release; then distribution="Gentoo" release=`cat /etc/gentoo-release` elif test -f /etc/slackware-release; then distribution="Slackware" release=`cat /etc/slackware-release` elif test -f /etc/slackware-version; then distribution="Slackware" release=`cat /etc/slackware-version` elif test -f /etc/yellowdog-release; then distribution="Yellow dog" release=`cat /etc/yellowdog-release` else distribution="unknown" release="unknown" fi fi mount_points=`cat /etc/mtab | cut -d ' ' -f1,2` for i in `echo $mount_points | cut -d" " -f2` do if [ "$i" = "/" ] then mount_point=`echo $mount_points | cut -d" " -f1` fi done mount_point=`grep ' / ' /etc/mtab |cut -d " " -f1` if [ "$release" = "Ubuntu 6.06 LTS \n \l" ] then release="Ubuntu 6.06" fi echo "system03^^^$mount_point^^^$version^^^Linux^^^$distribution ($release)^^^$country^^^ ^^^ ^^^ ^^^ ^^^ ^^^$sys_serial^^^ ^^^$version^^^^^^" >> $ReportFile # Missing - Description # - Date OS Installed # - Organisation # - Language # - Registered User # Processor cpu_device_id=`cat /proc/cpuinfo | grep "processor" | cut -d: -f2 | cut -c2-` for i in $cpu_device_id; do count=` expr $i + 1` cpu_name=`cat /proc/cpuinfo | grep "model name" | cut -d: -f2 | cut -c2- | tr "\n" "^" | cut -d^ -f$count` cpu_freq=`cat /proc/cpuinfo | grep "cpu MHz" | cut -d: -f2 | cut -c2- | cut -d. -f1 | tr "\n" "^" | cut -d^ -f$count` cpu_manufacturer=`cat /proc/cpuinfo | grep "vendor_id" | cut -d: -f2 | cut -c2- | tr "\n" "^" | cut -d^ -f$count` cpu_power=`lshal --long --show /org/freedesktop/Hal/devices/acpi_CPU0 | grep processor.can_throttle | cut -d" " -f5 | cut -d"'" -f2` echo "processor^^^$cpu_name^^^$cpu_freq^^^ ^^^$i^^^ ^^^$cpu_manufacturer^^^$cpu_freq^^^$cpu_name^^^$cpu_power^^^ ^^^^^^" >> $ReportFile # Missing - Voltage # - External Clock # - Processor Socket done pcilist=`lspci -vm` perif=`lspci -vm | grep "[[:digit:]]:[[:digit:]]" | cut -f2` for i in $perif; do type=`echo "$pcilist" | grep -w $i -A 4 | grep -w "Class:" | cut -d":" -f2 | cut -f2` name=`echo "$pcilist" | grep -w $i -A 4 | grep -v "[[:digit:]]:[[:digit:]]" | grep -w "Device:" | cut -d":" -f2 | cut -f2` manufacturer=`echo "$pcilist" | grep -w $i -A 4 | grep -w "Vendor:" | cut -d":" -f2 | cut -f2` device_id=`echo $i` # Graphic Card if [ "$type" = "VGA compatible controller" ] then sss=`echo "video^^^ ^^^$manufacturer - $name^^^0^^^0^^^0^^^0^^^$manufacturer - $name^^^0000-00-00^^^ ^^^ ^^^ ^^^$device_id^^^"` echo "$sss" >> $ReportFile fi # Missing - Adapter Ram # - Hor Res # - Num colours # - Refresh Rate # - Vertical Res # - Driver Date # - Driver Version # - Max Refresh Rate # - Min Refresh Rate #Sound Card if [ "$type" = "Multimedia audio controller" ] then echo "sound^^^$manufacturer^^^$name^^^$device_id^^^" >> $ReportFile fi done # Software packages="apt azureus bash build-essential cdparanoia cdrdao cdrecord cpp cron cupsys cvs dbus dhcp3-client diff dpkg epiphany-browser esound evolution firefox flashplugin-nonfree foomatic-db g++ gaim gcc gdm gedit gimp gnome-about gnucash gnumeric gtk+ httpd inkscape iptables k3b kdebase koffice libgnome2-0 linux-image-386 metacity mozilla-browser mysql-admin mysql-query-browser mysql-server-4.1 nautilus openoffice.org openssh-client openssh-server perl php4 php5 postfix postgresql python python2.4 rdesktop rhythmbox samba-common sendmail smbclient subversion sun-j2re1.5 swf-player synaptic thunderbird tsclient udev vim vlc vnc-common webmin xfce xmms xserver-xorg" for name in $packages; do version=`dpkg --list | grep " $name " |tail -n1|awk '{print $3}' 2> /dev/null` if [ "$version" ] then echo "software^^^$name^^^$version^^^^^^^^^^^^^^^^^^^^^^^^^^^" >> $ReportFile fi done # Auditied sys_uuid=`lshal --long --show /org/freedesktop/Hal/devices/computer | grep smbios.system.uuid | cut -d" " -f5 | cut -d"'" -f2` if [ "$sys_uuid" = "Not" ] then sys_uuid="$HOSTNAME" fi audited_by=`whoami` echo "audit^^^$HOSTNAME^^^$audit_date^^^$sys_uuid^^^$audited_by^^^y^^^y^^^^^^" >> $ReportFile # Hard Disks devices=`lshal -s` for i in $devices do device=`echo $i | grep storage` storage=`echo $device | cut -d"_" -f1` if [ "$storage" = "storage" ] then udi="/org/freedesktop/Hal/devices/$device" category=`hal-get-property --udi $udi --key info.category` vendor=`hal-get-property --udi $udi --key info.vendor` product=`hal-get-property --udi $udi --key info.product` bus=`hal-get-property --udi $udi --key storage.bus` mount=`hal-get-property --udi $udi --key block.device` product_dvd=`echo $product | grep -i DVD` if [ "$category" = "storage" ] then if [ "$product_dvd" = "$product" ] then # Item is a DVD or CD drive echo "optical^^^$product^^^$mount^^^^^^" >> $ReportFile else # Item is a hard drive mount_end=`echo $mount | cut -d"/" -f3` # size=`dmesg | grep -w $mount_end: | grep MB | cut -d"(" -f2 | cut -d" " -f1 | uniq` size=`fdisk -l $mount | grep Disk | cut -d" " -f3 | cut -d"." -f1` size_type=`fdisk -l $mount | grep Disk | cut -d" " -f4` if [ "$size_type" = "GB," ] then let "size = $size * 1024" fi echo "harddrive^^^$mount^^^ ^^^$bus^^^$vendor^^^$product^^^$count^^^^^^^^^^^^$size^^^^^^" >> $ReportFile # Missing - scsi bus # - scsi logical unit # - scsi port # - pnp id count=0 fi else if [ "$bus" = "usb" ] then echo "usb^^^$category^^^$product^^^$vendor^^^^^^" >> $ReportFile fi fi fi done #Partitions for j in `df -l -T -x tmpfs |awk '{print $1}'` do part_capt=`df -l -T -x tmpfs | grep $j | awk '{print $7}'` if [ "$part_capt" = "/" ]; then part_boot="True" else part_boot="False" fi part_perc=`df -l -T -x tmpfs | grep $j |awk '{print $6}'` part_name=`df -l -T -x tmpfs | grep $j |awk '{print $1}'` part_form=`df -l -T -x tmpfs | grep $j |awk '{print $2}'` part_size=`df -l -T -x tmpfs | grep $j |awk '{print $3}'` part_size=`expr $part_size / 1` part_size=`expr $part_size / 1024` part_aval=`df -l -T -x tmpfs | grep $j |awk '{print $5}'` part_aval=`expr $part_aval / 1` part_aval=`expr $part_aval / 1024` if [ "$part_form" != "Type" ]; then echo "partition^^^$part_boot^^^$part_boot^^^ ^^^ ^^^$part_perc^^^$part_boot^^^$part_name^^^$part_form^^^$part_aval^^^$part_size^^^$part_name^^^" >> $ReportFile fi # Missing - DeviceID # - Disk Index # - File System done # Users users=`cat /etc/passwd | cut -d":" -f1` for i in $users do username=`cat /etc/passwd | grep $i | cut -d":" -f5 | tr -s ',' | tr ',' ' '` user_id=`cat /etc/passwd | grep $i | cut -d":" -f3` # echo "l_user^^^^^^^^^$username^^^$i^^^^^^^^^^^^$user_id^^^" >> $ReportFile printf "l_user^^^^^^^^^%s^^^%s^^^^^^^^^^^^%s^^^\n" $username $i $user_id >> $ReportFile done # The end - submit to Open-AudIT audit_result=`cat $ReportFile` wget --post-data="submit=submit&add=$audit_result" http://"$OASERVER"/oa/admin_pc_add_2.php rm "$ReportFile" rm "admin_pc_add_2.php" [/code] nmap_linux.sh (i post my new enhaned nmap script for linux -- see the new topic "enhanced nmap_linux.sh) [code]#!/bin/bash # Script origin written by ??? # # Strongly enhanced by Flo M. . linux.config # Check if any nmap is running.... ps aux | grep -v grep | grep 'nmap -v -O -oN nmap.txt' > /dev/zero if [ "$?" == "0" ]; then echo echo "Some other nmap processes of openaudit running..." echo "Use 'ps aux | grep nmap' to find out!" echo "Quitting now...!" echo exit 1 fi function portscan { # A directory of each ip is needed to prevent overlapping... mkdir "$NMAP_NET.$a" cd "$NMAP_NET.$a" # Starting the portscan... nmap_file="nmap.txt" nmap_input=`nmap -v -O -oN $nmap_file $NMAP_NET.$a` nmap_output=`cat $nmap_file` # Transfer to openaudit... wget -q --post-data="submit=submit&add=$nmap_output" http://"$OASERVER"/oa/admin_nmap_input.php # Cleaning up... cd .. rm -rf "$NMAP_NET.$a" } for ((a=$NMAP_START; a <= $NMAP_END ; a++)); do portscan $a & done[/code] |
Author: | mikeyrb [ Thu Dec 06, 2007 12:18 am ] |
Post subject: | Re: central configuration file |
Only problem I can spot right off the bat, is that it assumes the directory is "oa" and that "oa" is under the root. This won't be true for some. |
Page 1 of 1 | All times are UTC + 10 hours |
Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/ |