Open-AudIT
https://www.open-audit.org/phpBB3/

Audit Script with Apache's credentials
https://www.open-audit.org/phpBB3/viewtopic.php?f=5&t=3983
Page 1 of 1

Author:  ojas [ Wed Jan 12, 2011 7:45 am ]
Post subject:  Audit Script with Apache's credentials

Hi guys,

I have successfully installed and configured open audit, thanks to the how-tos. I now have secured the web directory on apache but whenever I run the audit.vbs script, it asks for username/password for each system it is running the script for. Is there a way to configure the config file to include the credentials so that I don't have to type in password for each system?

Thanks,
Ojas

Author:  jpa [ Wed Jan 12, 2011 2:49 pm ]
Post subject:  Re: Audit Script with Apache's credentials

Assuming you're not doing a domain based audit you can use the pc_list_file.txt file to pass a local administrator name and password.

If you're doing a domain audit then run the script using an account with administrator privileges on the audited machines.

Post your audit.config file without passwords if you're still having trouble.

Author:  ojas [ Fri Jan 14, 2011 7:29 am ]
Post subject:  Re: Audit Script with Apache's credentials

jpa wrote:
Assuming you're not doing a domain based audit you can use the pc_list_file.txt file to pass a local administrator name and password.

If you're doing a domain audit then run the script using an account with administrator privileges on the audited machines.

Post your audit.config file without passwords if you're still having trouble.


Hi jpa,

Thanks for the response. I am running a domain audit while being logged in as domain administrator. Here is my situation: I have configured apache and secured it using a htaccess and htpasswrd. Since that username/password is different from my domain account, everytime the scripts tries to save a report to the server it asks for the apache credentials. We have around 50 machines in our environment, so I have to sit while the script is running and enter credentials 50 times.

I hope that there a way to supply the credentials in config file which would automatically enter them when required. I have attached the audit.config file with this response.

PS: I am running the script from windows workstation.


Thanks,
Ojas

Attachments:
audit.txt [2.15 KiB]
Downloaded 278 times

Author:  jpa [ Fri Jan 14, 2011 9:32 am ]
Post subject:  Re: Audit Script with Apache's credentials

Woops. I didn't read your first post right at all.

ojas wrote:
I hope that there a way to supply the credentials in config file which would automatically enter them when required. I have attached the audit.config file with this response.


Try this low tech, not very flexible, hacky fix:

Replace
Code:
objHTTP.Open "POST", url, False


With
Code:
objHTTP.Open "POST", url, False, <userName>, <password>


Obviously use the <username> and <password> you've secured the Apache site with. The above is found in lines 4470 and 4481 in my version of audit.vbs which is current as of this post.

Author:  ojas [ Sat Jan 15, 2011 1:27 am ]
Post subject:  Re: Audit Script with Apache's credentials

Thanks jpa, I made the changes to the vbs file but I am getting Invalid character error right where I have the password field. May be because my password has special characters?

Author:  jpa [ Sat Jan 15, 2011 10:34 am ]
Post subject:  Re: Audit Script with Apache's credentials

Wrap the password in quotes?

Author:  ojas [ Wed Jan 19, 2011 6:39 am ]
Post subject:  Re: Audit Script with Apache's credentials

I just tried using quotes around password, but the script is still asking me for credentials. Any thoughts?

Author:  ojas [ Thu Jan 20, 2011 8:45 am ]
Post subject:  Re: Audit Script with Apache's credentials

Hi jpa,

I tried using quotes around password, but it still asks for password. Is there any other way of parsing the password?

Thanks,
Ojas

Page 1 of 1 All times are UTC + 10 hours
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/