Registrations to Open-AudIT forums are now closed. To ask any new questions please visit Opmantek Community Questions.

Open-AudIT

What's on your network?
It is currently Fri Mar 29, 2024 4:25 am

All times are UTC + 10 hours




Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 2 posts ] 
Author Message
PostPosted: Fri Apr 11, 2008 2:11 am 
Offline
Newbie

Joined: Thu Apr 10, 2008 4:09 am
Posts: 4
Hi everyone,

I just started using openaudit. it's a great system. I first started scanning my slack box, and realized that the audit_linux.sh script didn't detect slack correctly, and none of the software were detected.

the first problem seems to be because Ubuntu detection was looking at "/etc/issue" and it seems a lot of linux distro has this file, so any system with it gets assigned as Ubuntu. I've never used Ubuntu, so i dont know if there are any other way to tell what it is. But i moved that detection to the very last case statement, to have it try to detect other systems first.

I know software detection is fairly new (only in svn it seems), so i added a slackware package detections. They were simple changes, attached is the patch. i've tested it on my Slack 12 and i am quite confident it will work on older versions of slack also.

[code]
--- audit_linux.sh 2008-04-09 17:41:23.000000000 -0700
+++ audit_linux_slack.sh 2008-04-09 17:41:23.000000000 -0700
@@ -10,6 +10,7 @@
OA_PACKAGES="apt azureus bash build-essential cdparanoia cdrdao cdrecord cpp cron cupsys cvs dbus dhcp3-client diff dpkg epiphany-browser esound evolution firefox flashplugin-nonfree foomatic-db g++ gaim gcc gdm gedit gimp gnome-about gnucash gnumeric gtk+ httpd inkscape iptables k3b kdebase koffice libgnome2-0 linux-image-386 metacity mozilla-browser mysql-admin mysql-query-browser mysql-server-4.1 nautilus openoffice.org openssh-client openssh-server perl php4 php5 postfix postgresql python python2.4 rdesktop rhythmbox samba-common sendmail smbclient subversion sun-j2re1.5 swf-player synaptic thunderbird tsclient udev vim vlc vnc-common webmin xfce xmms xserver-xorg"
OA_DPKG_TRACK=$OA_PACKAGES
OA_YUM_TRACK=$OA_PACKAGES
+OA_PKG_TRACK=$OA_PACKAGES

# If you're not worried about attacks, you can just use the first one in the path.
if [ $OA_SAFEMODE="n" ] || [ $OA_SAFEMODE="N" ]
@@ -29,6 +30,7 @@
OA_HOSTNAME=`which hostname`
OA_IFCONFIG=`which ifconfig`
OA_LSPCI=`which lspci`
+ OA_PKG=`which pkgtool 2> /dev/null`
OA_RM=`which rm`
OA_UNAME=`which uname`
OA_TAIL=`which tail`
@@ -51,6 +53,7 @@
OA_HOSTNAME=/bin/hostname
OA_IFCONFIG=/sbin/ifconfig
OA_LSPCI=/usr/bin/lspci
+ OA_PKG=/var/log/packages
OA_RM=/bin/rm
OA_TAIL=/usr/bin/tail
OA_UNAME=/bin/uname
@@ -124,10 +127,6 @@
distribution="Novell SuSE"
OS_RELEASE=`$OA_CAT /etc/SuSE-release`
OS_PCK_MGR=$OA_YUM
- elif test -f /etc/issue; then
- distribution="Ubuntu"
- OS_RELEASE=`$OA_CAT /etc/issue`
- OS_PCK_MGR=$OA_DPKG
elif test -f /etc/debian_version; then
distribution="Debian"
OS_RELEASE=`$OA_CAT /etc/debian_version`
@@ -147,15 +146,19 @@
elif test -f /etc/slackware-release; then
distribution="Slackware"
OS_RELEASE=`$OA_CAT /etc/slackware-release`
- OS_PCK_MGR=''
+ OS_PCK_MGR=$OA_PKG
elif test -f /etc/slackware-version; then
distribution="Slackware"
OS_RELEASE=`$OA_CAT /etc/slackware-version`
- OS_PCK_MGR=''
+ OS_PCK_MGR=$OA_PKG
elif test -f /etc/yellowdog-release; then
distribution="Yellow dog"
OS_RELEASE=`$OA_CAT /etc/yellowdog-release`
OS_PCK_MGR=''
+ elif test -f /etc/issue; then
+ distribution="Ubuntu"
+ OS_RELEASE=`$OA_CAT /etc/issue`
+ OS_PCK_MGR=$OA_DPKG
else distribution="unknown"
OS_RELEASE="unknown"
OS_PCK_MGR=''
@@ -418,6 +421,31 @@
fi
done
fi
+elif [ "$OS_PCK_MGR" = "$OA_PKG" ]
+then
+ OA_ALL_PACKAGES=`ls /var/log/packages`
+
+ if [ "$OA_PKG_TRACK" = "" ]
+ then
+ for OA_PACKAGE_LINE in $OA_ALL_PACKAGES; do
+ OA_PACKAGE_NAME=`echo $OA_PACKAGE_LINE | $OA_AWK '{ match($0, /^([a-zA-Z\-]*)\-([0-9].*)$/, a); print a[1] }' 2> /dev/null`
+ OA_PACKAGE_VERSION=`echo $OA_PACKAGE_LINE | $OA_AWK '{ match($0, /^([a-zA-Z\-]*)\-([0-9].*)$/, a); print a[2] }' 2> /dev/null`
+
+ if [ "$OA_PACKAGE_NAME" ] && [ "$OA_PACKAGE_VERSION" ]
+ then
+ echo "software^^^$OA_PACKAGE_NAME^^^$OA_PACKAGE_VERSION^^^^^^^^^^^^^^^^^^^^^^^^^^^" >> $ReportFile
+ fi
+ done
+ else
+ for OA_PACKAGE_NAME in $OA_PKG_TRACK; do
+ OA_PACKAGE_VERSION=`ls /var/log/packages | $OA_GREP "$OA_PACKAGE_NAME" | $OA_TAIL -n1 | $OA_AWK '{ match($0, /^([a-zA-Z\-]*)\-([0-9].*)$/, a); print a[2] }' 2> /dev/null`
+
+ if [ "$OA_PACKAGE_VERSION" ]
+ then
+ echo "software^^^$OA_PACKAGE_NAME^^^$OA_PACKAGE_VERSION^^^^^^^^^^^^^^^^^^^^^^^^^^^" >> $ReportFile
+ fi
+ done
+ fi
fi

COLUMNS=OA_OLDCOLUMNS
[/code]


Top
 Profile  
Reply with quote  
PostPosted: Fri Apr 11, 2008 12:32 pm 
Offline
Site Admin
User avatar

Joined: Mon Jun 07, 2004 11:48 am
Posts: 1964
Location: Brisbane, Australia
Have committed to SVN.

_________________
Support and Development hours available from [url=https://opmantek.com]Opmantek[/url].
Please consider a purchase to help make Open-AudIT better for everyone.


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 2 posts ] 

All times are UTC + 10 hours


Who is online

Users browsing this forum: No registered users and 2 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group