Open-AudIT
https://www.open-audit.org/phpBB3/

central configuration file
https://www.open-audit.org/phpBB3/viewtopic.php?f=5&t=2517
Page 1 of 1

Author:  xiam [ Wed Dec 05, 2007 3:01 am ]
Post subject:  central configuration file

what do you think about a central configuration file for linux systems?

on my ubuntu server with openaudit svn 903 i tried it out: i generated a file called linux.config under the directory scripts with the following content:

linux.config:

OASERVER="openaudit.your.net"
SUBNET="192.168.xxx.0"
NETMASK="255.255.xxx.xxx"
NMAP_NET="192.168.xxx"



then i modified the audit_linux.sh in that way:

in line 3 i added following code:

. linux.config

then i modified the line with: wget --post-data="submit=submit&add=$audit_result" http://192.168.xxx.xxx/oa/admin_pc_add_2.php

to: wget --post-data="submit=submit&add=$audit_result" http://"$OASERVER"/oa/admin_pc_add_2.php


...as well as the nmap_linux.sh:

#!/bin/bash

. linux.config

for ((a=1; a <= 254 ; a++))
do
echo "$NMAP_NET.$a"
nmap_file="nmap_file.txt"
nmap_input=`nmap -v -O -oN $nmap_file $NMAP_NET.$a`
nmap_output=`cat $nmap_file`
wget -q --post-data="submit=submit&add=$nmap_output" http://"$OASERVER"/oa/admin_nmap_input.php
rm "$nmap_file"
rm "admin_nmap_input.php"
done


i think it is easier to change the setting of the network-config in one central file.

what do you think?

cheers xiam

Author:  A_Hull [ Wed Dec 05, 2007 4:01 am ]
Post subject:  Re: central configuration file

Sounds like the way forward. :D

Author:  xiam [ Wed Dec 05, 2007 4:57 am ]
Post subject:  Re: central configuration file

okay, :D do you integrate my idea to the svn repository?

Author:  A_Hull [ Wed Dec 05, 2007 6:25 pm ]
Post subject:  Re: central configuration file

Might be an idea to add a line to chmod linux.config +x before trying to execute it, as by default it may well be -x
If you post the code here between some [ code .. /code] tags we can take a look at it, but in principle it looks like a neat idea and will probably make it in to the SVN.

I have no way currently to test this particular shell script, so can someone else do the testing, and let me know all is well before I commit anything which might cause issues later on.


Thanks.

Author:  xiam [ Wed Dec 05, 2007 6:36 pm ]
Post subject:  Re: central configuration file

okay, here is the code:

linux.config:
[code]OASERVER="openaudit.your.net"
SUBNET="192.168.xxx.xxx"
NETMASK="255.255.xxx.xxx"
NMAP_NET="192.168.xxx"
NMAP_START="1"
NMAP_END="254"
[/code]

audit_linux.sh
[code]#!/bin/bash

. linux.config

if [ $(id -u) != "0" ]; then
echo "You must use root privs to run this script."
exit 0
fi

HOSTNAME=`hostname`
DATE="`date +%d/%m/%Y``date +%H:%M:%S`"
ReportFile=$HOSTNAME.txt
audit_date="`date +%Y%m%d``date +%H%M%S`"


#Network detection
pcieth=`lspci -vm | grep -A2 "Ethernet controller"; lspci -vm | grep -A2 "Network controller"`
for i in `ifconfig -a | grep eth | cut -d" " -f1`
do
name=`echo "$pcieth" | grep -w "Device:" | cut -d: -f2 | cut -c2-`
manufacturer=`echo "$pcieth" | grep -w "Vendor:" | cut -d: -f2 | cut -c2-`
ip=`ifconfig $i | grep -w inet | cut -d":" -f2 | cut -d" " -f1`
subnet=`ifconfig $i | grep -w inet | cut -d":" -f4 | cut -d" " -f1`
mac=`ifconfig $i | grep -w HWaddr | cut -d" " -f11`
type="Network Adapter"
done

for i in `cat /etc/resolv.conf | cut -d" " -f2`
do
dns_server="$i"
done
echo "network^^^$mac^^^$name^^^ ^^^ ^^^$HOSTNAME^^^$dns_server^^^$ip^^^$subnet^^^ ^^^ ^^^$type^^^$manufacturer^^^" >> $ReportFile
# Missing - DHCP Enabled
# - DHCP Server
# - WINS Primary
# - WINS Secondary

# System01
echo "system01^^^$ip^^^ ^^^$HOSTNAME\ ^^^ ^^^ ^^^ ^^^" >> $ReportFile
# Missing - Domain
# - User
# - AD Site
# - Domain Controller Address
# - Domain Controller Name


