Registrations to Open-AudIT forums are now closed. To ask any new questions please visit Opmantek Community Questions.

Open-AudIT

What's on your network?
It is currently Fri Mar 29, 2024 3:47 am

All times are UTC + 10 hours




Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 4 posts ] 
Author Message
PostPosted: Sun Sep 13, 2009 2:02 pm 
Offline
Contributor

Joined: Fri Jul 04, 2008 6:46 am
Posts: 153
Location: USA - WI
I'm using Debian, but my OS comes up as unknown. My $os_string variable contains debian, linux, and lenny. The most general catch all would be to probably just add linux into the regex. The following worked for me ...

[code]
if (preg_match("/(ubuntu|suse|linux)/i", $os_string)){$this->OS = "Linux";}
[/code]

_________________
OA Server: Debian Squeeze w/ Apache2
Auditing: 700 Workstations, 250 or so Retail Terminals, about 75 Servers
OS's: Windows XP/2003/2008/2008 R2/Vista/7, Debian
LDAP: Active Directory 2008 R2


Last edited by Chad on Tue Oct 06, 2009 12:40 am, edited 1 time in total.

Top
 Profile  
Reply with quote  
PostPosted: Tue Oct 06, 2009 12:38 am 
Offline
Contributor

Joined: Fri Jul 04, 2008 6:46 am
Posts: 153
Location: USA - WI
I found a different bug while coming up with a solution to this one.

The upgrade to 09.03.17 in upgrade.php doesn't do a version check before running a mysql query. This is the part that updates the old AES key to the new one. So if you're running a version newer than when this old key was used and you upgrade, then the old AES key never decrypts your current information, so when it encrypts it back to the DB it blanks out your username/passwords for your LDAP connections.

To fix this I added a version check to the part that updates the actual include_config.php (since this doesn't use a SQL statement of course), then made the SQL part that updates the AES key go through the upgrade function. This way if the person has a newer version of the DB already, then it doesn't bother trying to update the key.

To fix the issue with the regex I modified the regex in application_class.php, then I run the old regex against the OS string and compare it to the result of the new regex. If it detects that the old regex didn't match, but the new one returns linux, then it will update the key.

I've tested this upgrade on both Windows where the regex issue doesn't exist, and on a machine running Linux where the issue does exist. Both upgrade fine. Added to svn, rev 1193.

_________________
OA Server: Debian Squeeze w/ Apache2
Auditing: 700 Workstations, 250 or so Retail Terminals, about 75 Servers
OS's: Windows XP/2003/2008/2008 R2/Vista/7, Debian
LDAP: Active Directory 2008 R2


Top
 Profile  
Reply with quote  
PostPosted: Tue Oct 06, 2009 6:50 pm 
Offline
Open-AudIT Fellow

Joined: Thu May 17, 2007 5:47 pm
Posts: 568
Location: Italy
I had this when upgrading: [code]Notice: Undefined index: OS in F:\Siti\OpenAudit\upgrade.php on line 613

Notice: Undefined variable: sql in F:\Siti\OpenAudit\upgrade.php on line 625
Upgrading to 09.10.05

Upgrade complete.[/code] Oddly, in PhpInfo (Php 5.2.9-2) both Environment - OS and _SERVER["OS"] show "Windows_NT", _SERVER["SERVER_SOFTWARE"]shows "Microsoft-IIS/6.0".
However, $sql is undefined for Windows boxes.

_________________
Edoardo


Top
 Profile  
Reply with quote  
PostPosted: Tue Oct 06, 2009 11:17 pm 
Offline
Contributor

Joined: Fri Jul 04, 2008 6:46 am
Posts: 153
Location: USA - WI
Sorry about that. I guess I need to keep E_ALL on :) I still don't understand the undefined index issue, because I can echo it and it shows fine, and I can check it with empty() and array_key_exists() and that works but then it still insists it doesn't when you add it to the string. I suppose it's some sort of security mechanism? I dunno. I just modified the error_reporting briefly as application_class.php does. I guess I see why it does that now.

The reason I reproduce the string instead of take it from TheApp object is so it ends up being the same as it is now, as I suppose things could potentially be added/removed from it.

Fixed both notices with rev 1195.

_________________
OA Server: Debian Squeeze w/ Apache2
Auditing: 700 Workstations, 250 or so Retail Terminals, about 75 Servers
OS's: Windows XP/2003/2008/2008 R2/Vista/7, Debian
LDAP: Active Directory 2008 R2


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 4 posts ] 

All times are UTC + 10 hours


Who is online

Users browsing this forum: No registered users and 2 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group