# Memory
#RAMsizekb=`cat /proc/meminfo | grep MemTotal |cut -d: -f2 | cut -c8- | cut -d" " -f1`
RAMsizekb=`cat /proc/meminfo | grep MemTotal |cut -d: -f2 | cut -dk -f1`
RAMsizekb=`expr $RAMsizekb / 1`
RAMsize=`expr $RAMsizekb / 1024`

#Number of CPUs
nbcpu=`cat /proc/cpuinfo | grep "processor" | wc -l`

# System Model
sys_model=`hal-get-property --udi /org/freedesktop/Hal/devices/computer --key smbios.system.product`
chassis_type=`hal-get-property --udi /org/freedesktop/Hal/devices/computer --key smbios.chassis.type`
sys_serial=`hal-get-property --udi /org/freedesktop/Hal/devices/computer --key smbios.system.serial`
sys_manufacturer=`hal-get-property --udi /org/freedesktop/Hal/devices/computer --key smbios.system.manufacturer`
country=`cat /etc/timezone`
timezone=`date | cut -d" " -f5`
# System02
echo "system02^^^$sys_model^^^$HOSTNAME^^^$nbcpu^^^ ^^^ ^^^$chassis_type^^^$RAMsize^^^$sys_serial^^^$sys_manufacturer^^^ ^^^$country^^^$timezone^^^^^^" >> $ReportFile
# Missing - DHCP Enabled
# - Registered Owner
# - Domain Role


bios_date=`hal-get-property --udi /org/freedesktop/Hal/devices/computer --key grep smbios.bios.release_date`
bios_version=`hal-get-property --udi /org/freedesktop/Hal/devices/computer --key smbios.bios.version`
bios_serial=`hal-get-property --udi /org/freedesktop/Hal/devices/computer --key smbios.system.serial`
bios_manufacturer=`hal-get-property --udi /org/freedesktop/Hal/devices/computer --key smbios.bios.vendor`
bios_description=`hal-get-property --udi /org/freedesktop/Hal/devices/computer --key smbios.system.product`

#Bios
echo "bios^^^$bios_description^^^$bios_manufacturer^^^$bios_serial^^^$bios_version^^^$bios_version^^^" >> $ReportFile


#Operating System
name=`uname -s`
version=`uname -r`

if [ "$name" = "Linux" ]
then if test -f /etc/redhat-release; then
distribution="RedHat"
release=`cat /etc/redhat-release`
elif test -f /etc/redhat-version; then
distribution="RedHat"
release=`cat /etc/redhat-version`
elif test -f /etc/fedora-release; then
distribution="Fedora"
release=`cat /etc/fedora-release`
elif test -f /etc/mandrake-release; then
distribution="Mandrake"
release=`cat /etc/mandrake-release`
elif test -f /etc/SuSE-release; then
distribution="Novell SuSE"
release=`cat /etc/SuSE-release`
elif test -f /etc/issue; then
distribution="Ubuntu"
release=`cat /etc/issue`
elif test -f /etc/debian_version; then
distribution="Debian"
release=`cat /etc/debian_version`
elif test -f /etc/debian-version; then
distribution="Debian"
release=`cat /etc/debian-version`
elif test -f /etc/arch-release; then
distribution="Arch"
release=`cat /etc/arch-release`
elif test -f /etc/gentoo-release; then
distribution="Gentoo"
release=`cat /etc/gentoo-release`
elif test -f /etc/slackware-release; then
distribution="Slackware"
release=`cat /etc/slackware-release`
elif test -f /etc/slackware-version; then
distribution="Slackware"
release=`cat /etc/slackware-version`
elif test -f /etc/yellowdog-release; then
distribution="Yellow dog"
release=`cat /etc/yellowdog-release`
else distribution="unknown"
release="unknown"
fi
fi

mount_points=`cat /etc/mtab | cut -d ' ' -f1,2`
for i in `echo $mount_points | cut -d" " -f2`
do
if [ "$i" = "/" ]
then
mount_point=`echo $mount_points | cut -d" " -f1`
fi
done
mount_point=`grep ' / ' /etc/mtab |cut -d " " -f1`

if [ "$release" = "Ubuntu 6.06 LTS \n \l" ]
then
release="Ubuntu 6.06"
fi

echo "system03^^^$mount_point^^^$version^^^Linux^^^$distribution ($release)^^^$country^^^ ^^^ ^^^ ^^^ ^^^ ^^^$sys_serial^^^ ^^^$version^^^^^^" >> $ReportFile
# Missing - Description
# - Date OS Installed
# - Organisation
# - Language
# - Registered User

# Processor
cpu_device_id=`cat /proc/cpuinfo | grep "processor" | cut -d: -f2 | cut -c2-`
for i in $cpu_device_id; do
count=` expr $i + 1`
cpu_name=`cat /proc/cpuinfo | grep "model name" | cut -d: -f2 | cut -c2- | tr "\n" "^" | cut -d^ -f$count`
cpu_freq=`cat /proc/cpuinfo | grep "cpu MHz" | cut -d: -f2 | cut -c2- | cut -d. -f1 | tr "\n" "^" | cut -d^ -f$count`
cpu_manufacturer=`cat /proc/cpuinfo | grep "vendor_id" | cut -d: -f2 | cut -c2- | tr "\n" "^" | cut -d^ -f$count`
cpu_power=`lshal --long --show /org/freedesktop/Hal/devices/acpi_CPU0 | grep processor.can_throttle | cut -d" " -f5 | cut -d"'" -f2`
echo "processor^^^$cpu_name^^^$cpu_freq^^^ ^^^$i^^^ ^^^$cpu_manufacturer^^^$cpu_freq^^^$cpu_name^^^$cpu_power^^^ ^^^^^^" >> $ReportFile
# Missing - Voltage
# - External Clock
# - Processor Socket
done

pcilist=`lspci -vm`
perif=`lspci -vm | grep "[[:digit:]]:[[:digit:]]" | cut -f2`
for i in $perif; do
type=`echo "$pcilist" | grep -w $i -A 4 | grep -w "Class:" | cut -d":" -f2 | cut -f2`
name=`echo "$pcilist" | grep -w $i -A 4 | grep -v "[[:digit:]]:[[:digit:]]" | grep -w "Device:" | cut -d":" -f2 | cut -f2`
manufacturer=`echo "$pcilist" | grep -w $i -A 4 | grep -w "Vendor:" | cut -d":" -f2 | cut -f2`
device_id=`echo $i`

# Graphic Card
if [ "$type" = "VGA compatible controller" ]
then
sss=`echo "video^^^ ^^^$manufacturer - $name^^^0^^^0^^^0^^^0^^^$manufacturer - $name^^^0000-00-00^^^ ^^^ ^^^ ^^^$device_id^^^"`
echo "$sss" >> $ReportFile
fi
# Missing - Adapter Ram
# - Hor Res
# - Num colours
# - Refresh Rate
# - Vertical Res
# - Driver Date
# - Driver Version
# - Max Refresh Rate
# - Min Refresh Rate

#Sound Card
if [ "$type" = "Multimedia audio controller" ]
then
echo "sound^^^$manufacturer^^^$name^^^$device_id^^^" >> $ReportFile
fi
done

# Software
packages="apt azureus bash build-essential cdparanoia cdrdao cdrecord cpp cron cupsys cvs dbus dhcp3-client diff dpkg epiphany-browser esound evolution firefox flashplugin-nonfree foomatic-db g++ gaim gcc gdm gedit gimp gnome-about gnucash gnumeric gtk+ httpd inkscape iptables k3b kdebase koffice libgnome2-0 linux-image-386 metacity mozilla-browser mysql-admin mysql-query-browser mysql-server-4.1 nautilus openoffice.org openssh-client openssh-server perl php4 php5 postfix postgresql python python2.4 rdesktop rhythmbox samba-common sendmail smbclient subversion sun-j2re1.5 swf-player synaptic thunderbird tsclient udev vim vlc vnc-common webmin xfce xmms xserver-xorg"
for name in $packages; do
version=`dpkg --list | grep " $name " |tail -n1|awk '{print $3}' 2> /dev/null`
if [ "$version" ]
then
echo "software^^^$name^^^$version^^^^^^^^^^^^^^^^^^^^^^^^^^^" >> $ReportFile
fi
done

# Auditied
sys_uuid=`lshal --long --show /org/freedesktop/Hal/devices/computer | grep smbios.system.uuid | cut -d" " -f5 | cut -d"'" -f2`
if [ "$sys_uuid" = "Not" ]
then
sys_uuid="$HOSTNAME"
fi
audited_by=`whoami`
echo "audit^^^$HOSTNAME^^^$audit_date^^^$sys_uuid^^^$audited_by^^^y^^^y^^^^^^" >> $ReportFile


# Hard Disks
devices=`lshal -s`
for i in $devices
do
device=`echo $i | grep storage`
storage=`echo $device | cut -d"_" -f1`
if [ "$storage" = "storage" ]
then
udi="/org/freedesktop/Hal/devices/$device"
category=`hal-get-property --udi $udi --key info.category`
vendor=`hal-get-property --udi $udi --key info.vendor`
product=`hal-get-property --udi $udi --key info.product`
bus=`hal-get-property --udi $udi --key storage.bus`
mount=`hal-get-property --udi $udi --key block.device`
product_dvd=`echo $product | grep -i DVD`
if [ "$category" = "storage" ]
then
if [ "$product_dvd" = "$product" ]
then
# Item is a DVD or CD drive
echo "optical^^^$product^^^$mount^^^^^^" >> $ReportFile

else
# Item is a hard drive
mount_end=`echo $mount | cut -d"/" -f3`
# size=`dmesg | grep -w $mount_end: | grep MB | cut -d"(" -f2 | cut -d" " -f1 | uniq`
size=`fdisk -l $mount | grep Disk | cut -d" " -f3 | cut -d"." -f1`
size_type=`fdisk -l $mount | grep Disk | cut -d" " -f4`
if [ "$size_type" = "GB," ]
then
let "size = $size * 1024"
fi
echo "harddrive^^^$mount^^^ ^^^$bus^^^$vendor^^^$product^^^$count^^^^^^^^^^^^$size^^^^^^" >> $ReportFile
# Missing - scsi bus
# - scsi logical unit
# - scsi port
# - pnp id
count=0
fi
else
if [ "$bus" = "usb" ]
then
echo "usb^^^$category^^^$product^^^$vendor^^^^^^" >> $ReportFile
fi
fi
fi
done

#Partitions
for j in `df -l -T -x tmpfs |awk '{print $1}'`
do
part_capt=`df -l -T -x tmpfs | grep $j | awk '{print $7}'`
if [ "$part_capt" = "/" ]; then
part_boot="True"
else
part_boot="False"
fi
part_perc=`df -l -T -x tmpfs | grep $j |awk '{print $6}'`
part_name=`df -l -T -x tmpfs | grep $j |awk '{print $1}'`
part_form=`df -l -T -x tmpfs | grep $j |awk '{print $2}'`
part_size=`df -l -T -x tmpfs | grep $j |awk '{print $3}'`
part_size=`expr $part_size / 1`
part_size=`expr $part_size / 1024`
part_aval=`df -l -T -x tmpfs | grep $j |awk '{print $5}'`
part_aval=`expr $part_aval / 1`
part_aval=`expr $part_aval / 1024`
if [ "$part_form" != "Type" ]; then
echo "partition^^^$part_boot^^^$part_boot^^^ ^^^ ^^^$part_perc^^^$part_boot^^^$part_name^^^$part_form^^^$part_aval^^^$part_size^^^$part_name^^^" >> $ReportFile
fi
# Missing - DeviceID
# - Disk Index
# - File System
done

# Users
users=`cat /etc/passwd | cut -d":" -f1`
for i in $users
do
username=`cat /etc/passwd | grep $i | cut -d":" -f5 | tr -s ',' | tr ',' ' '`
user_id=`cat /etc/passwd | grep $i | cut -d":" -f3`
# echo "l_user^^^^^^^^^$username^^^$i^^^^^^^^^^^^$user_id^^^" >> $ReportFile
printf "l_user^^^^^^^^^%s^^^%s^^^^^^^^^^^^%s^^^\n" $username $i $user_id >> $ReportFile
done

# The end - submit to Open-AudIT
audit_result=`cat $ReportFile`
wget --post-data="submit=submit&add=$audit_result" http://"$OASERVER"/oa/admin_pc_add_2.php
rm "$ReportFile"
rm "admin_pc_add_2.php"

[/code]

nmap_linux.sh (i post my new enhaned nmap script for linux -- see the new topic "enhanced nmap_linux.sh)
[code]#!/bin/bash

# Script origin written by ???
#
# Strongly enhanced by Flo M.

. linux.config

# Check if any nmap is running....
ps aux | grep -v grep | grep 'nmap -v -O -oN nmap.txt' > /dev/zero
if [ "$?" == "0" ]; then
echo
echo "Some other nmap processes of openaudit running..."
echo "Use 'ps aux | grep nmap' to find out!"
echo "Quitting now...!"
echo
exit 1
fi

function portscan {

# A directory of each ip is needed to prevent overlapping...
mkdir "$NMAP_NET.$a"
cd "$NMAP_NET.$a"

# Starting the portscan...
nmap_file="nmap.txt"
nmap_input=`nmap -v -O -oN $nmap_file $NMAP_NET.$a`
nmap_output=`cat $nmap_file`

# Transfer to openaudit...
wget -q --post-data="submit=submit&add=$nmap_output" http://"$OASERVER"/oa/admin_nmap_input.php

# Cleaning up...
cd ..
rm -rf "$NMAP_NET.$a"

}

for ((a=$NMAP_START; a <= $NMAP_END ; a++)); do
portscan $a &
done[/code]

Author:  mikeyrb [ Thu Dec 06, 2007 12:18 am ]
Post subject:  Re: central configuration file

Only problem I can spot right off the bat, is that it assumes the directory is "oa" and that "oa" is under the root. This won't be true for some.

Page 1 of 1 All times are UTC + 10 hours
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/